Skip to content
MS 365 Backup

In theory, the Microsoft 365 cloud is a very safe place to hold and store your data. You click a button and it saves itself somewhere in ‘the cloud’ where you can access whenever you like. Then if you delete a file or email by mistake, Microsoft’s support team have a backup server somewhere with endless free storage… right?

Lots of people think that too. Then again, lots of people also thought eating a bat wouldn’t cause the biggest global pandemic in our lifetime but here we are.

As many people are discovering, often too late, having a backup copy of their files is paramount, particularly for programs like Microsoft 365 (previously Office 365). It’s as simple as this: Your data, Your responsibility.

Over the course of two articles, we’ll outline exactly what you get with Microsoft’s Service Agreement and then we’ll make the case for using a third party.

Microsoft 365 data security

First, it’s useful to understand Microsoft’s data protection policies.

Microsoft 365 uses 4 methods to secure data:

  • The backup that Microsoft makes itself
  • The Recycle bin process
  • Retention*
  • Versioning

*Microsoft’s Holds options have been replaced by retention policies, so we won’t be covering them in this article.

Backups for Microsoft 365

Microsoft’s backups are performed every 12 hours and the retention period is 14 days. This is fine if you realise your mistake straight away, but what if you accidentally delete an email or file only to realise months later? Or what if a disgruntled employee intentionally deletes something? This is a little harder to plan for.

As the backup is set up for disaster recovery purposes, it is only possible to restore entire environments and not possible to carry out so-called brick level restores of, for example, an individual mailbox or a mailbox item.

Restores must be requested through Microsoft’s support department and there is a cost associated. With no control over when the restore is actually performed, this is not the most efficient process.

What exactly does Ekco backup?

The Recycle Bin ?

All discarded data is stored in the recycle bin. In addition to the standard recycle bin, Microsoft 365 also has a secondary recycle bin where data is stored for a period of time when it’s initially removed from the primary folder. Although the idea is the same for both mail and Sharepoint, there is a slight difference.


The mail process looks like this:

  • User deletes data
  • Item is stored in the “deleted items” folder. In principle, an item can remain there indefinitely
  • When data is removed from ‘deleted items’ it is moved to the secondary recycle bin or the ‘recoverable items’. The data will remain there for a maximum of 30 days;
  • The data will be permanently deleted after 30 days.


At Sharepoint, the process looks like this:

  • User deletes data
  • The data is moved to the First-stage Recycle Bin, also known as the Site Recycle Bin
  • From there it’s moved to the it’s moved to the Second-stage Recycle Bin, also known as the Site Collection Recycle Bin
  • In all cases, the data is permanently deleted after 93 days (from the date of the First-stage Recycle Bin. In essence, deleted data is stored within Sharepoint for a maximum of 93 days.


Retention is possible within the Microsoft 365 subscriptions, E3, E5 and Exchange. Microsoft introduced retention for two reasons:

  • Save data for a certain period of time
  • Delete data after a certain period of time.

Since these elements may conflict, a number of retention rules apply.

Again, there’s a difference in the operation between mail and Sharepoint.


The mail retention process looks like this:

  • Items are moved from the deleted items folder to the recoverable items folder;
  • Periodically, a process runs that checks whether items comply with the set retention policy. If not, items will be permanently removed. If this is the case, the items will remain in the Recoverable Items folder.


The retention process in Sharepoint is different. It all depends on whether the data already existed when the retention policy was created. If the data exists prior, a version of the data is saved in one of the following instances:

  • The moment the first change is made in the document, after the retention policy has been created. The version prior to the change is written to the Preservation Hold Library
  • The moment the data is deleted.

We should note, retention only produces one version of the data. If you want to keep multiple versions of a file, you should use versioning.

We’ll discuss versioning in part two of this article, as well as the possibilities of recovering data, and the added value of third party backup tools for Microsoft 365.

Learn more about:

Microsoft 365 Backup

Disaster Recovery

Managed Backup

Our specialists have the answer