In the last two articles in this series, I’ve pointed out some of the flaws in the arguments put forward by backup vendors for why you’ll back up Microsoft 365. There’s actually a good reason for using a backup product that they don’t often suggest, and it is the one that actually matters most on a day-to-day basis. The simplicity of individual item restoration. Granted, many backup vendors have a pretty poor interface compared to the Microsoft 365 portals, so they might not want to emphasize this and build up your hopes, for them to be dashed. But, in theory, it is the area where the backup vendors who actually know Microsoft 365 provide useful products. I’m getting a little ahead of myself here, though, because I haven’t walked you through what restoring data looks like in Microsoft 365 – so, let us begin.
Sponsored Post Links: Afi.ai provides a modern solution for backing up Office 365 (and Google Workspace too!) including full Teams support, SharePoint and OneDrive file metadata and sharing permissions, and many other advanced and modern features.
There’s a load of portals inside portals for almost everything inside Microsoft 365 – so many that to visualize it would be like watching Marvel’s Doctor Strange. But despite having so many portals and admin centers, there’s not one for performing restoration of data. If you are an old hand at Microsoft 365, then this makes total sense. Configuration for retention policies, for example, isn’t equivalent to “backup”, but forms a part of keeping the files, but is not the one-stop-shop to configure everything for ensuring data is kept; and those with deep Microsoft 365 knowledge will understand that each service is different and have different capabilities. Plus, in many enterprises, different teams will manage data in SharePoint, versus data stored in Exchange, for example. For folks new to Microsoft 365 though, this makes very little sense. Why wouldn’t there be a portal or backup and restore center that is used to apply equivalent settings (which in turn, configure retention, and per-service settings) and why isn’t there an interface that can be used to search for data, and then orchestrate the restoration of that data to its original location? If you’ve not yet hit that realization then keep reading.
In the most favorable light possible, you could describe Exchange Server as a product that has included self-service restore for many years. It is still there and works much as it always has.
However, if you were to ask someone who accidentally deleted a few folders full of emails how much fun they had restoring everything back to how it was prior to their mistake, the thousand-yard stare will tell you all you need to know about how well it works. To give credit where credit is due, the self-service restore capability has improved over the years – and now restores items back to the original folder, which is a big improvement, and although that capability is best used via Outlook on the Web, when you visit, you’ll find the interface for restore has had an extensive overhaul. The most useful improvement that you might not have seen can be found in the new Exchange Admin Center, which became GA just a few weeks ago. For each mailbox, you’ll find the capability to recover deleted items on behalf of the user:
The thing about email is that it’s rare you edit an email and have to revert back to a previous version or look at the different revisions of an email to work out what happened. With content in SharePoint and OneDrive, reverting back to an older version, or checking who did what is not an unusual problem. By default, versioning in SharePoint and OneDrive makes it easy to flip back to an older version, with AutoSave functionality regularly creating a new version (like an in-progress backup).
I won’t show it here – but users also find the Recycle Bin functionality in OneDrive as well, so if it’s an accidental deletion, they can use the recycle bin functionality in much the same way as the Windows equivalent. Keeping with self-service features both OneDrive and SharePoint have a feature that’s best described as a cloud-based equivalent to Apple’s time machine, and whilst it isn’t perfect, it’s pretty good. This allows you (either as the admin) to go to the Settings cog in either a OneDrive site, or a SharePoint site collection (e.g. the Files in your Team) and then choose to restore all the files back to a previous time.
We saw that it’s possible to restore items as both an admin or an end-user. The challenge though is that the limits are not consistent. Exchange, by default, keeps items after they’ve been removed from the Deleted Items folder for 14 days, with the option, as an admin to extend this to 30 days. After this, they are either gone – or not gone (see below..) SharePoint and OneDrive versions won’t be removed, unless you’ve configured policies that say otherwise; but once you delete the files, they will only stay in the Recycle Bin of the site for 96 days. After this – they might still be around (see below…) or they might be permanently deleted. To confuse matters even more, once permanently deleted from SharePoint, you get another 14 days to potentially ask Microsoft to restore data from their backups on your behalf.
Retention Policies, configured in the Compliance Center, negate the limits stated above for how long data is stored after deletion in the service. Fundamentally retention policies are not a backup but do serve a similar purpose, much in the same way an email continuity service is also used as a journal for email. For Exchange, the Retention Policies configured in the Compliance Center serve a similar function the Legal Hold and In-Place Hold features, and keep the data for at least however long is specified – either in place in the Mailbox, or if permanently deleted by the user, hidden within the Recoverable Items Folder. In SharePoint and OneDrive, a different location, the Preservation Hold library is used. To find and restore that data, we then need to use functionality in Microsoft 365 in a way it wasn’t strictly designed for – eDiscovery capabilities. This functionality does allow us to search across either all content or specific Mailboxes, SharePoint Sites, and User OneDrive locations:
We can also specify particular conditions – such as the sender of a deleted email and a timeframe for when it was received. However, while Microsoft does state that this is a valid way of recovering data, it is important to remember that this is designed for finding data in response to something such as an investigation. That’s why, when using this UI, you are presented with the ability to export rather than restore data. It is designed for legal and compliance teams performing investigations not restores.
In the next part of the series, I’ll cover how to use PowerShell to make this process more streamlined, if not easier. Hopefully, you’ll have a better understanding of the fairly extensive capabilities we have for restoring data – but also how this can be extremely confusing if you are new to Microsoft 365.