Skip to main content
All CollectionsMicrosoft 365Configure backup settingsData Lock for Microsoft 365
Data Lock for preventing malicious or accidental deletion of snapshots
Data Lock for preventing malicious or accidental deletion of snapshots

Enable datalock for immutable snapshots.

Updated over 3 months ago

Ransomware attacks are increasing at an exponential rate. Backup environments are popular targets for ransomware attacks. There can be various reasons due to which the backup copies can be modified or deleted. When it comes to protecting your data in the event of a ransomware attack, snapshots are critical components of your organization’s business strategy and data recovery plan.

Organizations can enable Data Lock to prevent modification, deletion, or tampering of business-critical data, and make it immutable. Immutability has gained widespread attention with rising ransomware attacks that put enterprise data and business continuity at a huge risk.

The following infographic displays how an immutable snapshot responds to a threat from a rogue admin or ransomware compared to a mutable snapshot.

image1.png

Benefits

Here are key benefits of enabling Data Lock on the profiles:

  • Protects the backed-up data from rogue admin threats.

  • Ensures that no one can delete, modify, or encrypt the snapshots after you apply Data Lock.

Use cases

Rogue admin

Let’s say a rogue administrator gains access to your backup environment and manually deletes the data. It could be a super admin from your organization or a person who has obtained a super admin’s credentials. Data Lock prevents modification, deletion, or tampering of such critical data.

image4.png

Ransomware attack

Let’s say your organization's administrator or an employee receives an email from an unidentified source and accidentally clicks on the attachment present in this phishing email. Since the ransomware attacker now has access to your backup environment, they can modify or delete your snapshots. In such a scenario, Data Lock will prevent the deletion or modification of snapshots.

Accidental deletion

When your organization’s administratoraccidentally deletes or reduces the intended retention period, this results in the loss of snapshots. In the process, some business-critical snapshots may be accidentally deleted. Data Lock will prevent the accidental deletion of such data.

Who can access this feature?

The Data Lock feature is available to the Enterprise and Elite editions. Only Cloud administrators can enable this setting.

Support Matrix for Data Lock

The following table lists the different workloads that support the Data Lock feature.

Products or Workloads

Entities

Applied on

License Editions

Endpoints

  • Snapshots

  • Users

  • Devices

Profile

Elite and Enterprise

SaaS Apps - Exchange Online, One Drive, Gmail, Google Drive

  • Snapshots

  • SaaS Apps

Profile

Elite and Enterprise

SaaS Apps - SharePoint, Teams, Groups, Public Folder, SharedDrive

Snapshots

Entities/per workload

Per individual item level

Elite and Enterprise

Did this answer your question?