There is a quiet assumption in many schools that “moving to the cloud” solves the problem of data protection.
It is an easy conclusion to reach. Microsoft 365 is stable, widely used, and rarely unavailable. Compared to a server in a cupboard, it feels like a significant improvement.
But reliability and recoverability are not the same thing.
Microsoft’s role is to ensure the service is available. It does not guarantee that your data can always be recovered in every scenario.
And that distinction matters more than most people realise.
Files are deleted. Sometimes accidentally, sometimes not. Accounts are compromised. Permissions change in ways that are not immediately visible. In some cases, the issue is only discovered weeks later, by which point recovery options are limited or gone entirely.
Microsoft does provide safety nets. There is a recycle bin. There is version history. There are retention policies.
But these are short-term protections. They are not a full, independent backup.
For schools, this is not just an IT issue. It is about safeguarding records, decision-making evidence, and the ability to recover information when it matters most.
The question is not whether Microsoft 365 is reliable.
It is whether you could confidently recover your data if something went wrong.
If the answer to that question is not clear, it is worth taking a closer look.
You can read a practical guide here:
How to Protect Your Microsoft 365 Data
It sets out what the risks actually are, what good looks like, and the straightforward steps schools can take to address them.
Because the cloud removes some risks. It does not remove responsibility.
.jpg&maxWidth=800)
