In this blog post we review SharePoint online backup options, including:
- standard recovery capabilities built into Microsoft (Office) 365;
- MS Compliance Center retention policies (avilable in E3+ plans);
- the most popular third-party SharePoint Online backup tools.
Standard Microsoft 365 Recovery
The standard SharePoint recovery capabilities include two components – the post-deletion retention and versioning. Both are available in all Microsoft 365 plans and are enabled by default.
See the short overview of the two options in the table below. Check the next two sections for more details.
|SharePoint Data Type||Standard Versioning||Standard Post-deletion Retention|
|Document libraries||500 versions retained by default; can be increased to maximum 50,000 versions||93 days
in first stage recycle bin + second stage recycle bin
|Page libraries||Disabled by default, but can be enabled (maximum 50,000 versions)|
|Power Apps data files||Disabled by default, but can be enabled for some apps|
(settings, branding, views)
|No (versioning is unavailable)|
The compliance policies are included in premium Microsoft 365 subscriptions. It is a powerful tool, enabling administrators to capture & backup almost (see the limitations in section 4) all versions of SharePoint items.
The primary purpose of the compliance retention is archiving and e-discovery. That is why the tool does not provide automated recovery options. To recover lost data administrators need to download it first and the manually upload it to SharePoint online.
Third party backup tools use Microsoft APIs to pull a copy of your data and store it on a secondary storage (locally or in the cloud).
While Afi itself develops a backup solution for Microsoft 365, we belive that for many organizations the standard Microsoft 365 recovery tools or compliance retention may be sufficient.
All 3rd party services have limitations imposed by MS APIs (such as limited backup frequency and supported data types). And if you decide to use a third-party solution, you need to understand their limitations.
Standard Post-deletion Retention
The standard post-deletion retention is a mechanism that keeps deleted items and entire SharePoint sites for some time (from 30 to 93 days) before removing them irrversably. This enables Microsoft 365 administrators to recover items within the retention window.
When a user deletes items from SharePoint sites, they are moved to the first-stage recycle bin (=user facing recycle bin) and are kept there for 93 days. After that time the items are deleted permanently and cannot be restored.
If a user deletes items from the first-stage recycle bin, or if an administrator deletes items from a SharePoint site, then they are moved to the second-stage recycle bin (=Administrator recycle bin) and are kept there for 30 days. After this period they are deleted forever.
The default retention settings cannot be changed or configured.
Data within subsites follows a similar retention & versioning cadence as documents, lists and pages in the “parent” site (versioning can be configured for most data types, deleted items stay in trash bin for 93 days).
When an entire site/subsite is deleted, it goes to the Second stage recycle bin (=Administrator recycle bin). It stays there for 93 days and can only be restored by the site administrators.
The standard versioning mechanism retains some (not all) items' versions that are created and uploaded to SharePoint online. The mechanism works for both native Microsoft 365 data items (SharePoint webpages, lists, Word, Excel, PowerPoint and other MS documents) as well as other (non MS) data.
A new version is created every time a new file with the same name is (re)uploaded to SharePoint.
Versions are also created and retained when users edit (in collaboration or separately) native Microsoft data formats (e.g. xlsx or docx). Not every edit creates a new version for the native MS files. Microsoft declares that new versions are created periodically which, based on our experience, means every ~30 minutes. Therefore, if users want to make sure a new version is created, they should close and reopen the file.
SharePoint site owners can configure versioning for most data locations. Let's look at the versioning settings for different SharePoint data locations/types:
Document libraries contain files and sub-directories. They keep the last 500 document versions by default and the limit can be increased to 50,000.
Page libraries contain web page files. The versioning is disabled for page libraries by default, but it can be enabled to retain up to 50,000 versions.
SharePoint lists are simple databases that can store data tables. They can be linked to Excel files and used in Power Apps.
Most Power Apps, when added to a site, store their data in Document libraries and Lists. The versioning can be enabled for most Power Apps data, except for Surveys and Shared mailboxes.
What's very convinitient and important is that the versioning is available in all Office 365 plans and is embedded in the native Microsoft interface making it easy to use. Site owners can configure detailed settings, such as the number of retained versions (limited to 50,000) and the content approval workflow.
The main drawback of the MS365 versioning capabilities is that the versions can be deleted by SharePoint users (intentionally or unintentionally) leading to data loss.
Finally, each retained file version consumes your storage quota. If the versioning is configured to keep 1,000 last versions then the storage consumption will go up 1,000 times for native files (there are no increments, each file version is a “full” snapshot of a file).
How to configure versioning
- Go to library/list settings
- Set the number of versions you’d like to retain.
The retention period for deleted items is always set to 93 days and cannot be configured.
Compliance Retention Policies
Office 365 Compliance Center enables to configure retention policies that will keep versions of SharePoint items for all or specified sites.
Once the compliance retention policies are configured, they retain all newly uploaded and modified items (the retention does not occur when an item is deleted, but when it is created or edited).
Administrators can search the retained data and download it. with no option to automatically restore data back to SharePoint online. The compliance retention policies only retain files and pages, without the directory structure.
Pros and Cons
The compliances retention capabilities are included in the E3 and more senior plans. However they may be hard to use as a permanent SharePoint backup and recovery option.
The search and export operations sometimes take hours and sometimes days to complete. It took us approx. 8 hours to run a content search for a single SharePoint site, as the search either returned no results or completed with an error.
Once the search operation executed successfully and returned results, it took us a few hours to download them (each export attempt took approx. 1 hour and more often finished with an error than not).
How to Enable Compliance Retention & Use them to Recover
To configure retention and recover lost items:
- Go to http://compliance.microsoft.com/ -> Policies -> Retention
- Create a policy and select the SharePoint sites you’d like to apply it to (make sure you paste Site URLs, not their names)
It may take up to 30 minutes for the policy to take effect. After it is succesfully applied all files uploaded to SharePoint sites (or new versions created) will be retained by the policy.
To recover the retained items administrators need to use the Office 365 search & export capabilities. The items can be downloaded offline in zip folders (with the directory structure preserved).
Check our other blog post about Microsoft Compliance retention policies to learn more.
Third-party Backup Tools
AvePoint provides one of the most complete SharePoint backup options compared to other players. It enables backup and restore of pages and OneNote notebooks (most other solutions can backup these data types, but cannot restore them correctly back to SharePoint).
AvePoint also support Classic site pages, workflows and site permissions. At the same time, it does not have the offline export capabilities and has slower performance & reliability compared to other solutions.
|Classic Site Pages|
|Restore to another site|
To learn more about AvePoint and other Office 365 backup tools check our other blog post.
SharePoint online backup with Afi
Afi Office 365 backup provides full support for SharePoint sites backup. Most significant differences from legacy solutions include:
- the only solution providing full backup and recovery of Classic site pages
- the only metada backup permissions, created by create date
- non-destructive as well as in-place restore restore
- groups navigation
- Lists web pages best support
- Admin permission settings and self-service recovery portal
To backup all or selected SharePoint sites in Afi:
- Head to Protection Management screen the sites you want to protect. Use Sites subgroup if you want to select all sites in your domain
- Assign a protection level to SharePoint sites. Enable the auto-protection option if you want to automatically backup all newly created SharePoint sites.
In addition to protecting existing SharePoint sites administrators can configure Afi to auto-protect all newly created SharePoint sites (standalone, as well as Team/Group sites).
In case an entire SharePoint site is deleted from Office 365, its backup will remain in Afi and will be available for search, preview, download and restore to another site.
All product names are trademarks or registered trademarks of their respective holders; use of them does not imply any affiliation with or endorsement by them.