Office 365 Backup and Recovery Policy: A Guide for Admins

Microsoft Office has over 180 million users. Imagine the amount of data. Obviously, Microsoft cannot store all of it forever.

That’s why there is Office 365 backup and recovery policy. The policy determines the conditions under which your data can be restored.

Overall, Microsoft guarantees the protection from failures in Microsoft system or hardware. However, it is your responsibility to protect your files from human error, cyberattacks, malware, and internal malicious actions.

Let’s have a look at where Microsoft’s responsibilities regarding backup and recovery end.

Office 365 Backup Policy

Microsoft recovery tools can help you restore your emails, yet they are quite different from a backup. Microsoft is not a backup provider. On the contrary, Microsoft recommends that you backup your O365 data. Take a look at this extract from the Service Agreement.

Here, Microsoft recommends to back up your O365 data:

We strive to keep the Services up and running; however, all online services suffer occasional disruptions and outages, and Microsoft is not liable for any disruption or loss you may suffer as a result. In the event of an outage, you may not be able to retrieve Your Content or Data that you’ve stored. We recommend that you regularly back up Your Content and Data that you store on the Services or store using Third-Party Apps and Services.

Office 365 Recovery

Microsoft allows you to restore your items if there were deleted. In that case, an item is moved to the Deleted Items folder. If deleted from that folder, an item is moved to the Recoverable Items folder.

Recovery from Deleted Items or Recoverable Items is a common way to get your files back. For an Admin, there is another option for Office 365 data recovery via In-Place eDiscovery & Hold.

However, there is one important thing: your files are only kept for a specific amount of time called retention. Understanding the retention policy is vital for restoring your data.

Data Retention Policy

Microsoft has data retention, deletion, and destruction policy. The policy describes the time your data is retained after it was deleted. There are two terms describing the data deletion. Active deletion (deleted by users/admins) and passive deletion (the subscription ends).

According to the policy, your customer data is divided into three groups:

  1. Customer Content (your emails, PowerPoint presentation, passwords, etc.). In the case of active deletion, this data is stored for up to 30 days.
  2. End User Identifiable Information (your identification, like In the case of active deletion, this data is stored for up to 180 days.
  3. End User Pseudonymous Identifiers (for example, GUIDs). In the case of active deletion, this data is stored for up to 30 days.

In the case of passive deletion, the data is kept no longer than 180 days.

Content Retention Policy

Content retention policy determines the amount of time within which you can recover your items. You can create and manage retention policies for your organization in Office 365 Security & Compliance Center, including the Outlook retention policy.

How does retention work? If users edit or delete content, a copy is retained in the Recoverable Items folder. For SharePoint site collections, a copy of the original content is retained in the Preservation Hold library.

After you assign a retention policy to a mailbox or public folder, your items may follow one of two paths:

  1. If the item is modified or deleted from the Deleted Items folder during the retention period, the item goes to the Recoverable Items folder. By default, items from this folder are deleted after 14 days (configurable up to 30 days).
  2. If the item is not modified or deleted during the retention period, they will be deleted within up to 30 days after the end of the retention policy.

After you assign a retention policy to a OneDrive account or SharePoint site, your items may follow one of two paths:

  1. If the content is modified or deleted during the retention period, a copy of the original content is created in the Preservation Hold library. After the retention time runs out, the items are moved to the second-stage Recycle Bin, where they are kept for 93 days and then deleted.
  2. If the content is not modified or deleted during the retention period, it’s moved to the first-stage Recycle Bin. If you delete or purge your items from there, they will go to the second-stage Recycle Bin. Anyway, at the end of 93 days, the document is permanently deleted, no matter in which bin it is.

Litigation Hold

Litigation Hold helps the O365 users restore data if needed for legal and compliance purposes. All items in a mailbox, placed on Litigation Hold, are preserved until the hold duration ends.

The usual way for a deleted item is: Deleted Items folder => Recoverable Items folder => Purge/Retention expiry => Purges subfolder (from where the item is deleted forever).

Litigation Hold allows keeping your items in the Purges subfolder for a specified time. When the hold duration expires, the item will be marked for permanent deletion.

An Admin can configure the Hold’s time, up to setting up the indefinite hold. In this case, items are kept until the hold is removed.

Litigation Hold preserves items in the Recoverable Items folder, which has a 30 GB default size. That’s why the size of the Recoverable Items folder may increase quickly, so Microsoft recommends to monitor mailboxes on Litigation Hold on a weekly basis to ensure they don’t reach the limits of the Recoverable Items quotas.

To put it simply, Litigation Hold helps to extend the time to restore the items. Though there are some limitations in functionality (we’ll take a look at them later).

Why Office 365 Native Recovery Tools are Not Enough?

Though O365 content is retained and can be recovered, there is a time limit.

  • The Recoverable Items folder contains information for up to 30 days, depending on your retention settings. After that, the data is purged.
  • Your OneDrive or SharePoint data can be recovered even if placed in the second-stage Recycle Bin, where the data is kept for 93 days. Remember, that Recycle Bin is not indexed. Therefore, searches do not find content there and you have to find it manually.

There is another way Microsoft offers you to preserve the data – Litigation Hold. Only an admin can use this option. Despite the fact the Hold provides you with indefinite retention, it’s still not a perfect option. Litigation Hold can save a copy of your file, but it is not a backup.

Litigation Hold has several drawbacks:

  • Litigation Hold protects only one version of your file. Should you make any changes – they will not be automatically added to the version on hold.
  • Placing on the Hold is a manual process. Placing multiple mailboxes on hold is time-consuming. Taking into account you need to constantly update the versions, it becomes nearly impossible.
  • The data on Litigation Hold is stored in the same Office 365 cloud as other data. In case the data is compromised (for example, if an admin’s account got hacked), litigation data may be gone as well.
  • The data from the Hold is restored to In-Place eDiscovery. You can download it in the PST format, yet the folder hierarchy may be disrupted.

If Office 365 Doesn’t Back Up Your Data, What Does?

Office 365 retention is limited; that’s why your data is not completely secure. Litigation Hold allows indefinite retention. Yet, as we’ve mentioned above, this tool is far from perfect.

A third-party backup is a solution you need. Only with backup tools, like Spinbackup, you can keep your O365 data secure.

  • Backup tools have an option of indefinite data storage.
  • Backup services keep many versions of one and the same document.
  • An automated backup saves your time and ensures the data is protected.
  • Backup providers store your data in secure cloud storage.
  • Backup tools preserve the folder hierarchy.

Get Reliable Backup & Recovery with Spinbackup

Spinbackup is Office 365 backup solution that offers backup options you won’t find in Office 365. You can sign up for Spinbackup’s free 15-day trial to ensure your files are backed up and stored safely.

By default, Spinbackup’s retention policy is unlimited. Also, you can configure the retention policy according to your needs.

Apart from unlimited retention options, Spinbackup has other advanced features:

  • Backup for Outlook and Onedrive items, including Calendars and Contacts.
  • Up to 3 automated daily backups.
  • Point-in-time data restore, meaning you choose the version to recover.
  • Cloud-to-cloud backup to ensure that your source and backup data are kept separately. Your Office 365 backup data will be stored in the cloud of your choice (Amazon AWS or Google’s GCP).
  • You have the same folder hierarchy of restored data as in your original files so you can restore your items exactly to the folders they were deleted from.
  • User-friendly search and report options.
This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy. We won't track your information when you visit our site. But in order to comply with your preferences, we'll have to use just one tiny cookie so that you're not asked to make this choice again.Learn more about our use of cookies.