In this blog post we'll review SharePoint online backup options, including:
The standard SharePoint recovery capabilities include two components – the post-deletion retention and versioning. Both are available in all Microsoft 365 plans and are enabled by default.
| SharePoint Data Type | Standard Versioning | Standard Post-deletion Retention |
|---|---|---|
| Document libraries | 500 versions retained by default; can be increased to maximum 50,000 versions | 93 days in first stage recycle bin + second stage recycle bin |
| Page libraries | Disabled by default, but can be enabled (maximum 50,000 versions) | |
| SharePoint lists | ||
| Power Apps data files | Disabled by default, but can be enabled for some apps | |
| Sites/subsites metadata (settings, branding, views) |
No (versioning is unavailable) |
The standard versioning lets you keep up to 50,000 last versions of most SharePoint items and the post-deletion retention helps you recover data within 93 days after it was deleted.
Jump to section 1 and section 2 of this article for more details about the two options.
The compliance retention capabilities are included in premium Microsoft 365 subscriptions. They are a powerful tool enabling administrators to capture & backup almost all versions of SharePoint data.
The primary purpose of the compliance retention is archiving and e-discovery for litigation & compliance purposes. The compliance retention policies enable admins to search & export the data offline, but have no automated data recovery capabilities back to Microsoft 365 (because those are not required in archiving & e-discovery).
Therefore, the main limitation of this tool is the absence of automated recovery options. To recover lost data administrators need to download it offline, and then manually upload it back to SharePoint online. See section 3 of this review for more details.
Third party backup tools use Microsoft APIs to pull a copy of your data and store it on a secondary storage (locally or in the cloud).
While Afi itself develops a backup solution for Microsoft 365, we belive that the standard Microsoft 365 recovery tools or compliance retention may be sufficient for many organizations.
All 3rd party services have limitations imposed by the MS APIs (such as limited backup frequency and data types available for backup/recovery). If you are considering using a third-party solution, you need to understand their limitations.
See section 4 for more details about 3rd-party backup tools.
The standard post-deletion retention is a mechanism that keeps deleted items and entire SharePoint sites for some time (up to 107 days) before deleting them irrversably. This enables Microsoft 365 administrators to recover items within the retention window.
When users delete items from SharePoint sites, the data is moved to the first-stage recycle bin (=user facing recycle bin, or site Recycle Bin). It is kept there for 93 days (unless it is deleted from the bin earlier).
After 93 days the data is removed from the recycle bin, however it still remains in Microsoft daily backups for additional 14 days.
If users delete data from the first-stage recycle bin, or if SharePoint site collection administrators delete data from a SharePoint site, then the data is moved to the second-stage recycle bin (=administrator Recycle Bin, or collection Recycle Bin).
When an entire site is deleted, it goes straight to the second stage recycle bin.
Only SharePoint site collection administrators can view and recover data from the second-stage recycle bin. Data is kept there for 93 days less the amount of time the data was kept in the first-stage recycle bin.
For example:
After data is deleted from the second-stage recycle bin it remains in Microsoft daily backups for additional 14 days.
Daily Microsoft SharePoint backups provide 14 days additional days during which you can recover deleted data. Administrators can contact Microsfot support to recover the data during this period. Only full SharePoint site recovery is available (no item-level recovery).
You will need to specify the date you want to recover the data from, but there is not way to recover specific versions, or use a recovery point from a specific time.
The post-deletion retention settings cannot be changed or configured and they are the same for all Microsoft 365 plans.
Data within subsites follows a similar retention & versioning cadence as documents, lists and pages in the “parent” site.
Check Microsoft documentation to learn more about standard SharePoint retention & recovery.
The standard versioning mechanism preserves some (not all) file versions that are created and uploaded to SharePoint online. The mechanism works for both native Microsoft 365 data (SharePoint webpages, lists, Word, Excel, PowerPoint and other MS documents) as well as other (non MS) data.
A new version is created every time a file is changed and uploaded to SharePoint. If you upload a new file that has a name matching an existing SharePoint file name, it will also be treated as a new version of the same file. Versions are also created when users edit native Microsoft data formats (in collaboration with others or working on their own) in the M365 web interface or the on-prem Office applications.
Not every edit creates a new version for the native MS files. Microsoft declares that new versions are created periodically - based on our experience this means every ~30 minutes, but not always. If users want to make sure a new version is created, they should close and reopen the file (this is supposed to create a new version every time).
SharePoint site admins can configure versioning for most data types. See the overview of the versioning settings for different SharePoint data locations/types in the table below.
Document libraries contain files. They are configured to keep the last 500 versions by default; the limit can be increased to 50,000.
Page libraries contain web page files. Versioning is disabled by default and can be enabled to retain up to 50,000 versions.
SharePoint lists are files that store data tables. Versioning is disabled by default; it can be configured by retain up to 50,000 versions.
Power Apps store data in Document libraries / Lists. Versioning can be enabled for most Apps, except Surveys & Shared mailboxes.
The versioning capabilities are available in all Microsoft 365 plans. Versioning is embedded in the Microsoft UI, making it easy to use. In addition to the number of versions, site owners can configure the content changes approval workflow and other detailed settings.
| Pros | Cons |
|---|---|
|
|
The main drawback of the MS365 versioning capabilities is that the versions can be deleted by SharePoint users (intentionally or unintentionally) leading to data loss.
Each retained file version consumes your storage quota, which often makes versioning too expensive / impractical to use given Microsoft 365 storage limits. For example, if versioning is configured to keep 1,000 last versions, then your Microsoft 365 storage consumption will go up 1,000 times (there are no increments, each file version is a “full” snapshot of a file).
Check Microsoft post if you'd like to learn more about SharePoint online versions.
Microsoft 365 Compliance Center is available in E3 and more senior plans. It helps you create compliance retention policies that save all versions of SharePoint data.
Once the compliance retention policies are configured, they retain all newly uploaded and modified items. The retention does not occur when an item is deleted, but when it is created or edited.
The biggest advantage of the compliance retention is the "continious" nature of its retention. Unlike 3rd-party backup options, the retention policies save every version of an item created or uploaded to Microsoft 365. Backup tools can only take data snapshots with limited frequency (typically 1-4x per day).
Administrators can search the retained data and download it, with no option to automatically restore data back to SharePoint online. The compliance retention policies retain files and pages as well as the folder structure. If you need to restore large number of files (and the original folder structure) using compliance retention, it may require significant amount of manual effort and time.
The search and export operations may take hours and days to complete. It took us approx. 40 minutes to export approx. 350GB of data (the download averaged at ~150 KB/sec).
| Pros | Cons |
|---|---|
|
|
To configure retention and recover lost items:
It may take up to 30 minutes for a new policy to take effect. After it is succesfully applied all files uploaded to SharePoint sites (or new versions created) will be retained by the policy.
To recover the retained items administrators need to use the Microsoft 365 search & export capabilities. Data can be downloaded offline in zip folders (with the directory structure preserved). Check our other blog post about Microsoft Compliance retention policies to learn more.
Veeam and Afi provides one of the most complete SharePoint backup options compared to other players. The products enable backup and restore of web pages (most other solutions can backup these data types, but cannot restore them correctly back to SharePoint). The two tools also support Classic site pages and site mailboxes.
Most important features missing in many backup tools are the backup of site permissions, workflows and inclomplete support of lists data.
| Afi | Veeam | Druva | Spanning | Skykick | Synology | ||
|---|---|---|---|---|---|---|---|
| Backup | |||||||
| Document libraries |  |
|
|
|
|
|
|
| Page libraries | |
|
|
 |
|
|
|
| Lists | |
|
|
 |
|
|
|
| OneNote | |
|
|
|
|
|
|
| Workflows | |
|
|
|
|
|
|
| Site Mailbox | |
|
|
|
|
|
|
| Classic Site Pages | |
|
|
|
|
|
|
| Restore | |||||||
| Restore to another site | |
|
|
|
|
|
|
| Site permissions | |
|
|
|
|
|
|
| Offline Export | |
|
|
|
|
|
|
Full support
Partial support
Not supported
All the third-party tools have limited backup frequency (unlike the retention policies that offer continious protection). Afi provides 3x daily backup frequency, most other solutions offer 1x to 4x daily backups. Veeam is the only solution that (at least in theory) enables configurable unlimited frequency, however the practical limit is within 4-5x backups per day (due to network load and Microsoft APIs calls limits).
To learn more about third-party Microsoft Office 365 backup tools check our other blog post.
Afi Microsoft 365 backup's most significant differences from legacy solutions include:
To backup all or selected SharePoint sites in Afi:
In addition to protecting existing SharePoint sites administrators can configure Afi to auto-protect all newly created SharePoint sites.
In case an entire SharePoint site is deleted from Office 365, its backup will remain in Afi and will be available for search, preview, download and restore to another site or OneDrive.
All product names are trademarks or registered trademarks of their respective holders; use of them does not imply any affiliation with or endorsement by them.
O365 Backup Tools Comparison
Microsoft Teams Backup Options
