It’s fine.
Like any CMS, it has a seemingly constant low level of patching to be applied. The more third party modules and themes you have, the worse that gets.
Remove unused modules that aren’t core. Same with themes. That’ll make things easier.
Otherwise it’s overheads are just Apache/nginx, MySQL/MariaDb, and maintenance of the TLS certificate, plus OS patching. All fairly well understood stuff that you should have no issues with.
I think the thing to take away from this is the poor state of management/maintenance tools that Exchange had. Thankfully over the years this has improved, but in those early years it was pretty bad.
I was using both Exchange and Lotus Notes/Domino in that period. If the same thing had happened in Notes, we’d just shut down the mail router task, open the mail.box database and remove the offending message. Easy. But that can only be done because Notes re-used its database system for everything, including the mail queue.
Exchange has a history of reinventing the wheel even within its own architecture. Let’s just say I’mm very grateful that we’re now on Microsoft 365 and these things are Microsoft’s problem, not mine… 😉
My company uses Acronis M365 Backup Protection.
I believe it was selected because the licensing options and costs were much better than Veeam’s offering.
To be honest I can’t comment much further - it was set up by a colleague, it runs in a different country, and I’ve never needed to do a restore from it because I’ve always been able to recover lost files/emails from the recycle bin/recoverable items.
It’s more of an insurance policy against ransomware or other malware than anything else. It’s good to have, but not used day to day.
Although that does remind me that we are probably due a test restore. I’ll add that to the list for this month. Thanks! 😉