Office 365: Empowering Your Users with Self-Service Recovery

By Saurabh Singh • October 25, 2019

With the increasing adoption of Office 365 Exchange Online, organizations have started implementing enterprise-class data protection strategies for this important set of data – the employee emails and files. And while backing up emails from an O365 tenant throws up interesting challenges, recovery workflow can frustrate not just the backup admin but end-users themselves.

As per multiple research groups, 70% of data loss in O365 is due to end-user error. So, most of the time the end-user will want to recover an email folder or a collection of individual emails. Thus, any data protection solution of O365 environments need to enable the following:

  • Ability to query email metadata and search emails
  • Allow administrators to delegate recovery access to the end-users

A typical conversation will require the end-user to mention the exact details of the emails that they wish to get recovered. However, most of the time the end-user may remember some aspects of the communication but not all. They may be able to recollect who the email communication was with, or the subject, or when that communication happened. Due to the lack of relevant information, the backup admin might end up with a lot of emails to sort from.

Now replicate this scenario in a large organization with thousands of users with hundreds of requests. This might complicate and delay the recovery, leaving both the admin and end-user frustrated, not to mention negatively impacting the business.

Empowering the end-user for self-recovery

Enabling end-users to perform self-recovery of their emails/files helps both the backup admin and the end-user. Not only does this save time and frustration, it also enhances the end-user  experience during recovery when tensions are particularly high.

Cohesity solves this challenge with built-in end-user recovery. This allows backup admins to grant end-users the ability to search for his/her individual emails or folders and recover the data. Once the recovery happens, the backup admin can then revoke the access or let it expire automatically.

How self-service for Office 365 mailbox recovery works

Let’s look at an example to understand the self-service workflow better. In this example, we have an Office 365 tenant with four user mailboxes backed up using Cohesity DataProtect, a software-defined backup and recovery solution. One of the users accidentally deleted an email from his inbox a while ago, only to realize it was beyond the retention periods provided by Microsoft. The Office 365 backup admin enables the user for self-service recovery.

Steps to enable user for self-service recovery are as follows:


Backup administrator identifies that the user mailbox has been backed up.


Create/adds a user (Local, Active Directory or a SSO) on Cohesity cluster with the Self-Service Data Protection role.


Restrict end user access to their own mailbox/OneDrive.


End user logs in to Cohesity cluster.


End user can only see his mailbox and emails.


End user searches for the deleted email using attribute based filters.


End user checks the search results to find the email to restore.


Triggers the restore job to restore the email back to the mailbox.

The goal of IT solutions is to enhance employee productivity. So, it should not be a surprise that empowering end users to recover their own email and OneDrive documents goes a long way toward improving end user experience and productivity. In that vein, the self-service restore feature for Office 365 Data Protection goes a long way in letting the end users drive the recovery workflows and free up the admins to perform other important tasks.

Cohesity’s Saurabh Singh and Mayank Joshi co-authored this blog.