The Great SharePoint Online Recycle Bin Fallacy

Reason for Backup #101: Stop Accidental File Deletion

All companies seek reasons for customers to buy their products. Vendors who sell backup for Office 365 advance reasons to convince customers that they need to extract and copy data from Exchange Online, SharePoint Online, OneDrive for Business and other data to their cloud service. Often, one cited reason is that Office 365 doesn’t protect against accidental deletion of important information by users.

For SharePoint Online, the story usually goes something like this: a user deletes a document and doesn’t realize that they need the document until after SharePoint processes it through the first and second-level recycle bins and is permanently removed. In other words, our user takes more than 93 days to realize their mistake. Apparently, this loss of awareness happens to many otherwise rational human beings working today.

The unfortunate SharePoint administrator must then tell the user that their document is irretrievable. Backup vendors say that they can help because the lost document can be fetched from their repository. Cue happiness for the user and relief for the wise administrator who had the foresight to invest in the backup solution.

Backups Have Value

I’m not against backup solutions for Office 365. Backups have their place in highly regulated industries or when auditors insist that Office 365 tenants should keep a copy of their data outside the primary service. Some backup vendors, like Spanning, understand the challenges that exist to serve Office 365, including data sovereignty, protocols, and access to some data. Other companies don’t seem quite so aware of the technology inside Office 365 apps.

But it’s important to challenge statements like “Generally speaking, in most online services, the only backup you have for your organization’s data is via the recycle bin, which is automatically purged after a fixed period of time. After that, your data is gone forever.”

Office 365 Data Governance Changed the Game

This statement was true for SharePoint Online until the introduction of the Office 365 data governance framework in 2017. The SharePoint recycle bin still exists and uses two-phased progress towards final deletion. What’s different is that you can stop users removing important files from SharePoint Online libraries by using Office 365 retention policies and labels. Retention policies and labels are included in the Office 365 E3 plan.

First, you can assign retention labels with defined retention periods to documents. Users cannot delete a document that has a retention label until its retention period elapses. For example, if a document has a retention label for two years, it cannot be removed until it is two years old – or two years since the last modification (depending on the label settings).

The presence of an Office 365 retention label stops SharePoint removing files
The presence of an Office 365 retention label stops SharePoint removing files

Retention labels can be assigned manually or through policy. Default labels can be defined for a library so that SharePoint assigns the same label to every document unless a label was previously assigned. Or you can assign a retention label to a folder and have all files in the folder inherit that label.

Setting a default Office 365 retention label for a SharePoint library
Setting a default Office 365 retention label for a SharePoint library

Office 365 Retention Policies Work Too

And if you don’t want to use retention labels, you can deploy an Office 365 retention policy to ensure that no document is removed from SharePoint Online until it reaches a certain age. For instance, you might say that documents can’t be removed until they are five years old. In this case, users can remove documents from libraries that go through the recycle bin process, but when the normal 93-day limit is reached, SharePoint continues to keep the documents (in the site’s preservation hold library) until their retention period expires.

How SharePoint Online manages deleted files (source: Microsoft)
How SharePoint Online manages deleted files (source: Microsoft)

You can even apply a preservation lock to Office 365 retention policies to stop administrators reducing the retention period assigned in a policy. This is not something to do without thought, but it does help Office 365 satisfy the requirements of regulations governing the retention of electronic records in several industries.

Retrieving Held Files

Files retained by SharePoint in a site’s preservation hold library can’t be restored from the recycle bin, but they can be found and recovered by a content search. Or they can be copied from the preservation hold library. These are both administrator operations, but they are baked into Office 365 and easier (and much cheaper) than using a separate backup service.

Accessing files in a SharePoint site's Preservation Hold Library
Accessing files in a SharePoint site’s Preservation Hold Library

SharePoint Can Hold Deleted Files For Much Longer Than 93 Days

The myth that SharePoint Online only keeps deleted files for 93 days is easy to understand if you view the situation through the lens of the functionality built into SharePoint on-premises servers, which don’t support Office 365 retention capabilities. But it completely misses the point that Office 365 has a data governance framework to help companies keep important information for as long as needed.

Tenant administrators should understand the technology that they use, and backup vendors have the right to make a strong case for their technology. However, it would be nice if discussions about the need for backup were based on business needs and technology facts rather than myths and half-truths.


Need help to understand Office 365 retention labels and policies? Look no further than Chapter 19 of the Office 365 for IT Pros eBook where this topic is discussed in great detail.

Advertisements

One Reply to “The Great SharePoint Online Recycle Bin Fallacy”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.