Home     Microsoft       The Essential Guide to Microsoft 365 Backup and Retention

The Essential Guide to Microsoft 365 Backup and Retention

Nowadays with so many organisations generating business-critical data, the need to retain and protect information has become more apparent than it ever was. To reduce the risk of litigation and security breaches, companies need to ensure that employees work with the current and relevant content.

Microsoft 365 Backup and retention policies help customers to control data backup and retention settings – necessary for proactive regulatory compliance. The platform also allows users to work online, share files and spreadsheets, and work from anywhere they want. It offers an endless pool of resources and hosts redundant network architecture worldwide.

Hence, it is safe to say that the platform is an all-in-one package deal, offering a robust business cloud solution for all its users. To extract the most out of Microsoft 365 backup and retention policies, get in touch with our team of experts

What Is Microsoft 365 Backup?

The Microsoft 365 backup ensures critical cloud data is secure, easily attainable, and without flaws. The workplace solutions by Microsoft help protect users from data loss, meeting regulatory and compliance requirements. The backup policies determine who is responsible for data loss. The party responsible could either be Microsoft or the customer.

Microsoft’s responsibility:

  • Hardware/software related failures (at the server end)
  • Natural Disasters
  • Power outages (inside data centres)

Customer’s responsibility:

  • Human error
  • Software errors (at the customer end)
  • Malware/malicious attacks
  • Hacker attacks

The data in Microsoft’s 365 databases is replicated across at least two geographically distributed data centres. The multiple data centres help if a failure occurs at Microsoft’s end. Data recovery is easy due to the high availability of data across numerous locations. However, you cannot recover deleted emails or mailboxes using this methodology. 

What are Microsoft 365 Retention Policy and Retention Labels?

Retention policies ensure the prevention of the permanent deletion of files, documents, and emails. These policies also assure that information stored in the company is for a fixed period of time. The policy implements rules on all documents with minimum exceptions while maintaining content discoverability for lawyers and auditors.

Retention labels allow customization settings for a single folder or document. They can be set automatically or manually by the users. The main differentiating factor between retention policies and labels is that policies are auto-applied, whereas retention label policies are only applied to content tagged with a label.

IT admins can create retention policies in Microsoft Compliance Center. There are numerous configurations you can alter:

  • The retention period begins from either the creation date or the last modification date
  • Action taken after the retention period is over
  • The date after which the content is to be deleted
  • Limitations on applying policies on a specific type of content like medical data, financial data, etc.

Differences Between Retention Policy and Microsoft 365 Backup Solutions

Many people often confuse retention policy with data loss and Microsoft 365 backup solution. Below we shall discuss each of these terminologies at each instance in detail. 

To Protect from Deletion – Retention

Organisations occasionally confuse the use of a data retention policy. Many opt to use it to prevent files from permanent deletion. We can say that the fault lies in the naming of this feature. When users hear the word retention, they assume it is something related to document preservation. They anticipate that the policy prevents the deletion of some specific files – the feature doesn’t work that way.

The retention policy allows to set up three basic options:

  1. To retain the content forever
  2. To retain the content for a specific period (after which it can be deleted or kept as it is)
  3. To delete the content after it gets older than a certain age

What users need to be mindful of, is that the retention policy does not prevent the deletion. It just creates a copy of the deleted file in a safer location (Preservation Hold Library). As mentioned earlier, you can also create retention labels to protect files or folders from deletion. 

Data Backup in Office 365

The process of recovering the deleted content is hard since the Preservation Hold Library does not perform like a regular recycle bin. You may think that you’d only need to open the file, and scroll down to find your deleted items – it isn’t that simple. To recover your files, you’ll have to use the search option in Office 365 Security and Compliance Center.

The Office 365 backup policies allow administrators to configure policies and set how long after deletion data retention is maintained. Retention policy settings are the main settings of Microsoft 365 backup policies. Each of these office applications has its retention policies.

If you choose to deploy SharePoint Online, data is backed up every 12 hours and retained for 14 days. Recycle Bin stores the deleted items for 93 days, after which permanent deletion happens.

If you plan on using Exchange Online, deleted mailboxes are retained for 30 days by default. You can recover deleted items within 14 days, by definition, and you can also increase this time frame manually to 30 days.

OneDrive has a 30-day retention policy by default and so items can be recovered for a 30-day period after account deletion. The users can also change these settings in the OneDrive storage settings by administrators to alter Microsoft 365 backup options. 

Why should you use Retention Policies?

There are many reasons why organisations should enable retention policies. Some of them are below:

  • To decide whether to retain content, delete it, or retain and then delete it as needed.
  • To choose if application policies should be applicable to all content or just some specific content or conditions. This may include data with important keywords or some company-related critical information.
  • To apply a single policy to an entire organisation or some specific user locations. 
  • To maintain content discoverability for lawyers or auditors whenever the need arises. 

When data undergoes a retention policy, it is maintained at one specific location, and users can continue editing or working with the data. These retention policies help ensure data management in the back until the timeframe for taking any further action arises. For instance, an organisation can label a retention policy as ‘delete after nine years.’ This means that the content will remain accessible until the nine-year time period. The content is deleted once the timeframe ends.

Why do organisations need both Microsoft 365 backup and retention?

Multiple organisations are using Microsoft products and tools to maximise return on project investments. The Microsoft 365 package provides an all-in-one solution for all its clients. Many nonprofit organisations highlighted how Microsoft 365 Azure tools have helped them attain profitable results, given how they are working on tight schedules and budgets.

Organisations already utilising the Microsoft framework are often confused about why they need Microsoft 365 backup and retention to safeguard business-critical data. Let’s explore further to answer this query. 

To begin with, the first task is for IT professionals to closely review the documentation on Microsoft 365 data retention capabilities and exemptions. Once they are aware of these policies, they can draft a data protection document that is in line with their organisation’s governance needs.

The Microsoft 365 solution facilitates control over data retention. The retention policies are for sites or individuals, while retention labels target specific items like documents, emails, or files. Users can either apply one of these two or use both in conjunction with one another. 

With Microsoft 365 backup on Azure, users can create backups for their documents however they please. If Microsoft Azure is having issues, it is good practice to have a third-party infrastructure for storage with Microsoft 365.

The on-premise or vendor-operated storage solutions make it easier to monitor over redundancy and replication of data copies. These practices ensure data availability and integrity. Moreover, data backups are more flexible in regard to the recovery location of backup copies than a standardised retention policy.

How to set up Microsoft 365 Backup?

The Microsoft 365 Technology Stack solution has multiple platforms that can function together to provide a seamless user experience. Since these platforms are highly integrative, let’s explore the Microsoft 365 backup policies using Exchange Online as an example:

  1. Log into Office 365 using your admin account.
  2. Open the Office 365 admin portal and click on all admin centres. 
  3. On the page that opens, select Exchange. 
  4. In the left panel, click on Compliance Management, and go to the retention policies tab.

Note: You will see a default MRM policy. This page allows you to create retention policies for your user accounts. A default policy is called an MRM policy in Office 365. Once you create a new account and a licence is assigned, the MRM policy becomes applicable. 

  1. Click on the + icon to create a new policy. 
  2. A new window opens. Enter the policy name like mybackup policy 01. Now click on + to add retention tags to your mybackup policy 01
  3. A new web browser opens, listing retention tags you can choose. Each tag comes with a description of the type, retention period, and retention action. The type can be personal, default, deleted and recoverable items, and junk email. The actions can be either deleted or archived. 
  4. After selecting the required tag, click on Add. After selecting all the tags, hit OK to save all the settings.

The mybackup policy 01 for office 365 has been configured. If the screen says “Saving completed successfully”, the backup policy has been created. 

If the retention tags configurations do not meet your needs, you can also create custom tags and apply them to your settings. This can be done by first opening the Exchange admin centre and clicking on the compliance management tool. Click on Retention tags to create the ones that fulfil your requirements.

How to set up Microsoft 365 Retention?

Given below are a few steps on how to set up Retention Policies in Microsoft office 365 solutions

  1. Click open Compliance Center and select Policies in the left-most panel. A new page will open. From the list of available policies, click on the Data Section. In the drop-down list, select Retention. 
  2. On the Information Governance page, go to the Retention Tab. To start the Wizard, you’ll have to click on the New Retention Policy.
  3. Next, a popup window will appear from where you will follow four steps of retention policy creation:

Step 1

First, add the name and description of your policy, and then click on Next. The description tag is optional, but it is good practice to write these down if you intend on using multiple policies for your data. Time frames and content types help differentiate between different actions, avoiding confusion.

Step 2

Describe if you wish to retain or delete the content, and click on Next. This step also allows you to step up Advanced Settings. Choosing amongst these will create an intermediate step. If you opt for the first option, you will need to specify some specific keywords and phrases. 

If your content contains sensitive information, you’ll choose the information type. In case you cannot locate the necessary option, click on Custom. This will open up an intermediary window. Here you can select from around 152 info types and choose the one that best suits you. Now, click on Add and proceed further.

Step 3

Choose the preferred location like Microsoft Teams, Skype, or SharePoint. Then, click on Next.

Step 4

Lastly, review your settings and complete the retention policy creation. You can also save the policy for later use or cancel the process altogether.


Understanding and implementing the Microsoft 365 backup and retention policies help alleviate all your concerns. The tools allow administrators to recover deleted items in Office 365 applications for a specific period. The most significant aspect users need to remember is that Microsoft 365 retention and backup policies can help recover deleted items in most cases. However, these practices should not be considered as a substitute for the data traditional backup policies.  

Using third-party backup solutions can be advantageous as they provide you with the leverage of recovering any items whenever you need them. These platforms help fulfil all your data protection requirements, providing a tech-driven approach to your enterprise-level needs. 

If you want to embark on this new journey, get in touch with our team of IT specialists all ready to assist you in every way possible.

Subscribe to our newsletter

Enter your email and stay in touch with the latest updates from A1.

Call us now