PR.IP-4Key Measure

Backups of information are conducted, maintained, and tested

Protect · Information Protection

Semi-Automated

Compliance Score

70%

Partially Compliant

Documentation Maturity

3/ 5

Target: 2.5

Implementation Maturity

3/ 5

Target: 2.5

Control Description

Regular backups are performed and stored on a separate system or location. Backup restoration is tested periodically to ensure recoverability.

Microsoft Graph API Endpoints Used

GET /solutions/backupRestore

Required Permissions

BackupRestore-Configuration.Read.All

Findings (1)

14/20 items compliant

Severity	Finding	Recommendation
medium	Improvement needed: Backups of information are conducted, maintained, and tested Current implementation does not fully meet the requirements of PR.IP-4.	Enable Microsoft 365 Backup for Exchange, SharePoint, and OneDrive. Implement 3-2-1 backup rule (3 copies, 2 media types, 1 offsite). Test backup restoration quarterly. Document backup procedures and RTOs.

Severity

Finding

medium

Improvement needed: Backups of information are conducted, maintained, and tested

Current implementation does not fully meet the requirements of PR.IP-4.

Remediation Guidance

Enable Microsoft 365 Backup for Exchange, SharePoint, and OneDrive. Implement 3-2-1 backup rule (3 copies, 2 media types, 1 offsite). Test backup restoration quarterly. Document backup procedures and RTOs.