• Share on Twitter (opens new window)
  • Share on Reddit
  • Share on LinkedIn (opens new window)
  • Share on Whatsapp (opens new window)
  • Partners Pricing
  • Sign in
  •  

    Close
    • Products
    • Pricing
    • Partners
    • Support
    • About Afi
    • Blog
    Sign in
  • Platform

    Overview of Afi technology and next-generation architecture

SaaS Backup

  • — G Suite

  • — Office 365

  • Support ticket

    Submit a new support ticket or check the resolution of an existing ticket

  • Documentation

    Review product documentation in Afi Knowledge Base

About

Learn more and get in touch with us
  • Legal

  • Privacy Policy
  • Terms of Service
  • Social Networks

  • Twitter
  • Linkedin
  • Publications

From the blog

  • G Suite Backup Solutions Review
  • Restore G Suite Data with Native Google Tools
  • Using Scripts, Vault and Cloud Services to Backup G Suite

Using Microsoft 365 Retention Policies as Backup

By Alain Mann
Last updated on Feb 10, 2021
~7 min read•~1,800 words

At a Glance

  • Retention policies are integrated with standard M365 data protection & recovery tools (e.g. versioning) and help to prevent accidental deletions and keep data for required period of time
  • Unlike 3rd-party backup tools, retention policies help implement continuous data protection (where all data versions are captured), but they lack automated recovery features
  • Retention features are are part of the Compliance Center which is only available in senior E3/E5 plans that are >$7.5/month/user more expensive than Microsoft (Office) 365 Business plans.

Backup vendors promote the idea that Microsoft (Office) 365 compliance retention policies and other native tools are not viable backup options and organizations need third-party services to back up their Microsoft 365 data. Afi is a developer of Microsoft 365 backup service, but we do not share this view.

We believe that Microsoft Compliance Retention Policies are a powerful tool that has many advantages over third-party M365 backup services. They provide continuous data backup, unlimited data retention and provide 99.99% uptime (we’ll later discuss the argument about getting backup from the same vendor the provides the underlying service).

In this blog post we’ll discuss the main capabilities of Microsoft 365 retention policies, pros, cons and the cost of using compliance retention for Microsoft 365 backup. Check our other article if you want to learn more about native Microsoft 365 data recovery tools for SharePoint or for Teams data.

 1 

Do others use retention policies as backup?

Around 4% of organizations rely on Microsoft compliance retention policies to backup their Microsoft 365 data. This data is based on a survey of 102 of Microsoft 365 users conducted by Afi in Dec 2020 (the users don’t include Afi customers), showing results that are in line with with other similar surveys by Gartner1 and IDC2.

Retention policies as Microsoft 365 backup are approx. 10x less popular than native tools; E3/E5 subscriptions that include compliance retention account for 16% of the installed base.
Retention policies data locations

The survey also shows that the standard Microsoft 365 data protection capabilities is the primary backup tool for 44% of customers, meaning that organizations are 10x+ times more likely to rely on standard recovery than on compliance retention policies.

The main reason for the low adoption of retention policies is not the lack of features. Coupled with the standard M365 data protection the compliance retention obviously provide far more complete protection than the standard recovery tools alone.

The compliance retention policies are simply unavailable for most M365 customers. They are only included in the most senior E3 and E5 Microsoft 365 plans that account for 16% of Microsoft 365 seats in customer accounts. And even the organizations that have E3 and E5 licenses may not have them for all users (using cheaper plans for non-office, non-exec or frontline workers).

If you use a Microsoft 365 business plan ($12.5-$20 depending on the plan) and want to upgrade to E3/E5, your price will increase by $7.5/month/user or more. See section 4 for more details on retention policies’ cost.

 2 

How Microsoft 365 Retention Policies Work

You can enable retention for most Microsoft 365 applications and their data types. Once a retention policy is on, it makes sure that the existing items (at the moment when the retention policy is created) and all new data remain in Microsoft 365 for a prescribed period of time.

If users or admins delete data, the retention policy will remove it from Microsoft 365 applications, but the items will still be accessible & searchable using Compliance eDiscovery and in the Preservation library.

The scope of Microsoft 365 retention policies
SharePoint and OneDrive
  • Versions are retained for libraries where it's enabled
  • Folder structures can be recovered from eDiscovery
  • Site looks/themes and related settings not retained
  • SharePoint memebership permissions are not preserved
  • Sharing and access permissions aren't preserved
Exchange online
  • Messages (drafts, in-place archive) & attachments retained
  • Entire mailbox (sub)folder structures is preserved
  • Teams messages captured sent by user are retained
  • Site looks/themes and related settings not retained
  • Calendar items and tasks with no end date are not retained
Teams
  • Chats and channel (private/public) messages are retained
  • Message attachments aren't retained by default (you need to separately enable retention for SharePoint & user OneDrives)
Groups & other

You can enable retention policies for MS Groups, but they'll only retain SharePoint data linked to the groups. No user membership, permissions & other metadata is backed up by retention policies.

Exchange Online

The retention policies preserve all email messages, including unsent drafts, messages moved to the trash bin, messages stored in the Archived folder as well as in the in-place archive.

Exchange data can be exported in a PST file or a set of individual messages using the eDiscovery admin interface. Administrators with eDiscovery permissions can also access deleted messages in Recoverable Items Exchanage folder.

Exchange online eDiscovery export options
Exchnage Online export options

Although Microsoft recommends enabling a separate retention policy to capture Teams data, the policy we enabled for Exchange mailboxes also captured a system folder TeamsMessagesData with all Teams channel and individual messages that the Exchange users sent (though not the messages they received).

Exchange online eDiscovery PST export (TeamsMessagesData captures Teams messages).
Exchnage Online export results
SharePoint Online and OneDrive

Compliance retention helps retain files and list items and their versions. The versions are retained only if the versioning is enabled for the library/OneDrive.

The items can be exported offline in their original folder structure. If there is more than one version of a file (list), all of them will be exported (old versions will have "_vX" added to them where X is the version number).

SharePoint online export folder.
SharePoint Online export results
How Standard Versioning Works With Retention

Retention policies are often described to retain all document/item versions created, but this is not 100% correct.

The retention policies rely on the standard SharePoint & OneDrive versioning mechanism to retain versions. Retention policies retain versions only if the standard versioning is enabled. By default, the versioning is turned on for Document Libraries and OneDrives and the number of retained versions is set to 500. No versions are retained for other data types (lists, web pages, etc) by default.

The standard versioning is available in all Microsoft 365 plans, but when it is used without the retention policies it is significantly limited by the fact that users can accidentally or intentionally delete file versions. When you enable the compliance retention you overcome this limitation as Microsoft 365 will not allow to delete versions while a relevant retention policy is on for the data (see Deletion flow for details on what happens to versions if you delete an entire file).

You can disable or enable versioning for each document library and list (one by one) when you create it or later. The settings allow to retain up to 50,000 versions for documents and lists. Admins can also disable versioning entirely (this is the default setting for lists).

 4 

Cost of Retention Policies

Retained data and versions do count towards your Microsoft 365 storage quota making it an important component of cost of using compliance retention as a backup option.

In our experience the additional storage consumption associated is most relevant for SharePoint and OneDrive data:

  • OneDrive for Business storage is in theory unlimited in E3/E5 subscription plans. Once your users exceed 1TB you can request Microsoft support to increase/remove the limit. However, you cannot increase the limit for all users at once and instead have to address each user’s limit each time he/she reaches it in stages, following the Microsoft process which takes time if you have many users
  • The total SharePoint limit (pooled across all SharePoint sites in your Microsoft 365 tenant) is set at 1TB + 10GB x number of M365 users in your tenant. Whenever you exceed the limit, you need delete data or purchase additional storage priced at $200/month/TB (when paid annually), or $250/month/TB (when paid monthly).

Storage limits are less relevant for Exchange online because E3/E5 plans include unlimited auto-expanding archiving and for Teams because most of Teams data is stored on SharePoint sites and user OneDrives.

How Much additional storage Retention generates in 1 year

Let's estimate the average storage requirements for using retention policies as a backup with 1 year history.

  • In the example below the domain has 1,000 users and 6TB of data across all SharePoints (6 GB of SharePoint storage per user is the global average across all our customers)
  • 1-year versioning is estimated to add +90% to the total storage (the assumptions related to the change rate and avg. number of versions per year are based on those metrics amount Afi customers)
  • Retained deleted data will add 10% of storage
  • As a result, the total storage will grow from 6TB to 12TB due to 1-year retention & versioning, slightly exceeding Microsoft 365 licensing limit (11TB).

Neglecting the small storage overage, 1-year retention only additional cost the user licenses upgrade. The incremental cost will depend on your current plan. If you have Business Premium licenses ($20/user/month), then the incremental cost to upgrage to E3 ($32/user/month) will be $12/user/month.

Additional SharePoint online storage estimation for 1 year retention and 1,000 of users
Total Cost of Microsoft 365 Retention Policies
The cost of retention policies as backup?

Most organizations require 3+ years retention for backups. If you extend the retention policies period to 3 years, then the additional storage in example above will grow to approx. 24TB (using the same assumptions):

  • the 24TB total storage will exceed Microsoft licensing limit by 13TB
  • to accommodate the overage you can to purchase storage capacity
  • Microsoft offers additional storage in chunks of 1TB priced at $200/month
  • the total cost of additional storage will thus be $2,600/month (=$200*13TB)
  • this translates into $2/user/month (based on 1,000 users in our example).

If you combine the $2/user/month in storage costs with the incremental price of E3 licenses ($12/user or more), then the total cost of using retention policies is $14/user/month. This is significantly more expensive than the price of third-party backup solutions (typically $1.5-5/user/month, depending on solution).

At the same time, if you already have Microsoft 365 E3 licenses then the incremental $2/user/month cost of storage is very close to the cost of a third party backup solution.

 5 

Backup & Recovery with Retention Policies

You can enable retention policies for the users that have E3/E5 licenses using the following steps:

  1. Go to http://compliance.microsoft.com/ -> Policies -> Retention
  2. Create a new policy and select the type of resources (or individual SharePoints/users/Teams that you’d like to apply it to
Retention policies data locations

It may take up to a few hours for the policy to take effect. Once it is applied, the data will follow the retention cadence you specified in the policy and you can use the eDiscovery module to export it offline. If you need to recover data back to Microsoft 365, you will have to first download it offline and then upload it manually to the SharePoint/Exchange/OneDrive resources.

Check Microsoft documentation for detailed steps on how to enable and customize compliance retention policies.


All product names are trademarks or registered trademarks of their respective holders; use of them does not imply any affiliation with or endorsement by them.


Afi Provides Complete Office 365 Backup

Download datasheet Start free trial now
Related stories

O365 Backup Tools Comparison

Microsoft Teams Backup Options

Ready to try Afi? It only takes 1 min.

Start free trial
© Afi
Email Us
Terms
Privacy