What services do you provide?

We provide managed IT and cybersecurity services to keep your systems secure, supported, and running reliably. This typically includes help desk support, proactive monitoring, patching, endpoint security, network management, and cloud/Microsoft support.

Do you offer fully managed IT and co-managed IT?

Yes. We can act as your full IT department (fully managed) or work alongside your internal team (co-managed) to cover monitoring, security, projects, and escalations.

What size businesses do you support?

We typically support small to mid-sized organizations that want professional IT operations and stronger security without building a large internal team.

Which industries do you specialize in?

We support a range of industries and tailor security and support to your operational needs, compliance requirements, and risk profile.

Do you offer a free consultation or IT assessment?

Yes. We start with a discovery conversation to understand your environment, pain points, and priorities, then recommend next steps.

How do we contact support and what are your hours?

You can contact support via phone, email, and/or a support portal. Standard help desk support is provided during business hours, with after-hours options available for urgent issues depending on your plan.

Do you provide remote and on-site support?

Yes. Most issues are resolved remotely for speed, and we can also schedule or dispatch onsite support when hands-on work is needed.

Do we get a dedicated team?

You’ll work with a consistent support team and an account owner who coordinates service delivery and long-term improvements.

What are your response-time targets / SLAs?

We prioritize by impact and urgency, with defined response targets for critical issues. Exact SLAs depend on the service plan.

How is managed IT priced?

Most plans are a predictable monthly fee, commonly based on users, devices, or a hybrid depending on what you want to include.

Are costs predictable month-to-month?

Yes. Managed services are designed to reduce surprise IT costs by bundling proactive support, monitoring, and security into a consistent monthly model.

Do you require long-term contracts?

Contract length varies, but our most popular model is month to month.

What’s included vs billed separately?

Day-to-day support and proactive maintenance are included in managed plans. Larger projects such as migrations, major network refreshes, or office moves are usually scoped separately.

What cybersecurity services do you offer?

We provide layered security such as endpoint protection, threat monitoring and response, identity security, email and web protections, and security hardening tailored to your environment.

How do you prevent ransomware and phishing?

We reduce risk using multiple controls including hardened configurations, patching, endpoint protection, filtering, least-privilege access, and user awareness, along with rapid response when suspicious activity is detected.

Do you provide security awareness training?

K&E offers training and phishing simulations to help users recognize and report threats. Availability depends on the plan.

Do you offer vulnerability scanning?

K&E offers vulnerability scanning to identify missing patches, misconfigurations, and known vulnerabilities. Scope varies by plan.

What happens if we suspect a breach?

We triage immediately, contain the threat, investigate affected systems, remove persistence, and help restore operations while documenting findings and recommending improvements.

Do you help with compliance?

We support compliance efforts by implementing controls, documenting policies, and providing reporting based on your industry requirements.

Microsoft Doesn’t Back Up Your M365 Data. Here’s What That Means for Your Business.

Category: IT Operations

You pay for Microsoft 365. Your email is in the cloud. Your files are in SharePoint. Your team lives in Teams.

So your data is backed up, right?

Wrong — and Microsoft says so in plain language.

This is one of the most dangerous assumptions Minnesota businesses make about their IT. And by the time you discover it’s not true, it’s usually because something has gone very wrong.

What Microsoft Actually Says About Your Data

Most business owners assume that “in the cloud” means “backed up.” It doesn’t.

Microsoft’s own Service Agreement states this directly:

> “We recommend that you regularly backup Your Content and Data that you store on the Services or store using Third-Party Apps and Services.”

Read that again. Microsoft is telling you to back up your own data. They protect the infrastructure — the servers, the network, the availability of the service. But the content inside? That’s your responsibility.

This is called the shared responsibility model, and it applies to every major cloud provider. Microsoft keeps the lights on. You keep the data safe.

Most businesses never see this language. It’s buried in the fine print of an agreement most people click through without reading. But it has real consequences.

The Retention Windows You’re Counting On Are Much Shorter Than You Think

Microsoft 365 isn’t completely unprotected — there are built-in retention windows for deleted content. The problem is that most business owners dramatically overestimate how long these windows are.

Deleted Email: You Have 28 Days (By Default)

Here’s how Exchange Online handles a deleted email:

1. You delete an email. It goes to your Deleted Items folder, where it stays for 14 days.
2. After 14 days, it moves to the **Recoverable Items folder — a hidden holding area. It stays there for another 14 days.
3. After that, it’s permanently gone**.

By default, you have 28 days total to recover a deleted email. Microsoft does allow administrators to extend that second window, but the maximum total is 30 days — and only if someone has configured that intentionally. Most small and mid-sized businesses are running on defaults.

Think about what that means in practice. An employee leaves the company. You terminate their account. Three months later, a client dispute arises and you need an email thread from that account. It’s gone. Or a ransomware attack encrypts your mailboxes and it takes your team a few weeks to fully realize the scope. By the time you’re looking for the clean copies, the window has closed.

SharePoint and OneDrive: 93 Days, Then Gone

Files deleted from SharePoint or OneDrive go through a two-stage recycle bin. Combined, those stages give you 93 days to recover a deleted file.

That sounds more reasonable — but consider how long it actually takes most organizations to discover a problem. A sync error quietly deletes a folder in SharePoint. A disgruntled employee removes project files before they leave. Ransomware encrypts shared drives. In many real-world scenarios, 93 days isn’t enough.

And after 93 days, the files are permanently deleted. There is no hidden second copy. There is no “call Microsoft and they’ll find it.” It’s gone.

Four Ways Minnesota Businesses Lose M365 Data

These aren’t hypothetical edge cases. They’re the most common reasons businesses reach out to K&E Consulting after a data loss event.

1. Accidental Deletion

Someone deletes a file or email thinking they don’t need it — or not realizing what they’re deleting. By the time someone notices it’s missing, the retention window may have already closed.

2. Malicious Insiders

Employees who are disgruntled, departing, or just careless can delete or move large amounts of data. A terminated employee with access to SharePoint can cause significant damage in minutes. Built-in retention helps, but it’s not a substitute for a real backup.

3. Ransomware

Ransomware increasingly targets cloud-synced environments. If ransomware encrypts files on a device and those files sync to OneDrive, the encrypted versions overwrite the clean ones. Depending on how quickly you catch it, the 93-day window may not be enough to get back to a clean state.

4. Sync Errors

OneDrive and SharePoint sync can fail in ways that delete or corrupt files. A misconfigured sync client, a conflict between devices, or a software bug can quietly wipe out folders. These incidents often go unnoticed until the data is needed.

—

The Gap Between “Available” and “Backed Up”

Here’s the distinction that matters: Microsoft’s retention features keep your data *available* within a limited window. They are not a backup.

A real backup means:

You can restore a file from six months ago, not just the last 93 days
You can recover from ransomware to a point-in-time before encryption
You have a copy that exists outside of Microsoft’s infrastructure
You can restore individual items without opening a support ticket

Microsoft’s built-in features don’t do most of this. If a ransomware attack hits your OneDrive and you don’t catch it within 93 days, there’s no native path back. If your compliance requirements mandate retaining emails for seven years, the default 28-day window isn’t going to cut it.

What Proper Microsoft 365 Backup Looks Like

A third-party backup solution for M365 fills in the gaps that Microsoft’s native tools leave open. Here’s what good backup coverage looks like:

Extended Retention

Backups that go back months or years, not just 28–93 days. This matters for compliance, legal discovery, and general peace of mind.

Point-in-Time Recovery

The ability to restore your environment to a specific moment in time. This is critical for ransomware recovery — you need to get back to *before* the attack, not just to whatever Microsoft still has on hand.

Coverage Across Your M365 Environment

Email, SharePoint, OneDrive, and Teams data, all protected under one consistent backup strategy.

Independent Storage

Your backup copies stored outside of Microsoft’s infrastructure. When your live environment is the problem, you want your recovery data somewhere else entirely.

Fast, Granular Restore

The ability to recover a single email, a single file, or an entire mailbox without navigating a support queue or waiting days for Microsoft to respond to a ticket.

What K&E Consulting Does for Minnesota Businesses

K&E Consulting has been working with Minnesota businesses for nearly three decades. We’ve seen what happens when companies discover their M365 data isn’t backed up — and we’ve helped clean up the mess.

We specialize in working with businesses that run on Microsoft 365 and need practical, right-sized data protection. That means no unnecessary complexity, no vendor bloat — just a clear-eyed look at your environment, your risk, and the right solution for your size and industry.

If you have HIPAA requirements, financial data, or long-term record-keeping obligations, the defaults that came with your M365 subscription are almost certainly not sufficient.

If you’ve never had a conversation with your IT provider specifically about backup for your cloud data — not just your on-premise servers — it’s worth having that conversation now.

You Shouldn’t Have to Read the Fine Print to Protect Your Business

Microsoft builds a great productivity platform. But they were clear in their own terms: backing up your data is your job, not theirs.

That’s not a criticism of Microsoft. It’s just the reality of how cloud services work — and it’s a reality most Minnesota business owners were never told.

The good news is that closing this gap isn’t complicated or expensive. The right backup solution for a 20-person company looks different from the right solution for a 200-person company — and K&E can help you figure out exactly what you need.

Get a Free Microsoft 365 Backup Assessment

Not sure if your M365 data is actually protected? Find out.

K&E Consulting offers a free Microsoft 365 Backup Assessment for Minnesota businesses. We’ll review your current M365 configuration, identify retention gaps, and give you a clear picture of where you’re exposed — with no obligation.

This is a 30-minute conversation that could save you from a very expensive problem.

Schedule Your Free Assessment

K&E Consulting is a Minnesota-based managed service provider with nearly 30 years of experience helping businesses manage their technology. We work with organizations across the Twin Cities metro and greater Minnesota to design practical IT solutions that fit real business needs.

Our Services

Let's find the right fit.

Whether you’re exploring options or ready to make a move — we’d love to hear about your business.