Recovering Deleted Files and Maximizing Retention in SharePoint Online

SharePoint Online provides robust features for recovering accidentally deleted files and retaining content for a defined period. This guide offers step-by-step instructions for restoring deleted files (user-level and admin-level recovery) and explains how to maximize the retention period for deleted files in SharePoint Online. References to official Microsoft documentation and best practices are included.

Overview of SharePoint Online File Deletion and Retention

Two-Stage Recycle Bin: When you delete a file from a SharePoint document library, it is not immediately erased. It first goes to the Site Recycle Bin (First-Stage Recycle Bin), where site members with edit permissions can restore it. If the item is removed from the first stage (either manually or by emptying the recycle bin), it moves to the Site Collection Recycle Bin (Second-Stage Recycle Bin)[1][2]. Only site collection administrators (or site owners with appropriate rights) can access the second-stage recycle bin to restore items.
Default Retention Period (93 Days): SharePoint Online retains deleted items for 93 days from the time of deletion, covering both recycle bin stages[1][2]. This means an item stays in the first-stage recycle bin unless removed, and if removed it stays in the second-stage for the remainder of the 93-day period. After 93 days (or if an item is deleted from second-stage), the item is permanently deleted and cannot be recovered through the UI[1].
Backup and Support: Even after the 93-day window, Microsoft maintains backups of all SharePoint content for an additional 14 days beyond deletion. During this period, a SharePoint administrator can contact Microsoft Support to request restoration of content (this is typically an all-or-nothing site or library restore, not individual files)[3][4].
Retention Policies: The 93-day recycle bin retention is fixed by Microsoft and cannot be altered per tenant settings[5]. However, organizations can employ Microsoft Purview retention policies or retention labels to preserve content longer (even after deletion) by storing copies in a hidden Preservation Hold Library[5]. We will discuss this in the retention section.

I. Recovering a Deleted File in SharePoint Online

Recovering deleted files involves checking the recycle bins and possibly using admin tools. Below are the detailed steps for user-level recovery (first-stage recycle bin) and admin-level recovery (second-stage recycle bin), along with alternative recovery methods.

1. User-Level Recovery (First-Stage Recycle Bin)

End-users or site members with at least Edit permissions can restore files from the first-stage recycle bin of a SharePoint site. Use the following steps to recover a file from the SharePoint site Recycle Bin:

Navigate to the SharePoint Site: Go to the SharePoint site where the file was originally located. If the file was deleted via Microsoft Teams (from a channel’s Files tab), click “Open in SharePoint” from the Files tab to open the corresponding SharePoint site[2].
Open the Recycle Bin: On the SharePoint site, find the Recycle Bin. In modern team sites, the recycle bin is usually listed on the left-hand Quick Launch menu. If you don’t see “Recycle bin” there, go to Site Contents (gear icon > Site Contents), then click Recycle Bin at the top right of the Site Contents page[2][6]. (If the recycle bin is not visible due to site template differences, you can also append /_layouts/15/RecycleBin.aspx to the site URL to access it[7].)
Locate the Deleted File: In the Recycle Bin, items are listed with details like the filename, original location, and deletion date. Scroll or page through to find the file you want to restore. (Note: The recycle bin does not have a search or filter function, so you may need to look manually or sort by column headings if available[7].)
Select the File: Click the checkbox next to the file (or files) you wish to recover[2]. You can select multiple items if needed.
Restore the File: Click the Restore button. A confirmation or brief message will indicate the item has been restored[2]. The file will be returned to its original location (the same document library and folder from which it was deleted)[2]. If the original folder no longer exists (e.g. it was deleted), SharePoint will automatically re-create the folder and then restore the file into that folder[2].
Verify Restoration: Go back to the document library or location where the file originally resided to ensure the file has reappeared. The file should now be back in place with all its metadata and version history intact.

Important Notes (User-Level Recovery):

If you do not see the file in the first-stage recycle bin, it might have been deleted from there (thus moving to second-stage) or the 93-day period may have lapsed. In that case, proceed to the admin-level recovery steps below[2].
You can restore any supported item (files, list items, entire libraries, etc.) as long as its “parent” still exists. For example, you cannot restore a file if its parent library was deleted without first restoring the library itself[2].
When a file is restored, all its versions come back. However, if a file with the same name currently exists in the restore location, SharePoint will restore the deleted file with a number appended to its filename to avoid overwrite[2].

2. Admin-Level Recovery (Second-Stage Recycle Bin)

If a deleted file is not in the first-stage recycle bin (perhaps someone emptied the recycle bin or deleted that specific item from it), the file will be in the second-stage recycle bin. Recovery from the second-stage recycle bin requires Site Collection Administrator privileges (typically a SharePoint admin or the site owner in SharePoint Online).

Follow these steps to restore from the second-stage recycle bin:

Access the Second-Stage Recycle Bin: Go to the site’s Recycle Bin page (follow steps in the first-stage recovery to get to the Recycle Bin interface). Scroll to the bottom of the Recycle Bin page and click the link for “Second-stage recycle bin” (it may also be labeled as “Site Collection Recycle Bin”)[4][4].
- Alternatively, from the site, go to Settings (gear icon) > Site Settings > under Site Collection Administration, click Recycle Bin[4]. Then at the bottom, click “Second-stage recycle bin.”
Find the File: In the second-stage recycle bin, you’ll see items that were deleted from the first-stage. Locate the file you want to recover. (As with the first stage, there is no search function; you may have to navigate through the list.)
Select and Restore: Check the box next to the file(s) and click Restore. The item will be restored to its original location, just as it would from the first-stage bin[4][4]. You may receive a confirmation message.
Verify Restoration: Check the original site library to ensure the file has been restored successfully.

Important Notes (Admin-Level Recovery):

Only users with site collection admin or owner permissions can access the second-stage recycle bin. If you don’t have these permissions, you’ll need to contact your SharePoint administrator for assistance[4].
Items in the second-stage recycle bin still count toward the overall 93-day retention. They will be permanently removed after 93 days from original deletion date if not restored[1]. Also, administrators can manually purge items from the second-stage, which will permanently delete them[1].
If the file is not present in the second-stage recycle bin either, it means it has been permanently deleted (retention expired or it was purged). In such cases, proceed to additional recovery options below.

3. Additional Recovery Options and Best Practices

In some situations, you may need alternative methods to recover content or mitigate deletion:

Version History (File Restore): If a file was not deleted but was overwritten or corrupted, you can restore a previous version. Go to the document library, right-click the file (or click the ellipsis … next to it), and choose Version History, then select a prior version to restore[3]. This is useful if the file exists but in an unwanted state.
Restore an Entire Library (Site Level Restore): SharePoint Online (and OneDrive) offers a feature to restore an entire document library to a prior state. If a large number of files were deleted or changed (for example, due to ransomware or bulk accidental deletion), a site owner can go to Settings > Restore this library (or in OneDrive, Restore your OneDrive) and choose a date in the past 30 days to roll back the library. This will undo all changes made in that period. (Note: This is available for the last 30 days of activity.)
Microsoft Support (Beyond 93 Days): As noted, Microsoft keeps backups for 14 days beyond permanent deletion. If a critical file was lost and the 93-day period has passed, a tenant administrator can open a support ticket with Microsoft within that 14-day backup window[3][4]. Microsoft can perform a site or site collection rollback to recover content. This is a last resort and will restore the entire site (or a large scope of data) to a prior state, so use caution and timing (recent changes to other content could be lost).
PowerShell and Advanced Tools: For admins comfortable with PowerShell, SharePoint Online Management Shell provides cmdlets like Restore-SPODeletedSite for sites and scripts to enumerate recycle bin contents or restore items. For example, admins can use PowerShell to search the recycle bin for specific filenames (since the UI lacks a search filter)[7]. Ensure you have the SharePoint Online Management Shell and appropriate permissions if using these methods.
Check OneDrive Recycle Bin (if applicable): If the file was in a user’s OneDrive (or a SharePoint site connected to Teams), remember that OneDrive has a similar two-stage recycle bin with the same 93-day retention. The recovery process is analogous.

II. Maximizing the Deleted File Retention Period in SharePoint Online

By default, deleted files are retained for 93 days in SharePoint Online’s recycle bins[1]. This retention period is set by Microsoft and cannot be changed for the recycle bin itself[5]. However, there are methods to ensure that content can be retained for longer periods or preserved to meet compliance requirements. Below are strategies to maximize or extend retention of deleted files:

1. Understanding the 93-Day Retention Limit

Fixed Retention: Every item deleted in SharePoint Online follows the 93-day retention rule. The clock starts when the item is first deleted from its library[2]. Whether it stays in first-stage or moves to second-stage, the total time is 93 days from deletion. After that, SharePoint’s automatic purge will permanently remove the item[1]. This policy is the same across all tenants and cannot be configured or lengthened on the service level[5]. Similarly, it’s not possible to shorten it either – it’s a fixed safety net provided by the service.
Site Deletion: The same 93-day principle applies to deleted SharePoint sites and Microsoft 365 Groups-connected sites (though group-connected resources like mailboxes have different retention)[8]. SharePoint sites deleted by admins can be restored within 93 days from the SharePoint admin center by a global or SharePoint admin[8].
Storage Impact: Items in the first-stage recycle bin do count against site storage quota, but items in second-stage do not[4]. The second-stage recycle bin can hold up to 200% of the site quota by default, beyond which oldest items get purged automatically[4]. This is usually not a user concern, but admins should be aware that extremely large volumes of deleted data could cause older deletions to drop out sooner if that quota is exceeded[4].

2. Extending Retention with Compliance Policies

Since the recycle bin timeline cannot be directly increased, Microsoft Purview Compliance features are the key to retaining content longer:

Retention Policies: An admin can create a retention policy for SharePoint Online that covers specific site collections or the whole tenant. For example, a policy could state “retain SharePoint content for 5 years.” When such a policy is in place, if a user deletes a file, behind the scenes SharePoint will keep a copy in a hidden folder called the Preservation Hold Library for the duration of the retention period[5]. This means the user-facing recycle bin might purge the item after 93 days, but the content is still preserved for compliance purposes. It can be accessed by compliance officers or eDiscovery tools, or restored by removing the policy.
- How to implement: A global or compliance admin navigates to the Microsoft Purview Compliance Portal (Microsoft 365 compliance center), creates a new retention policy, and targets the desired SharePoint sites or content. You can specify a time period (e.g., 7 years) to retain content. Once published, any deletion in those locations will trigger the preservation hold, thereby “extending” the recoverability of the content beyond 93 days[5]. (The content is retained but not visible to end users; recovery would be via compliance or admin actions.)
- Reference: Microsoft’s documentation “Learn about retention for SharePoint and OneDrive” provides in-depth details on how retention policies work with SharePoint content[5]. In short, retention ensures a copy of the file as it existed at deletion time is kept, regardless of user deletion.
Retention Labels: Alternatively, you can use retention labels (applied to libraries, folders, or documents) which can trigger similar preservation. For instance, a label could be applied to important documents that instructs SharePoint to keep the content for a certain number of days/years after deletion.
Limitations: Retention policies do not change the user experience of the recycle bin. Users won’t see an item beyond 93 days in the recycle bin UI, but admins could retrieve the content via eDiscovery or by removing the policy (whereby the item reappears). Also, retention policies need planning – only enable them if you truly need the data retained (they can increase storage usage because SharePoint will keep copies of deleted or edited items).
Example Best Practice: If your organization has critical libraries where data loss is unacceptable, apply a retention policy for those libraries/sites. This way, even if something is deleted and 93 days pass, you have, say, a one-year cushion in the Preservation Hold library. Note: Users with site permissions generally cannot access the Preservation Hold library; it’s meant for compliance scenarios.

3. Microsoft 365 Backup and Third-Party Solutions

Microsoft has introduced Microsoft 365 Backup solutions (and there are third-party backup services) that can provide point-in-time restoration beyond what recycle bin offers. According to Microsoft, the upcoming Microsoft 365 Backup service will offer longer protection times and faster recovery for scenarios like ransomware or accidental deletions[4]. If maximizing retention and rapid recovery is a priority, organizations might consider these backup solutions for an additional layer of protection beyond the default mechanisms.

Third-Party Backups: Many organizations use third-party cloud backup services to continuously backup SharePoint Online content. These services let you restore items long past 93 days without needing to involve Microsoft support or retention holds. Evaluate this based on business needs and compliance rules.

III. Best Practices for File Recovery and Retention

To minimize data loss and ensure smooth recovery of files, consider the following best practices:

Enable Version History: Versioning is enabled by default in SharePoint Online libraries (usually retaining the last 500 versions of a file)[6]. This means if a file is accidentally modified or an unwanted change is made, you can restore an earlier version without needing to recover from deletion. Always leave versioning on, and instruct users to use version history when needed.
User Training and Awareness: Educate users about the SharePoint Recycle Bin. Many users might not know that they can self-restore deleted files within the site. Ensure they know how to access the Recycle Bin and the 93-day limit so that they act promptly if they need to recover something[7][1]. Also, encourage users to notify IT immediately if they can’t find something – waiting too long could push the item beyond retention.
Regular Audit of Recycle Bins: Site owners or administrators should periodically review recycle bin content, especially second-stage, for any large or accidental deletions. This can help catch issues before the retention period expires. While there’s no built-in alert for recycle bin events, admins can use audit logs or PowerShell scripts to identify bulk deletions.
Retention Policies for Critical Data: Implement retention policies for content that must be retained (for legal, compliance, or business continuity reasons)[5]. This ensures that even if users delete files, copies are preserved. Be mindful to balance retention with storage and privacy considerations.
Avoid Disabling Recycle Bin: In SharePoint Server (on-premises) it’s possible to disable the recycle bin or reduce retention, but in SharePoint Online this is managed by Microsoft and should always be available. Ensure any on-prem environment you might have mirrors the Online approach for consistency – keep at least a 30-day recycle bin if using SharePoint Server[4].
Using the Admin Center for Sites: If entire sites or collections are deleted, remember that SharePoint admin center provides a UI to restore them (within 93 days)[8]. Restore of a site will also restore its contents. This is an admin task but is far easier than needing to request a backup restore from Microsoft.
Backup Important Data: For absolutely critical information, consider maintaining your own backups. While SharePoint’s retention and Microsoft’s backups cover most scenarios, having an export or backup of certain libraries (for example, via a scheduled PowerShell script or third-party tool) could provide extra peace of mind.
Monitor Preservation Hold (if using retention): If you use retention policies, monitor the Preservation Hold library for growth. Items here count against storage and will remain until the retention period expires. Ensure your storage quotas are sufficient if you are retaining a lot of deleted data for long periods.

Conclusion

SharePoint Online offers a multi-layered safety net for recovering deleted files: the two-stage recycle bin gives users and admins a straightforward way to restore content within 93 days[1], and additional features like version history and library restore help address inadvertent changes. To maximize retention, organizations should leverage retention policies and understand Microsoft’s fixed 93-day recycle bin window[5]. By following the steps and best practices outlined above, you can confidently recover lost files and ensure that important content remains protected for as long as needed, thereby preventing data loss in your SharePoint Online environment.

References

[1] How do I Restore accidently deleted files from sharepoint

[2] Restore items in the recycle bin that were deleted from SharePoint or …

[3] How to recover missing, deleted or corrupted items in SharePoint and …

[4] Restore deleted items from the site collection recycle bin

[5] Change recycle bin retention Sharepoint Online – Microsoft Q&A

[6] Using the SharePoint Recycle Bin – Complete Guide – LazyAdmin

[7] How to recover deleted files in SharePoint – Microsoft Community

[8] Restore deleted sites – SharePoint in Microsoft 365

How to configure Microsoft 365 for maximum native data recovery

Understanding Native Recovery vs. Backup

It’s crucial to understand that Microsoft 365’s native features focus on data retention, versioning, and recovery from accidental deletion or modification, primarily for compliance, legal holds, and user errors. They are not a traditional point-in-time backup solution that protects against all scenarios (like widespread ransomware encryption beyond versioning limits, catastrophic service failures, or malicious admin actions wiping configurations). Microsoft operates on a Shared Responsibility Model.

Key Concepts for Maximizing Native Recovery Time

Retention Policies (Microsoft Purview): This is the MOST IMPORTANT tool for maximizing recovery time. Retention policies ensure data is kept for a specified period, regardless of user actions (like deletion). Data subject to a retention policy is typically moved to a hidden, preserved location when deleted by a user.
Litigation Hold / In-Place Hold: Similar to retention policies but often used for specific legal cases. They preserve all mailbox or site content indefinitely or until the hold is removed. Holds generally override deletion policies.
Versioning: Automatically saves previous versions of files in SharePoint Online and OneDrive for Business, allowing users to restore older copies.
Recycle Bins: A two-stage system for deleted items/files, providing a buffer before permanent deletion.
Recoverable Items Folder (Exchange Online): A special folder in user mailboxes that stores deleted items, items purged from Deleted Items, and modified versions of items (if Single Item Recovery is enabled).

Configuration Steps for Maximum Recovery Time (Service by Service)

1. Exchange Online (Email, Calendar, Contacts, Tasks)

Configure Retention Policies (Microsoft Purview Compliance Portal):
- Goal: Keep email data for the longest possible duration required by your organization (e.g., 7 years, 10 years, or even indefinitely for specific regulatory needs).
- How:
  - Go to the Microsoft Purview compliance portal (compliance.microsoft.com).
  - Navigate to Data lifecycle management > Microsoft 365 > Retention policies.
  - Create a new policy.
  - Name & Description: Give it a clear name (e.g., “Exchange – Max Retention”).
  - Locations: Select Exchange mailboxes. Choose specific mailboxes or apply to all.
  - Retention Settings:
    - Choose Retain items for a specific period.
    - Select Forever or the maximum duration required (e.g., 10 years).
    - Set Retain items based on: Choose When items were created or When items were last modified based on your needs.
    - At end of retention period: Choose Do nothing (if you only want retention) or Delete items automatically (if you need cleanup after the retention period). For maximum recovery potential during the period, “Do nothing” is simpler, relying on deletion actions triggering preservation.
  - Review and create the policy. Allow time for it to apply (can take up to 24 hours, sometimes longer for large organizations).
Configure Recoverable Items Folder Quota & Retention:
- The default retention for items in the Recoverable Items folder (when not under hold/retention policy) is 14 days, extendable to 30 days via PowerShell.
- However, if a mailbox is subject to a Retention Policy (set to Retain) or Litigation Hold, items are kept in the Recoverable Items folder (specifically the Purges or DiscoveryHolds subfolders) effectively indefinitely or for the duration of the policy/hold, regardless of the 14/30 day setting. The main limit becomes the storage quota.
- Increase Quota (If Necessary): The default quota is 30 GB, with an auto-expanding archive providing an additional 100 GB (up to 1.5 TB for certain licenses). For very high-volume mailboxes under indefinite hold, you might monitor this, but it’s usually sufficient. Use PowerShell Set-Mailbox <mailbox_identity> -RecoverableItemsQuota <value> -RecoverableItemsWarningQuota <value> if needed, though holds often trigger the auto-expansion.
Enable Litigation Hold (Alternative/Supplement to Retention Policies):
- Can be enabled per mailbox via the Exchange Admin Center or PowerShell (Set-Mailbox <mailbox_identity> -LitigationHoldEnabled $true -LitigationHoldDuration <days> or leave duration off for indefinite).
- Often used for specific users/cases but achieves similar preservation to a “Retain Forever” policy.
Deleted Mailbox Retention: By default, deleted mailboxes are kept for 30 days (soft-deleted) and can be recovered during this period. This is generally fixed.

2. SharePoint Online (Team Sites, Communication Sites, Document Libraries)

Configure Retention Policies (Microsoft Purview Compliance Portal):
- Goal: Retain documents and site content long-term.
- How:
  - Similar to Exchange, create a Retention Policy in Purview.
  - Locations: Select SharePoint classic and communication sites. Choose specific sites or apply to all.
  - Retention Settings: Choose Retain items for a specific period (e.g., Forever, 10 years) based on Created date or Last modified date. Choose Do nothing or Delete at the end of the period.
  - Preservation Hold Library: When a retention policy is active, deleted or modified content is preserved in this hidden library within the site collection, consuming storage quota.
Configure Versioning:
- Goal: Allow restoration of previous file versions.
- How:
  - Go to the Document Library settings > Versioning settings.
  - Ensure Create major versions is enabled.
  - Set Keep the following number of major versions: Increase this significantly. The technical maximum is 50,000, but a high number like 500 or 1000 is usually practical and provides substantial recovery capability. Consider storage implications.
  - You can also enable minor versions if needed, but major versions are key for rollback.
Recycle Bin Settings:
- The total retention time for the user Recycle Bin + Second-Stage Recycle Bin (Site Collection Recycle Bin) is 93 days. This is generally not configurable per site. Items automatically move from the first to the second stage after 30 days (unless emptied sooner) and are purged after the total 93 days. Retention Policies/Holds override this purging for covered content.

3. OneDrive for Business (User Personal Files)

Configuration is very similar to SharePoint Online:
- Retention Policies (Purview): Create policies targeting OneDrive accounts. Apply to specific users or all users. Set long retention periods.
- Versioning: Enabled by default, typically storing 500 versions. You can verify/adjust this in the user’s OneDrive Settings > Return to Classic OneDrive > Library Settings > Versioning Settings (though accessing this directly might change). The key is that high versioning is usually on by default.
- Recycle Bin: Same 93-day, two-stage process as SharePoint, generally not configurable.
- Files Restore: A key OneDrive (and SharePoint Library) feature allowing users/admins to restore the entire OneDrive/Library to a point in time within the last 30 days. This is excellent for mass deletion/corruption/ransomware recovery within that window. It relies on version history.
- Deleted User OneDrive Retention: When a user account is deleted, their OneDrive content is retained for a default of 30 days (configurable up to 3650 days / 10 years via SharePoint Admin Center > Settings > OneDrive Retention). Access can be delegated to a manager during this time. After this period, the OneDrive enters a deletion process unless under a hold/retention policy. Configure this setting to your maximum desired timeframe.

4. Microsoft Teams (Chats, Channel Messages, Files)

Data Storage: Understand where Teams data lives:
- 1:1 and Group Chats: Stored in hidden folders within the participants’ Exchange Online mailboxes.
- Standard Channel Messages: Stored in a hidden folder within the Microsoft 365 Group mailbox associated with the Team.
- Private/Shared Channel Messages: Stored in dedicated mailboxes associated with those channels (or user mailboxes for shared channels).
- Files (Standard Channels): Stored in the associated SharePoint Team site’s Document Library (in a folder named after the channel).
- Files (1:1/Group Chats): Stored in the OneDrive for Business account of the user sharing the file.
- Files (Private/Shared Channels): Stored in dedicated SharePoint sites associated with those channels.
Configure Retention Policies (Purview):
- You MUST configure retention policies specifically for Teams data, in addition to Exchange/SharePoint policies.
- Create a policy targeting:
  - Teams channel messages: Covers standard/private/shared channel conversations.
  - Teams chats: Covers 1:1 and group chats (including Teams meeting chats).
- Set your desired long retention period (e.g., Forever, 10 years).
- Important: Ensure your Exchange and SharePoint/OneDrive retention policies also cover the underlying storage locations for comprehensive protection.

Native Recovery Methods (Without Third-Party Tools)

Exchange Online:

Deleted Items Folder: User recovers recently deleted items (Outlook/OWA).
Recover Deleted Items: User recovers items purged from Deleted Items or hard-deleted (Shift+Del), accessing the Recoverable Items Folder (Outlook/OWA). Limited by the 14/30 day window unless under hold/retention.
Restore Deleted Mailbox: Admin recovers a soft-deleted mailbox within 30 days (Admin Center/PowerShell).
eDiscovery Search (Purview): Admins (with permissions) search for and export mailbox content preserved by Retention Policies or Litigation Holds, even if deleted by the user years ago. This is the primary method for long-term recovery under retention.
Recover Mailbox Items (PowerShell): Admins can use Search-Mailbox (older) or New-ComplianceSearch + New-ComplianceSearchAction -Purge -PurgeType SoftDelete/HardDelete (newer, more complex) to find and potentially recover specific items, often from the Recoverable Items folder. New-MailboxRestoreRequest can restore content from a soft-deleted or inactive mailbox to another mailbox.

SharePoint Online / OneDrive for Business:

Recycle Bin (First Stage): User restores their own deleted files/items from the site/OneDrive Recycle Bin.
Second-Stage Recycle Bin: Site Collection Admin restores items deleted from the first-stage Recycle Bin. (Total 93-day window combined).
Restore Previous Version: User/Admin restores a file to an earlier state using the version history (available via File > Version History in Office apps, or the context menu in SharePoint/OneDrive web).
Files Restore (OneDrive & SharePoint Libraries): User (OneDrive) or Site Admin (SharePoint Library) restores the entire OneDrive or Document Library content to a previous point in time within the last 30 days. Excellent for mass deletions/changes. Access via Settings gear > Restore your OneDrive / Restore this library.
Restore Deleted Site: Admin restores a deleted SharePoint site collection within 93 days (SharePoint Admin Center > Deleted sites).
eDiscovery Search (Purview): Admins search for and export documents/items preserved by Retention Policies or Holds from SharePoint sites/OneDrive accounts, even if deleted from Recycle Bins. Primary method for long-term recovery under retention.
Preservation Hold Library Access (Advanced/Admin): While not a typical user recovery method, admins can sometimes access this hidden library (usually via URL manipulation or eDiscovery) to find preserved versions if standard methods fail, though eDiscovery is preferred.
Restore Deleted OneDrive: Admin restores a soft-deleted OneDrive (within the configured retention period) or delegates access (Admin Center).

Microsoft Teams:

Undo Delete (Chats/Messages): Users have a very short window (seconds/minutes) to undo deleting their own message.
File Recovery: Use the SharePoint/OneDrive methods above (Recycle Bins, Versioning, Files Restore) in the corresponding file storage location.
eDiscovery Search (Purview): Admins search for and export Teams messages/chats preserved by Retention Policies. This is the primary method for recovering deleted conversations beyond the user’s ability.

Summary & Key Takeaways

Retention Policies are Paramount: Configure comprehensive retention policies in Microsoft Purview targeting Exchange, SharePoint, OneDrive, and Teams locations. Set retention durations to meet your maximum recovery time objective (e.g., 7 years, 10 years, Forever).
Leverage Versioning: Ensure SharePoint/OneDrive versioning is enabled with a high number of versions (e.g., 500+).
Understand Recycle Bins: Know the 93-day limit and the two stages.
Utilize Files Restore/Site Restore: This is powerful for recent (within 30 days) mass recovery scenarios.
Configure Deleted User Data Retention: Set appropriate retention for deleted OneDrive accounts and understand the 30-day mailbox retention.
Master eDiscovery: This Purview tool is essential for finding and recovering data preserved long-term by holds and retention policies.
Limitations: Remember native tools aren’t full backups. They don’t easily restore entire service configurations, protect against all ransomware scenarios perfectly, or offer granular point-in-time restores for all data types easily outside the specific features mentioned (like Files Restore).

By carefully configuring these native features, particularly retention policies and versioning, you can significantly extend the window for data recovery within Microsoft 365 without relying on third-party backup solutions. Always test your recovery procedures.

Microsoft 365 Backup restore process

In a previous article:

Setting Microsoft 365 Backup policies

I determined that I liked the simplicity of setting up backups with Microsoft 365 Backup but the negative was a lack of reporting or alerting on the execution of these jobs.

I’m sorry to say that I also find the restoration process for Microsoft 365 lacking for a number of reasons.

1. The main reason is, at the moment, there is not really a granular restore option.

2. The restore option is typically all over the top of what is there already, effectively replacing it or restoring everything to a different location and then you have to manually copy the data across.

3. Selecting which actual backup to restore from I also found cumbersome.

4. I found the restoration of Exchange online mailboxes the most tricky to restore a select amount of data. You have to filter what you looking for via a few options. You kind of have to know what you want prior, you can’t just browse.

5. When the restore process actually runs you get no real indication of what it is actually doing, you simply have to wait for it to finish. My 1.28TB test SharePoint site took around 45 minutes to copy to a new location.

This may be me but when I did a restore of a OneDrive for Business to another location, the destination into which it copied the data is blank!

I did this more than once and got the same result. I couldn’t find any new SharePoint sites in my environment or sub folders. As such I am still trying to find out where the data actually restored to, as it does say it is completed!

The good thing is the restore process is pretty straight forward. A wizard takes you through the process as shown above.

For example, if you want to restore a OneDrive for Business you select the item from a list.

You then need to select a time and date to restore from. This is somewhat cumbersome and would be much better if you could simply browse through the available backups. For now you need to select the date and time you want.

I’m not sure what “standard restore” means when you confirm the restore point as shown above.

When you select the destination you’ll see that it typically everything over the top or everything to another location and then you need to manually copy what you need and delete the rest.

You confirm the restore.

and you select Done.

Then at the bottom of the page are the restore tasks as shown above.

Even with the restore in progress, you’ll see you don’t any information of progress or completion time. You’ll also note that the Destination will be available on restore,

but it wasn’t again unfortunately.

I found the mailbox restore process quite cumbersome.

If you want to do selected content as shown above you need to select a time frame

and that time frame is 14 days maximum.

Then you need to add filters from the four options shown above.

Then you have to find any matches and more me, most of the time I didn’t find any in my test environment, which was frustrating.

Remember, Microsoft 365 Backup is still in preview and will continue to improve and develop. However, as it stands now I don’t feel this is a viable alternative for people who do wish to restore their Microsoft 365 environment in a granular manner. I think as a disaster recovery tool, that is, back up everything and restore everything, over the top if needed, it would be fine.

Thus, in summary, for now, I think Microsoft 365 Backup could work as a disaster recovery service but for granular, item level restore – no so much. However, it is still very early days for this product, so keep your eye on what develops. I know I will.

Setting Microsoft 365 Backup policies

I recently talked about

Microsoft 365 Backup pricing

It’s now time to look at how to actually backup data with the service.

You’ll need to have rights to the Microsoft 365 administration portal.

In here, select Settings and then Microsoft 365 Backup as shown above. On the right you will see the settings for what can be backed up. At this stage it is Exchange, SharePoint and OneDrive for Business.

Select the button Set up policy for any of these three items to create a backup routine. In this case, I’ve selected OneDrive for Business.

You’ll be presented with a wizard as shown above. You’ll notice here that there are few things that you can vary. You’ll get one year of backup retention with backups within the first 14 days every 15 minutes and weekly after that.

The new dialog allows you to select the items you wish to backup as shown above. Select what you wish to backup and then move onto the next dialog.

The final screen in the wizard is simply a summary of the policy as shown above. Select the Create Policy button at the bottom of the screen to complete the process.

Once that is done you’ll see the confirmation screen shown above indicating the policy has bene created.

If you look at that item in the console summary you will see that its status if Processing as shown above. The time this takes will depend on the amount of data you have elected to backup.

If you select the View details button you’ll see a summary of included accounts and activity as shown above.

When processing is complete the item will show as Active as seen above. You’ll also notice that the Restore button is active. You can again select View details but you see basically the same information as before.

If you select the Edit the scope hyperlink you can add more items to what is being backed up as shown above.

You’ll also notice at the top of this dialog you can Pause the policy.

This will show the dialog shown above.

That’s all there is really is to backing up items. Very straight forward with few options for now. Remember, this product is still in preview.

Probably the biggest missing item for me is reporting. I would love to see how much data is being backed up, when it was run, what was included, etc. At the moment, you have to trust it is in fact backing up, unless you do a restore (which you should regularly anyway). However, some reporting on what the backup is doing would be great. Even better, if that could be sent via email or integrated to something like Power Automate would be magic.

It would be good to know the size of the items being backup as you create the policy i.e. this OneDrive you selected is 500GB in size and is estimated to cost $X as a bonus.

I think it is good that the service is basic. That is really all you generally need for backup. Turn it on. Select what you want to backup, and away it goes. For now, I think all that is missing is some basic reporting around completions and data backed up.

I also like the ability to quickly pause the backup. This might allow me to set it up initially and run for a short period, pause and re-enable down the track. Not sure how much that really makes a difference versus just leaving it on, given this service is billed by storage, but I like that flexibility.

Clearly, Microsoft 365 backup is not as full featured as existing third party backup services, however my question is what value do they they really provide? Do all those bells and whistles third parties provide really necessary of utilised in any meaningful way? I kind of doubt it. The main thing is to set the backup up and then leave it do its thing. Aside from some basic reporting, do you really need more? Importantly, does more actually add to the value of the service or is it way to bloat the service to justify costs?

I’ll take a look at restoring data in an upcoming article, so stay tuned. Microsoft 365 Backup is still new and will develop overtime but I hope that it stays simple and adds some minor missing components, like basic reporting rather than trying to be everything to everyone.

Microsoft 365 Backup pricing

I recently detailed how to

Set up Microsoft 365 backup

I thought it was about time to take a look at the cost of Microsoft 365 Backup to see how it compares to other offerings.

The interesting thing is that billing is a little different from other third party solution. Microsoft 365 Backup is based on storage not on users. This makes direct comparison hard, so let me just focus on Microsoft 365 Backup is billed for now.

If you take a look at the Microsoft 365 Backup site you’ll see that at this point in time the service is billed at US$0.15 per GB per month. That is no matter what the data is whether, SharePoint, Exchange, OneDrive for Business. Data is data and the backup cost is per GB per month.

You’ll find this from Microsoft:

Pricing model for Microsoft 365 Backup (Preview)

in which you need to note:

there is also a Microsoft 365 Backup pricing spreadsheet here:

https://aka.ms/M365BackupCalculator

but bottom line is to add up all your data storage and multiple by US$0.15, right? Not so quick. Per the documentation:

The size of protected content is equal to the cumulative size of the mailboxes being protected plus the size of the SharePoint sites and OneDrive accounts being protected (that is, the size of the live OneDrive accounts and SharePoint sites as display in the live sites’ usage reports) plus the size of any deleted/versioned content held for restore during the protection period.

Let’s say that I have 1,024GB (1TB) of total data I wanted backed up across SharePoint, Exchange and ODFB. That is relatively easy to determine via the usage reporting tools in Microsoft 365. Where it becomes more challenging is determining the deleted data capacity.What exactly is that?

After some digging, in essence, deleted data is data that has been purged from the service. For example, deleted data is data that was backed up in the SharePoint Online recycle bin that has now expired the standard retention period of 93 days and is no longer in SharePoint Online. Thus, deleted data, is largely, data that no longer resides in the service but has been backed up inside the service at some stage. Ok, but how will I know what that is? That’s a challenge. I can’t find an easy way of determining that. Maybe we’ll see that soon in Microsoft 365 Backup as I think we need to have it, otherwise knowing the costs becomes challenging.

For now, let’s say that the deleted data is exactly the same as my source data inside the services currently being backed up. Thus, if I have 1TB of live data to be backed up, let’s assume the total amount being sent to Microsoft 365 Backup is 2TB. Thus, the cost of this would be:

2,048 GB x US$0.15 = US$307.20 per month

If I assume say 30 users in that tenant of that size then I get roughly US$10 per month per user. I’m taking this as the high end benchmark for SMB in terms of tenant size. I’m just trying to get an average benchmark price with these numbers. That figure is around US$10 per user per month for Microsoft 365 Backup (with plenty of assumptions I admit, but you got to start somewhere)

I appreciate this is all very subjective but upon first glimpse, but looking at a few example tenants around the place and doing the same sort of calculations, I found that, at the very least, Microsoft 365 Backup seems to be comparable to the pricing of third party products on a purely economic basis, which I found interesting.

Of course, price isn’t the only measure of product value and the more live and deleted data you have as well as the longer you retain that data the more expensive it becomes with Microsoft 365 Backup. However, interestingly, Microsoft 365 Backup is pretty cost effective for smaller environments, that is, typically those in SMB. The challenge is that most competitive products are a flat fee per month per user (like a Microsoft 365 Business Premium license is), whereas Microsoft 365 Backup is a consumption based (Azure) fee (i.e. you pay for what you use). That leads to variable costs which many people don’t favour. But, remember with Microsoft 365 Backup your overall backup cost could be much lower as well. It all depends on what you use.

It is still early days for Microsoft 365 Backup and I remind you that it is still in preview at the moment. I’ll take a look a feature comparisons to third party services in an upcoming article but I found it interesting that Microsoft 365 Backup has taken a different approach to pricing that could work well in SMB, but I’ll take a closer look at the feature set in an upcoming article and hopefully present a better picture of how you should be considering Microsoft 365 Backup.

For me, that fact that it generally seems to be price competitive in SMB environments is a plus (aka in the ballpark). Not definitive, I grant you to replace what might be in place with other solutions from third parties, but still it is a good start in the comparison journey.

I’ll have more to share soon on what I’ve found and how I believe Microsoft 365 Backup can work in SMB.

Set up Microsoft 365 backup

The first step you’ll need to take is to:

Enable Microsoft Syntex PAYG

this is how the Microsoft 365 backup service will be billed. That will be basically via Azure and you’ll only pay for what your need.

You’ll then have to go backup into the Use content AI with Microsoft Syntex area again, which is where you established the billing. Here you need to select Manage Microsoft Syntex as shown above.

A dialog will appear from the right. In the list that appears, select Backup as shown above.

Select the Turn on button at the bottom of the page.

You should see a warning, like shown above that Microsoft Backup is about to be enabled. Select Save to continue.

There will now be a confirmation that the Microsoft 365 Backup service is Turned on (enabled) as shown above. You’ll also notice the Turn off button at the bottom of the page if you wish to return and disable Microsoft 365 Backup.

If you select the link Go to Microsoft 365 Backup you’ll be taken to the area to actually operate the service which looks like:

You’ll see that you can also navigate to this area via the Microsoft 365 admin center | Settings | Microsoft 365 Backup options on the menu on the left as shown above.

Stay tuned for upcoming posts on running Microsoft 365 Backup and the costs associated.

Need to Know podcast–Episode 307

All the news and announcements from Microsoft Inspire plus Azure AD getting renamed to Entra as well as some recent security news you should be across. Lots in this episode so listen along and let me know what you think.

You can listen directly to this episode at:

https://ciaops.podbean.com/e/episode-307-news-from-inspire/

Subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send me any feedback or suggestions you may have for the show.

This episode was recorded using Microsoft Teams and produced with Camtasia 2023.

Brought to you by www.ciaopspatron.com

Resources

@directorcia

@directorcia@twit.social

Join my shared channel

CIAOPS merch store

Become a CIAOPS Patron

CIAOPS Blog

Microsoft inspire

Furthering our AI ambitions – Announcing Bing Chat Enterprise and Microsoft 365 Copilot pricing – The Official Microsoft Blog

Welcome to Microsoft Inspire 2023: Introducing Microsoft 365 Backup and Microsoft 365 Archive – Microsoft Community Hub

Microsoft Inspire: Accelerating AI transformation through partnership – The Official Microsoft Blog

Microsoft Inspire: Prepare for the future of security with AI | Microsoft Security Blog

Microsoft Sales Copilot, Dynamics 365 Customer Insights, and cloud migration reshape the future of business – Microsoft Dynamics 365 Blog

SMB security New innovations from Microsoft Inspire 2023

Introducing a new SharePoint Web UI kit! – Microsoft Community Hub

Security Copilot – How it works

Azure AD is Becoming Microsoft Entra ID – Microsoft Community Hub

Microsoft Entra Expands into Security Service Edge with Two New Offerings – Microsoft Community Hub

Get started with Global Secure Access (preview) | Microsoft Learn

How Microsoft is expanding cloud logging to give customers deeper security visibility | Microsoft Security Blog

Analysis of Storm-0558 techniques for unauthorized email access | Microsoft Security Blog

Compromised Microsoft Key: More Impactful Than We Thought | Wiz Blog

Need to Know podcast–Episode 271

I speak with a long time personality in the SMB space, Linus Chang who is probably best known for his Backup Assist product that provides backup and recovery for your data in the cloud and also on premises. Linus has a wealth of experience in the software development and Microsoft space, so listen in for some fascinating insights.

I also bring all the latest announcements in the Microsoft Cloud, hot off the presses from Microsoft Inspire. Lots of big announcements there as well, so listen in and don’t miss out.

This episode was recorded using Microsoft Teams and produced with Camtasia 2020.

Brought to you by www.ciaopspatron.com

Take a listen and let us know what you think – feedback@needtoknow.cloud

You can listen directly to this episode at:

https://ciaops.podbean.com/e/episode-271-linus-chang/

Subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show.

Resources

Linus Chang – Linkedin, BackupAssist