For most of the past decade, moving email to the cloud was treated as a one-way street. That's no longer the case.
By Brad Wyro · MDaemon Technologies
A growing number of organizations are pulling email and other workloads out of hosted platforms like Microsoft 365 and bringing them back on-premises. In the most recent Barclays CIO survey, the share of IT leaders planning to repatriate at least some workloads from the public cloud reached the highest level on record, and IDC has reported that the large majority of IT decision-makers expect to move some workloads back within the year.
Why businesses are bringing email back in-house
Businesses have cited a variety of practical reasons for bringing email back in-house. Per-user cloud licensing that looks inexpensive at sign-up keeps climbing as headcount and mailbox storage grow. Basecamp maker 37signals has said it saves more than a million dollars a year after moving email and other services off the public cloud, and insurer GEICO has publicly described its own large-scale repatriation after a decade on Azure. Beyond cost, companies point to:
Data sovereignty and compliance: GDPR, HIPAA, and a growing wave of data-residency rules are easier to satisfy when you know exactly where your data physically lives.
Control: on-premise systems let your IT team set its own patch and upgrade schedule instead of waiting on a vendor's roadmap.
Reliability: when a hosted platform goes down, you wait. Internal mail can keep flowing on a local server even when the internet connection or the provider has a bad day.
The security picture has sharpened
Security is the other half of the story, and recent headlines have brought it into focus. Due to the ubiquity of Microsoft 365, it is a constant, high-value target, and the last year has produced a steady stream of serious incidents:
SharePoint “ToolShell” (July 2025). Attackers exploited a SharePoint zero-day, CVE-2025-53770, chaining it with a second flaw to breach U.S. government agencies and other organizations.
Vulnerability counts climbed. BeyondTrust's 2026 Microsoft Vulnerabilities Report found that Microsoft Office vulnerabilities more than tripled year over year -157 in 2025, while the number of critical vulnerabilities across Microsoft's products roughly doubled.
An actively exploited Office zero-day (January 2026). Microsoft rushed out an emergency patch for CVE-2026-21509, which CISA added to its Known Exploited Vulnerabilities catalog with a hard deadline for federal agencies to patch.
Identity-driven cloud breaches (May 2026). Microsoft detailed how a threat actor it tracks as Storm-2949 turned a single compromised identity into a cloud-wide breach, exfiltrating data from Microsoft 365 apps including OneDrive and SharePoint. Around the same time, the FBI warned about a phishing-as-a-service platform built specifically to steal Microsoft 365 tokens and bypass multi-factor authentication.
“SearchLeak” in Copilot (June 2026). Researchers disclosed a one-click vulnerability chain, CVE-2026-42824, that could quietly pull mailbox, OneDrive, and SharePoint data out of a tenant through Microsoft 365 Copilot - rated at Microsoft's maximum severity before it was patched.
None of this means a hosted platform is the wrong choice for every business. Many of these incidents can be traced back to misconfiguration and identity attacks rather than the platform itself. But it does mean the “set it and forget it” assumption no longer holds. When your mail lives in someone else's tenant alongside millions of others, you inherit both their attack surface and their incident timeline - and this leads to security tradeoffs.
Key areas to consider before you decide
To help businesses make the right decision when choosing an email and collaboration solution, we've updated the following infographic. It illustrates the key areas to consider when deciding whether to use an on-premise email server such as MDaemon or to go with Google Workspace, Microsoft 365, or another hosted provider.
Want to learn more about MDaemon? We also offer personal demos for businesses that need an overview.


