Frequently asked questions about Microsoft 365 Backup

  • Article

Has Microsoft's stance on shared responsibility of data protection changed?

No, we still have the same point of view, but are now offering more tools to help organizations achieve those goals and responsibilities.

Why don’t Disaster Recovery copies suffice for my backup?

Disaster Recovery (DR) is the ability to recover from a situation in which the primary data center is unable to continue to operate. A DR copy with Microsoft 365 maintains the current state of content, not any historical versions from prior points in time. Microsoft 365 Backup offers the added advantage of allowing you to restore data to a previous healthy state quickly, with fast RTO (recovery time objectives) and short RPO (recovery point objectives).

Why don’t versions already solve this point in time restore problem?

Versions give individual users a way to restore files or sites to prior points in time, However, that kind of recovery method doesn't scale well for large-scale ransomware attacks where an admin needs to orchestrate the recovery. Versions might also be exhausted depending on the version limit set by the admin.

Legal holds retain data, but that feature is optimized for export (for example, via eDiscovery), not for mass restore. Microsoft 365 Backup gives the right enhanced restore tooling for ransomware and accidental/malicious deletions at scale, plus optimized performance for those scenarios.

What mailbox changes are "backed up"?

Mailbox backup enables the recovery of copies of mailbox item "versions." Two types of actions create versions:

  • Modifications
  • Deletions

Example events that are versions and recoverable via backup:

User action

  • Edit a received email using ‘edit message’ via Outlook
  • Edit a Note (not draft)
  • Remove an attachment from an email
  • Edit an attachment to an email
  • Edit a contact (not draft)
  • Modify body of a calendar invite
  • Update time of a calendar invite
  • Edit a task (not draft)
  • Delete note from deleted items
  • Delete email from deleted items
  • Purge items from single item retention
  • Delete a folder with items in it

Example events that aren't versioned or recoverable via backup:

User action

  • Edit an email item in the drafts folder
  • Update a flag on a received email
  • Set ‘Do Not Forward’ on a received email
  • Set a received message to highly important

What is the service recovery point objective?

The recovery point objective (RPO) is the maximum amount of time between the most recent backup and a data destruction event. Stated another way, it’s the amount data lost due to a data destruction event not recoverable via the backups. For Microsoft 365 Backup, the RPOs are:

  • For OneDrive and SharePoint, the RPO for the first two weeks is 10 minutes, then one week beyond that. This means for the first two weeks, the most amount of data that can be lost due to a data destruction event is roughly 10 minute’s worth of the most recent data. Likewise, after two weeks, the most amount of data that can be lost is a week’s worth of data.

  • For Exchange Online, the RPO is 10 minutes, meaning the most amount of data that can be lost due to a data destruction event is roughly 10 minutes’s worth of data.

Let's start with what it doesn't mean: We are not taking snapshots every 10 minutes.

A backup frequency of 10 minutes (if the item is modified) means that any changes made to the item will be saved as a new version every 10 minutes, regardless of how many changes occur within that 10-minute period. For example, if a ransomware attack encrypts the email item every minute, we'll take six copies in an hour.

What happens when user content is backed up but then is removed or deleted from Microsoft Entra ID (formerly Azure Active Directory)?

When a user is removed from the backup policy, the backup of the OneDrive account or Exchange mailbox is retained for one year from the date the backup was created.

When a user is deleted from Microsoft Entra ID, the backup of the OneDrive account or Exchange mailbox is retained for one year from the date the backup was created.

When a site is removed from the backup policy, the backup of the SharePoint site will be held for 52 weeks from the time a given restore point was created for that site.

How can I restore the OneDrive account or Exchange mailbox for a user who is deleted from Microsoft Entra ID (formerly Azure Active Directory)?

Note

Deleted users will appear as "–" in the user interface because the user does not exist in the tenancy. However, the backups and associated restore points will be retained for the full 365-day retention period from when a given restore point was originally created.

If the user has been deleted within the past 30 days, the best option is to restore the user based on instructions found at Restore a user in the Microsoft 365 admin center. Once the user is reconstituted, the name will reappear in the Backup tool restore experience, and the rest of the experience will work as normal.

For OneDrive, you can restore the OneDrive to the original URL or a new URL. At that time, the OneDrive is in an "orphaned" state. To connect the OneDrive to a user, see Fix site user ID mismatch in SharePoint or OneDrive.

For Exchange, if the user account is currently or permanently deleted, Microsoft 365 Backup retains the inactive mailbox for the duration of the backup policy. To recover and restore the inactive mailbox, see the following guidance:

Once an inactive mailbox is recovered and restored to a new mailbox, the new mailbox must be added to the backup policy if desired.