How Much Is Microsoft 365 Backup? (w/Examples) + FAQs

Microsoft 365 Backup costs $0.15 per GB per month through Microsoft’s native pay-as-you-go service, while third-party tools range from about $2.63 to $7.00 per user per month depending on the vendor, retention, and features you pick. The price you pay depends on how much data your tenant holds, how long you keep it, and whether you use Microsoft’s native backup add-on or a partner tool like Veeam, Acronis, Barracuda, Datto, AvePoint, Keepit, or Druva.

The problem this article solves sits inside the Microsoft Services Agreement and the Microsoft Shared Responsibility Model, which make you, not Microsoft, the owner of your Microsoft 365 data. If a user deletes a file, a hacker encrypts a mailbox, or a retention policy wipes a site, Microsoft is not required to bring that data back past the built-in 30 to 93-day windows.

That gap has legal weight under U.S. rules like HIPAA 45 CFR §164.308, SEC Rule 17a-4, FINRA Rule 4511, Sarbanes-Oxley Section 802, and the Gramm-Leach-Bliley Safeguards Rule. A 2024 ESG survey found that 53% of organizations lost Microsoft 365 data in the prior year, and the average cost of a single data-loss event reached $130,000.

Here is what you will learn in this guide:

• 💵 Exact 2026 list prices for Microsoft’s native service and the top third-party tools
• 🧮 How to estimate your monthly bill by workload, user count, and retention window
• ⚖️ Which federal laws and state rules push you to buy backup at all
• 🏢 Three real pricing scenarios for small, mid-market, and enterprise tenants
• 🚧 The seven pricing mistakes that wreck backup budgets and how to dodge them

The Governing Rules That Force You To Buy Backup

Microsoft 365 is a service, not a backup. The Microsoft Services Agreement Section 6(b) tells every tenant to keep a separate copy of the content it stores inside Exchange Online, SharePoint Online, OneDrive for Business, and Teams. That one clause is the root of the whole backup market.

The Microsoft Shared Responsibility Model

The Microsoft Shared Responsibility Model splits duties between Microsoft and you. Microsoft owns the physical data centers, the hypervisor, the network, and service-level availability.

You own the data, the identities, the access rules, and the retention of the content. That means if a user empties the Recycle Bin after 93 days in SharePoint, or a mailbox is purged after the 30-day soft-delete window in Exchange, Microsoft has no duty to restore it.

The consequence of ignoring this rule is simple and painful. You can lose years of email, documents, and Teams files with no legal recourse against Microsoft.

A real-world example is the Maersk NotPetya incident, where the shipping giant lost 49,000 laptops and most of its file shares in June 2017. Even with cloud email, the company spent over $300 million on recovery because it had no independent backup.

A common misconception is that Microsoft’s geo-redundant storage counts as backup. Geo-redundancy protects against a data-center fire, not a user mistake, a malicious insider, or ransomware.

Federal Laws That Demand Long Retention

SEC Rule 17a-4(b)(4) makes broker-dealers keep records for at least three years, the first two in an easily accessible place. HIPAA 45 CFR §164.316(b)(2) forces covered entities to keep documentation for six years from the date of creation.

Sarbanes-Oxley Section 802 adds criminal penalties for destroying audit records inside seven years, and IRS Revenue Procedure 98-25 requires businesses to keep electronic records for the full statute of limitations on their tax returns. None of these windows line up with Microsoft’s 30 to 93-day defaults.

The consequence of a short retention gap is a missed legal hold, a blown audit, or a fine. In 2022, the SEC fined 16 Wall Street firms $1.1 billion for failing to keep electronic business communications.

A real example is a hospital under HIPAA that loses an email thread about a patient transfer after 30 days. Without backup, the hospital cannot satisfy a six-year record request and can face an Office for Civil Rights penalty of up to $2 million per incident.

A common misconception is that Microsoft Purview retention policies equal backup. Retention labels keep data for compliance, but they do not protect against tenant-wide ransomware or rogue admin deletion the way a separate backup copy does.

State Data Retention and Breach Laws

Every state now has a breach-notification law. California Civil Code §1798.82, New York SHIELD Act, and the Texas Business and Commerce Code §521.053 all demand that you know what data you had and what was exposed.

The consequence of a missing backup during a breach is steep. You cannot prove the scope of lost data, and regulators treat the entire tenant as breached by default.

A mini-scenario: Jamie runs a 30-person mortgage firm in Dallas. When a phishing attack wipes a loan-officer’s OneDrive, Jamie’s backup shows exactly which 812 files were encrypted, which lets the firm file a narrow Texas breach notice instead of a tenant-wide one.

A common misconception is that state laws only care about personal data. In practice, many states tie notification timelines to your ability to forensically show what happened, which needs immutable backups.

Microsoft’s Native Microsoft 365 Backup Pricing

Microsoft launched its own backup service out of preview in 2024, and the pricing page lists a flat $0.15 per GB per month of protected content. The service is paid through an Azure subscription with Microsoft Syntex pay-as-you-go billing turned on.

What The $0.15 Per GB Actually Covers

The $0.15 charge covers Exchange Online mailboxes, OneDrive for Business accounts, and SharePoint Online sites. Backups run every ten minutes for Exchange, and roughly every ten minutes for the first 14 days for OneDrive and SharePoint before moving to weekly copies.

Restore operations, versioned items, and site-collection recycle bins are included inside the same $0.15 rate, as the Directions on Microsoft roadmap report confirms. Data stays inside your Microsoft 365 geography and is retained for one year on a rolling high-water-mark basis.

The consequence of the high-water-mark billing is that deleting live data does not immediately cut your bill. You pay for the peak volume protected during the trailing 12 months.

A real example: Priya, the IT manager at a 400-user architecture firm, protects 6 TB of live data. Her monthly bill is roughly 6,144 GB × $0.15 = $921.60 per month, or about $11,059 per year, even if she deletes 500 GB in month two.

A common misconception is that the $0.15 rate includes Teams chat backup. It does not yet cover Teams chat messages or private channels, Loop, Planner, Whiteboard, Stream, or Entra ID, which pushes many buyers back to a third-party tool.

How To Estimate Your Native Bill

Microsoft offers a pricing calculator inside the admin center that pulls your live tenant size. A rough rule of thumb is to assume your backup footprint equals 1.0 to 1.2 times your live tenant data for the first year.

The consequence of skipping the calculator is a budget miss by 30% or more. Most tenants grow 20% to 40% per year in SharePoint alone, and that growth compounds under high-water-mark billing.

A mini-scenario: Marcus owns a 75-person law firm with 1.5 TB of live Microsoft 365 data. Using the calculator, Marcus budgets 1,700 GB × $0.15 = $255 per month, plus a 25% buffer for growth, landing at roughly $320 per month.

A common misconception is that the Azure invoice is separate from the Microsoft 365 invoice. It is, and finance teams often miss the line item the first month because it shows up under Azure cost management, not the Microsoft 365 billing center.

Native Backup Limits You Need To Price Around

Native Microsoft 365 Backup cannot store copies outside the Microsoft cloud. It does not support on-premises restores, offline air-gapped copies, or cross-tenant recovery yet.

The consequence is that a compromised tenant, a locked Entra ID account, or a region-wide Microsoft outage can still block access to your own backups. CISA guidance specifically recommends an offline or alternate-cloud copy for ransomware resilience.

A real example is the July 2024 CrowdStrike-related Azure outage, which blocked admin-center access for many tenants for hours. Firms with only native backup had nothing to restore from while the console was down.

A common misconception is that Microsoft’s immutable storage makes offline copies pointless. Immutability helps against ransomware encryption, but not against account lockout or a Microsoft-side billing dispute that freezes your tenant.

Third-Party Microsoft 365 Backup Pricing

Third-party tools almost always price per user per month, and that can be cheaper or more expensive than the native service depending on how much data each user holds. The market ranges from about $2.50 to $7.00 per user per month, based on vendor list prices published in 2026.

Veeam Data Cloud For Microsoft 365

Veeam Data Cloud for Microsoft 365 lists three SaaS tiers. Foundation is $2.63 per user per month, Advanced is $3.33 per user per month, and Premium is $7.00 per user per month, all billed annually with unlimited storage included.

Advanced adds Entra ID data resilience, and Premium adds full Microsoft 365 disaster recovery. A 1-year Veeam cloud rental per user through StoneFly is about $24.00 per user per year, or $2.00 per user per month.

The consequence of picking Foundation to save money is losing the Entra ID recovery piece. If a threat actor wipes Conditional Access policies, you rebuild them by hand.

A mini-scenario: Lena, the CISO at a 2,000-seat manufacturer, picks Veeam Advanced at $3.33 per user per month. Her annual cost is 2,000 × $3.33 × 12 = $79,920, which her CFO compares to the native model.

A common misconception is that unlimited storage means unlimited retention. Veeam unlimited storage still caps free retention at the plan default unless you buy an add-on.

Acronis, Barracuda, Datto, AvePoint, Keepit, Druva

Acronis Cyber Protect Cloud for Microsoft 365 lists at about $3.00 to $4.00 per user per month through MSP partners. Barracuda Cloud-to-Cloud Backup sits near $3.00 per user per month with unlimited storage and retention.

Datto SaaS Protection for Microsoft 365 runs through MSPs at $3.00 to $4.50 per user per month street price. AvePoint Cloud Backup lists at $3.25 per user per month on the AvePoint Online Services store.

Keepit for Microsoft 365 lists at about $3.00 per user per month with 10-year retention. Druva Data Resiliency Cloud for Microsoft 365 lists at $3.00 to $6.00 per user per month depending on retention and storage tier.

The consequence of ignoring retention when you compare these tools is a misleading spreadsheet. A $2.63 tool with 1-year retention is not comparable to a $3.00 tool with 10-year retention.

A mini-scenario: Tanya, an MSP owner in Ohio, quotes a 120-seat dental group on Datto SaaS Protection at $3.50 per user per month. Annual cost is 120 × $3.50 × 12 = $5,040.

A common misconception is that MSP pricing matches list pricing. MSPs typically get 30% to 50% margin baked in, so list and street often differ by a wide gap.

Pricing Model Comparison

The native model rewards tenants with low data per user, while per-user models reward tenants with high data per user. Here is how the main pricing structures stack up in 2026.

Pricing By Workload: Exchange, SharePoint, OneDrive, Teams

Microsoft’s native $0.15 per GB per month rate is blended, but third-party tools often let you pick which workloads to protect. That choice can cut or inflate your bill by 20% to 40%.

Exchange Online Mailbox Backup

Exchange Online mailboxes average 5 GB to 15 GB per active user, based on Microsoft’s service limits. Archive mailboxes add another 50 GB to 100 GB per user under auto-expanding archive.

The consequence of skipping archive mailboxes in your backup scope is a surprise bill when a legal hold fires. Archive mailboxes often hold the oldest and most-regulated content.

A mini-scenario: Rafael, a compliance officer at a broker-dealer, protects 300 users with 12 GB active and 70 GB archive each. Native cost is 300 × 82 GB × $0.15 = $3,690 per month.

A common misconception is that shared mailboxes are free to back up. Under the per-GB model, shared mailbox data is billable just like any other mailbox.

SharePoint Online And OneDrive For Business

SharePoint Online sites grow fastest of all Microsoft 365 workloads. A typical SharePoint site library holds 50 GB to several TB, and OneDrive for Business starts at 1 TB and scales up to 5 TB per user under Microsoft 365 plan limits.

The consequence of backing up every OneDrive at full size is budget shock. A 500-user tenant with 1 TB per OneDrive is 500 TB of potential backup, or 512,000 GB × $0.15 = $76,800 per month under native pricing.

A mini-scenario: Diana, a director of IT at a media company, limits OneDrive backup to 200 GB per active user and excludes archived accounts. That single rule cuts her bill from $76,800 to about $15,000 per month.

A common misconception is that OneDrive and SharePoint share one backup quota. Under native pricing they do, but many third-party tools meter them separately, so read the SKU before you sign.

Teams, Groups, Loop, And Planner

Native Microsoft 365 Backup does not yet protect Teams chat messages, private channels, Loop components, Planner plans, Whiteboard, or Stream. Third-party tools like AvePoint, Keepit, and Veeam cover most of these, usually inside the same per-user price.

The consequence of that gap is a blind spot for litigation. Teams chat is subject to the same FRCP Rule 37(e) spoliation risk as email, and courts will not accept “Microsoft didn’t back it up.”

A mini-scenario: Evan, general counsel at a 1,200-person firm, pays $3.33 per user per month for Veeam Advanced specifically because it covers Teams and Entra ID. His cost is 1,200 × $3.33 × 12 = $47,952 per year.

A common misconception is that Teams chat is already backed up inside Exchange. Teams chat lives in a hidden SubstrateHolds folder that is not a true backup and is not restorable by end users.

Three Real Pricing Scenarios

These three scenarios use 2026 list pricing and average data sizes from Microsoft’s public service limits.

Scenario 1: 25-Seat Small Law Firm

Marcus runs a 25-attorney firm in Atlanta with 400 GB of total Microsoft 365 data. Here is how the two main models compare for his tenant.

Scenario 2: 500-Seat Mid-Market Company

Priya manages IT for a 500-user architecture firm with 6 TB of Microsoft 365 data. Here is how her options compare.

Scenario 3: 5,000-Seat Enterprise

Lena’s 5,000-user manufacturer holds 80 TB of Microsoft 365 data, including 20 TB of archive mailboxes. Here is the price spread for her tenant.

The native model wins for tenants where each user holds less than about 40 GB of total data. Per-user tools win once each user crosses roughly 50 GB to 60 GB of blended data.

Mistakes To Avoid When Buying Microsoft 365 Backup

These seven mistakes blow up backup budgets and compliance postures every year.

• Assuming Microsoft backs you up. The Microsoft Services Agreement puts data ownership on you, and losing that argument during an audit can mean six-figure fines.
• Pricing only live data. Archive mailboxes, versioned SharePoint items, and recycle bins all count toward the high-water mark, so a “400 GB tenant” often bills like 650 GB.
• Ignoring retention math. Buying a 1-year retention tool when SOX Section 802 demands 7 years means you restart the purchase in year two.
• Skipping Entra ID backup. If an attacker wipes Conditional Access or app registrations, you cannot restore them from native Microsoft 365 Backup, and rebuilds can take weeks.
• Forgetting Teams chat. Native backup does not cover Teams chat yet, which is a live litigation risk under FRCP Rule 37(e).
• Assuming per-user means flat. Many tools add fees for long retention, extra regions, or compliance archiving, so the list price is rarely the final invoice.
• Ignoring egress and restore fees. A handful of vendors charge to pull your data back out, and a full-tenant restore can generate a five-figure surprise invoice.

Do’s And Don’ts Of Microsoft 365 Backup Pricing

These ten rules keep your backup budget predictable and your compliance posture clean.

• Do run the Microsoft 365 Backup calculator before you sign any contract, because a 10-minute calculation prevents a 12-month overrun.
• Do map each workload to a retention law, because HIPAA, SOX, and SEC all demand different windows and one tool rarely satisfies every rule at the cheapest tier.
• Do negotiate multi-year deals with third-party vendors, because list prices drop 10% to 20% on three-year commitments as shown in Bechtle’s Veeam SKUs.
• Do keep one offline or alternate-cloud copy, because CISA treats a single-cloud backup as a ransomware risk.
• Do test restores quarterly, because an untested backup is a liability, not an asset, under most cyber-insurance policies.
• Don’t pay list price without asking for MSP or volume tiers, because most resellers discount 6% to 15% at 100 seats and up.
• Don’t mix retention periods inside one SKU, because Microsoft Purview, Exchange hold, and third-party retention collide and create duplicate holds that inflate cost.
• Don’t back up inactive user accounts at full price, because most vendors offer an “inactive user” rate of $0.50 to $1.00 per user per month.
• Don’t skip Entra ID and Teams chat coverage, because those two blind spots cause most of the “the backup didn’t help us” stories in 2026.
• Don’t buy on feature count alone, because the Veeam pricing page shows that Premium features you never use still cost $7 per user per month.

Pros And Cons Of Native Vs Third-Party Pricing

Both models have real trade-offs that matter at renewal time.

• Pro, native is simple. One invoice, one vendor, one admin center, and it is already inside your Microsoft tenant.
• Pro, native is cheap for small tenants. Under about 40 GB per user, $0.15 per GB per month beats every major third-party list price.
• Pro, third-party covers more workloads. Teams chat, Entra ID, Loop, Planner, and Whiteboard are in-scope for most major vendors today.
• Pro, third-party supports longer retention. 7-year and 10-year retention are standard on Keepit, AvePoint, and Druva, which matches SOX and tax rules.
• Pro, third-party enables offline copies. An alternate-cloud or on-premises copy is a requirement for CISA ransomware guidance and most cyber-insurance policies.
• Con, native has no offline copy. A compromised tenant can block access to the very backups you are paying for.
• Con, native bills on high-water mark. Deleting data does not cut your bill for 12 months, which punishes cleanup projects.
• Con, third-party per-user pricing punishes small data sets. A 500-user tenant with only 500 GB pays for 500 seats, not for 500 GB.
• Con, third-party adds another vendor to manage. One more support contract, one more SOC 2 review, and one more renewal cycle.
• Con, third-party egress and restore fees vary. Some tools charge extra for bulk restores, and those fees can hit five figures during an incident.

Processes And Forms: How The Bill Actually Arrives

Native Microsoft 365 Backup billing runs through Azure. You turn on Syntex pay-as-you-go, point it at an Azure subscription, and the charges appear under Azure Cost Management, not the Microsoft 365 billing center.

Step-By-Step Native Setup And Billing

First, enable Microsoft Syntex pay-as-you-go in the Microsoft 365 admin center under Setup → Pay-as-you-go services. Second, link an Azure subscription that you already own or create a new one.

Third, open Microsoft 365 Backup and choose Exchange, SharePoint, or OneDrive. Fourth, pick the users, sites, or mailboxes to protect and confirm the estimated monthly spend.

The consequence of skipping the estimate is an Azure invoice you cannot forecast. Fifth, watch the first 30 days of billing carefully, because high-water-mark pricing locks in your peak.

A mini-scenario: Ken, an Azure admin at a credit union, enables Syntex, picks Exchange-only backup for 600 users, and sees a $720 first-month charge for 4.8 TB of mailboxes. A common misconception is that turning off the service mid-month stops billing immediately, when in reality the high-water mark keeps billing for the trailing year.

Step-By-Step Third-Party Onboarding

Third-party tools ask for a Microsoft 365 global admin to consent to a multi-tenant app. The app uses Microsoft Graph and Exchange Web Services APIs to pull backups on a schedule.

Most vendors bill monthly or annually per active user, and they auto-detect new users inside 24 hours. The consequence of ignoring auto-detection is a true-up invoice in month 13.

A mini-scenario: Nora, a finance director, signs a 500-user Veeam Advanced deal and grows to 620 users by month 10. Her renewal invoice jumps 24%, and she only spots it when the CFO questions the budget variance.

Case Law And Precedent

Courts have repeatedly treated missing electronic records as spoliation. Zubulake v. UBS Warburg, 220 F.R.D. 212 (S.D.N.Y. 2003), forced UBS to pay for the cost of restoring backup tapes and created the modern duty to preserve.

Pension Committee of the University of Montreal v. Banc of America Securities, 685 F. Supp. 2d 456 (S.D.N.Y. 2010) confirmed that the failure to issue a written litigation hold is gross negligence. The consequence is an adverse-inference instruction that can sink a civil case.

In 2023, the SEC off-channel communications settlements fined banks more than $1.5 billion for failing to preserve business messages on personal devices and in unmanaged channels. A real example is the $125 million JPMorgan fine in SEC v. JPMorgan Securities LLC, which turned on the bank’s inability to produce its own Teams and WhatsApp records.

A common misconception is that these cases only hit regulated firms. Under FRCP Rule 37(e), any U.S. civil defendant that loses electronically stored information in bad faith can face sanctions.

FAQs

Is Microsoft 365 Backup included with my E3 or E5 license?

No. Microsoft 365 Backup is a separate pay-as-you-go add-on billed through Azure Syntex at $0.15 per GB per month on top of any E3 or E5 subscription.

Does Microsoft back up my Teams chat?

No. Native Microsoft 365 Backup does not cover Teams chat messages, private channels, Planner, Whiteboard, Loop, or Stream in 2026, so you need a third-party tool for those workloads.

Is $0.15 per GB per month cheaper than Veeam or Datto?

Yes. For tenants holding less than about 40 GB of data per user, the native model beats almost every third-party per-user price based on 2026 Veeam and Datto list pricing.

Do I have to keep backups to satisfy HIPAA?

Yes. HIPAA 45 CFR §164.308(a)(7) requires a data backup plan, and the 30 to 93-day Microsoft defaults do not meet the six-year documentation rule in §164.316(b)(2).

Does backup protect me from ransomware inside Microsoft 365?

Yes. Immutable third-party or native Microsoft 365 Backup copies give you a point-in-time restore that ransomware cannot overwrite, which is a core control in the CISA StopRansomware guide.

Can I restore a single email with Microsoft 365 Backup?

Yes. Native Microsoft 365 Backup supports item-level restore for Exchange, and SharePoint and OneDrive file-level restore is generally available in 2026 per the Microsoft 365 Backup roadmap.

Is Microsoft 365 Backup HIPAA-eligible?

Yes. Microsoft 365 Backup falls under the Microsoft Business Associate Agreement, which means it can be used by HIPAA covered entities and business associates.

Do third-party backups store data outside Microsoft?

Yes. Most third-party tools like Veeam, Keepit, and Druva store copies in their own AWS, Azure, or private clouds, which satisfies CISA’s alternate-cloud guidance.

Does SEC Rule 17a-4 accept Microsoft 365 Backup as WORM storage?

Yes. The 2022 SEC amendments to Rule 17a-4 allow an audit-trail alternative to WORM, and immutable Microsoft 365 Backup plus Purview retention can satisfy that path.

Can I buy Microsoft 365 Backup month-to-month with no commitment?

Yes. Native Microsoft 365 Backup bills through Azure pay-as-you-go with no minimum term, so you can stop the service any month and only pay the trailing high-water-mark charges.

Are backup restores included in the $0.15 per GB rate?

Yes. Microsoft’s pricing page confirms that restore operations are included inside the $0.15 per GB per month charge, with no separate fee for pulling data back.

Do I still need backup if I use Microsoft Purview retention?

Yes. Purview retention is a compliance tool, not a backup, and it cannot recover from tenant-wide ransomware, rogue admin deletion, or malicious retention policy changes.