In this blog post we review SharePoint online backup options, including:
- standard (built-in) Microsoft (Office) 365 recovery capabilities;
- MS Compliance Center retention policies (avilable in E3 and E5 plans);
- third-party SharePoint Online backup tools.
We'll compare the protection level you can acheive using only the standard MS365 tools versus compliance retention and 3rd-party backup tools.
Standard SharePoint Data Protection
The built-in SharePoint data protection includes two capabilities, the post-deletion retention and versioning.
The standard post-deletion retention is a workflow that keeps all files and entire SharePoint sites for a limited period of time (93 days in most cases) after they are deleted, enabling administrators to recover the data during this time. The default retention settings cannot be changed or configured and we'll review how they work below.
The standard versioning mechanism retains some (not all) of the versions of SharePoint items. It is available for both native M365 data types (SharePoint webpages, lists, Word, Excel, PowerPoint and other MS documents) as well as other (non MS) data items. A new version is created every time a new file with the same name is (re)uploaded to SharePoint or if the item is edited within MS365 and saved. When you edit
|Data Type||Versioning||Post-deletion retention|
|Document libraries||500 versions retained by default; can be increased to maximum 50,000 versions||93 days in first stage recycle bin + second stage recycle bin|
|Page libraries||No versioning by default; can be increased to maximum 50,000 versions|
|Power Apps data files||No versioning by default, can be enabled only for some apps|
|All non-native files||No versioning is available|
(settings, branding, views)
SharePoint site owners can configure versioning for most data locations (see instructions in the next section).
The post-deletion retention settings cannot be changed, with all data types (native as well as external) retained for 93 days after they are first deleted.
SharePoint supports versioning for native O365 formats; all deleted data (native & external formats) retained for 93 days
Let's look at the versioning settings for different SharePoint data locations/types (post deletion retention is the same 93 days for all data):
Document libraries (also called Files in Microsoft UI) typically store most of the SharePoint site data. One site can include multiple Document libraries which are essentially the site’s top level directories that contain files and sub-directories.
By default, site Document libraries are configured to keep the last 500 document versions (the limit can be increased to 50,000 at maximum).
Page libraries are site directories – similarly to Document libraries – that contain aspx page files. SharePoint interprets the files stored in Page libraries as web pages and enables to access & interact with them online.
The versioning is disabled by default, but can be enabled.
SharePoint lists are simple databases that can store data tables. They can be linked to Excel files, used in Power Apps (see below) or used as stand-alone data sources.
Similarly to Page libraries, the versioning can be enabled for Lists by site owners.
Power Apps data
Most Power Apps, when added to a site, store their data in Document libraries and Lists. However, some Power Apps create custom data locations (Surveys app creates a Survey data location, Pictures app creates a Pictures library).
Versioning can be enabled for most Power Apps data, except for Surveys and Shared mailboxes.
SharePoint sites can include subsites (=full-fledged sites within a SharePoint site).
Data within subsites follows a similar retention & versioning cadence as documents, lists and pages in the “parent” site (versioning can be configured for most data types, deleted items stay in trash bin for 93 days).
Site settings, Groups & linked data
SharePoint sites have MS Groups linked to them when a new site is created by default. A Group is a record in Azure Active directory that allows a group of O365 users to access resources & services.
When an entire site/subsite is deleted, it goes to the Second stage recycle bin (skipping the First stage recycle bin). It stays there for 93 days and can only be restored by the site administrators.
Built-in Recovery as A Backup Option
As discussed above, SharePoint versioning (for native Microsoft files) together with 93 days post-delection retention constitute the built-in SharePoint data protection capabilities.
What's very convinitient and important is that the versioning is available in all Office 365 plans and is embedded in the native Microsoft interface making it easy to use. Site owners can configure detailed settings, such as the number of retained versions (limited to 50,000) and the content approval workflow.
The main drawback of the MS365 versioning capabilities is that it is only available for native data formats. The versions can also be deleted by SharePoint users (intentionally or unintentionally) leading to data loss. File versions can also be lost to (overwritten by) ransomware and other types of cyber attacks.
Finally, each retained file version consumes your storage quota. If the versioning is configured to keep 1,000 last versions then the storage consumption will go up 1,000 times for native files (there are no increments, each file version is a “full” snapshot of a file).
How to configure versioning
- Go to library/list settings
- Set the number of versions you’d like to retain.
The retention period for deleted items is always set to 93 days and cannot be configured.
Using Compliance Retention for SharePoint Backup
Office 365 Compliance Center enables to configure retention policies that will keep versions of SharePoint items for all or specified sites.
Once the compliance retention policies are configured, they retain all newly uploaded and modified items (the retention does not occur when an item is deleted, but when it is created or edited).
Administrators can search the retained data and download it. with no option to automatically restore data back to SharePoint online. The compliance retention policies only retain files and pages, without the directory structure.
Pros and Cons
The compliances retention capabilities are included in the E3 and more senior plans. However they may be hard to use as a permanent SharePoint backup and recovery option.
The search and export operations sometimes take hours and sometimes days to complete. It took us approx. 8 hours to run a content search for a single SharePoint site, as the search either returned no results or completed with an error.
Once the search operation executed successfully and returned results, it took us a few hours to download them (each export attempt took approx. 1 hour and more often finished with an error than not).
How to Enable Compliance Retention & Use them to Recover
To configure retention and recover lost items:
- Go to http://compliance.microsoft.com/ -> Policies -> Retention
- Create a policy and select the SharePoint sites you’d like to apply it to (make sure you paste Site URLs, not their names)
It may take up to 30 minutes for the policy to take effect. After it is succesfully applied all files uploaded to SharePoint sites (or new versions created) will be retained by the policy.
To recover the retained items administrators need to use the Office 365 search & export capabilities. The items can be downloaded offline in zip folders (with the directory structure preserved).
Check our other blog post about Microsoft Compliance retention policies to learn more.
Third-party Backup Tools
AvePoint provides one of the most complete SharePoint backup options compared to other players. It enables backup and restore of pages and OneNote notebooks (most other solutions can backup these data types, but cannot restore them correctly back to SharePoint).
AvePoint also support Classic site pages, workflows and site permissions. At the same time, it does not have the offline export capabilities and has slower performance & reliability compared to other solutions.
|Classic Site Pages|
|Restore to another site|
To learn more about AvePoint and other Office 365 backup tools check our other blog post.
SharePoint online backup with Afi
Afi Office 365 backup provides full support for SharePoint sites backup. Most significant differences from legacy solutions include:
- the only solution providing full backup and recovery of Classic site pages
- the only metada backup permissions, created by create date
- non-destructive as well as in-place restore restore
- groups navigation
- Lists web pages best support
- Admin permission settings and self-service recovery portal
To backup all or selected SharePoint sites in Afi:
- Head to Protection Management screen the sites you want to protect. Use Sites subgroup if you want to select all sites in your domain
- Assign a protection level to SharePoint sites. Enable the auto-protection option if you want to automatically backup all newly created SharePoint sites.
In addition to protecting existing SharePoint sites administrators can configure Afi to auto-protect all newly created SharePoint sites (standalone, as well as Team/Group sites).
In case an entire SharePoint site is deleted from Office 365, its backup will remain in Afi and will be available for search, preview, download and restore to another site.
All product names are trademarks or registered trademarks of their respective holders; use of them does not imply any affiliation with or endorsement by them.