M
MSP Workflows
Backup & Disaster Recovery

Cloud-to-Cloud Backup Workflow for MSPs

How to protect Microsoft 365, Google Workspace, and other SaaS data that your clients assume is already backed up. Spoiler: it usually isn't.

Workflow guide · Updated Feb 2026

By MSP Workflows Team

Contents

  1. 1.Why Native SaaS Retention Is Not Backup
  2. 2.Inventory SaaS tenants and data domains
  3. 3.Select a backup tool and configure policies
  4. 4.Monitor and maintain
  5. 5.Test recovery regularly
  6. 6.Microsoft Teams backup is not just chat
  7. 7.How to have the SaaS backup conversation with clients
  8. 8.How much does SaaS backup cost per user?
  9. 9.Can MSPs use Microsoft's native retention instead of a third-party backup?
  10. 10.Which SaaS backup tools are most popular with MSPs?

Why Native SaaS Retention Is Not Backup

"It's in the cloud, so it's backed up." This is the most dangerous assumption in MSP client environments. Microsoft 365 retention policies, Google Workspace Vault, and Salesforce recycle bins are compliance and retention features. They are not independent backup systems. They operate within the same platform they're protecting, which means they're subject to the same risks: admin-initiated deletion, tenant-level compromise, sync-based ransomware propagation, and retention policy misconfiguration. A real backup exists independently of the system it protects. It gives you point-in-time recovery controlled by you, not the SaaS vendor. It survives tenant deletion. It provides legal hold and e-discovery capabilities under your control.
1

Inventory SaaS tenants and data domains

List every SaaS platform with client data: Microsoft 365 (Exchange, SharePoint, OneDrive, Teams), Google Workspace (Gmail, Drive, Shared Drives), CRM systems (Salesforce, HubSpot), and any other cloud applications with business-critical data. For each platform, identify the data domains that need protection. In M365, that's mailboxes, SharePoint sites, OneDrive accounts, and Teams channels. Missing any one of these creates a gap that's invisible until a recovery is needed.

2

Select a backup tool and configure policies

Choose a SaaS backup platform that supports all the data domains you've inventoried. Configure backup frequency (daily is standard, twice-daily for high-value tenants), retention periods (match the client's regulatory and contractual requirements), and storage location (ensure it's independent of the SaaS provider). Verify that the tool uses modern authentication (OAuth, service principals) rather than legacy app passwords. Microsoft has been deprecating basic auth, and tools that rely on it will break.

3

Monitor and maintain

SaaS backup jobs fail for different reasons than on-premises backups. The most common failures are authentication token expiration, API throttling by the SaaS provider, new users or sites added after initial configuration, and license changes that affect API access. Monitor job status daily. Investigate any tenant showing less than 100% coverage. Reconfigure authentication tokens proactively before they expire (most expire every 90 days or annually).

4

Test recovery regularly

Test SaaS data recovery quarterly. Restore a mailbox to a different user, recover a deleted SharePoint site, and restore individual files from OneDrive. These tests are fast (usually 10 to 15 minutes) and often reveal coverage gaps that aren't visible from the backup dashboard. Document the test results alongside the client's other restore test records.

Microsoft Teams backup is not just chat

Teams data spans multiple M365 services: conversations in Exchange, files in SharePoint, meeting recordings in OneDrive and SharePoint. Backing up "Teams" requires backing up all of these underlying stores. Verify that your SaaS backup tool covers the full Teams data footprint, not just the chat messages.

How to have the SaaS backup conversation with clients

Most clients assume Microsoft or Google backs up their data. Show them the Microsoft Shared Responsibility Model, which explicitly states that data protection is the customer's responsibility. Then show them what happens when an admin accidentally purges a mailbox and the recycle bin retention has expired. That conversation usually closes the sale.

How much does SaaS backup cost per user?

+

SaaS backup is typically priced per-user per-month, with costs varying by vendor and storage included. Google Workspace backup is priced similarly to M365. At scale, MSPs can negotiate volume pricing. The margin opportunity is strong because the operational cost per user is generally well below what clients will pay for the peace of mind.

Can MSPs use Microsoft's native retention instead of a third-party backup?

+

Technically, you can configure retention policies, litigation holds, and versioning to provide some protection. But this approach has significant limitations: it doesn't protect against tenant-level compromise, retention policies can be modified by any global admin, and recovery options are limited compared to a dedicated backup tool. For clients with any compliance requirements or business-critical data, third-party backup is the right answer.

Which SaaS backup tools are most popular with MSPs?

+

Datto SaaS Protection (now Kaseya-owned), Veeam Backup for Microsoft 365, Dropsuite, Acronis Cyber Protect Cloud, and AvePoint are the most commonly deployed. Evaluate based on data domain coverage, multi-tenant management, recovery granularity, and pricing model. Run a pilot with real client data before committing.

Related Guides
MSP Backup WorkflowTools for MSP Backup and BDRBackup Audit Checklist for MSPsBackup and BDR Pricing for MSPs
← Back to all guides