Data Protection Centre/Microsoft 365/A Guide to OneDrive for Business Data Retention

Categories

In this article

  • Default data retention in OneDrive for business
  • Limitations of default retention methods
  • Native retention methods
  • Retention policies to retain OneDrive for business data
  • eDiscovery to retain OneDrive for business data
  • Limitations of native retention methods
  • Retention with third-party backup solutions

A Guide to OneDrive for Business Data Retention

13 Dec 2021
6 min read

OneDrive data retention at a glance

There are gaps in OneDrive data retention:
  • Files deleted from OneDrive can be permanently lost if they are not restored within the default retention period.

  • Microsoft 365’s retention rules can be complicated and may not apply uniformly, creating potential risks for data loss.

Read more

OneDrive for business is a cloud storage platform that is available as a part of the Microsoft 365 productivity bundle.  With over 51% of all organizations in the US and Europe relying on it to store important business information, securing OneDrive data is now more critical than ever.
This article explores the different ways using which IT administrators can retain Microsoft OneDrive for business data.

Default data retention in OneDrive for business

OneDrive  files that get deleted are available in the first or second stage recycle bin for a total of 93 days. Users can restore the deleted file from the first stage recycle bin and administrators can access the file and restore it from the second stage recycle bin. If the file gets deleted from the first stage recycle bin before the 93-day period, it directly moves to the second stage recycle bin for the remainder of the 93 days. Below is a diagram illustrating the movement of a OneDrive file from deletion to recovery.

Deleted OneDrive data timeline

Limitations of Microsoft 365 default retention for OneDrive for business files

  • The OneDrive data retained by default is counted against the total storage available with Microsoft 365. Once the limit is exceeded, businesses will need to purchase more storage space.

  • Files deleted from OneDrive for business will be permanently deleted once the retention period ends.

How to retain OneDrive for business data?

There are several retention tools that can be used to ensure OneDrive for business data gets retained beyond the default retention period. Native retention methods like retention rules and eDiscovery features, and third-party backup tools are top three methods businesses can use to preserve their OneDrive data.

OneDrive data retention methods

OneDrive is a personal file storage location and SharePoint is a collaborative storage platform. However, both these services share similar designs and core functionalities. Hence, the retention methods listed here also apply to SharePoint sites. To learn more about SharePoint retention, click here.

Native retention methods

Specific Microsoft 365 licenses allow businesses to access native retention methods like retention policy setting and Core and Advanced eDiscovery features to ensure OneDrive data retention beyond the default retention period.

Retention policies to retain OneDrive for business data

Retention policies are rules that define how long an organization’s data gets stored and when it gets disposed. Microsoft 365 allows businesses to set retention policies to preserve data for a certain period or delete it after a certain period. These policies can be utilized to retain important business data for however long a business requires.

Licensing requirements to use retention policy

Organizations with the following licenses can set retention policies to preserve their OneDrive for business data:
●     Microsoft 365 E5/G5/A5/E3/G3/A3
●     Office 365 E5/G5/A5/E3/G3/A3/F3/E1/G1

How to set retention rules to retain OneDrive for business files?

Note: To create and configure retention policies, users would need Global admin or compliance admin credentials.

Follow the below steps to set retention rules to preserve OneDrive for business files

Information governance in Microsoft compliance center
  • Step 2: Select ‘Retention policy’ -> ‘+New retention policy’.

Create a new retention policy
  • Step 3: Add a name to your retention policy and select the type of retention policy you need.

  • Step 4: Choose ‘OneDrive account’ as the location. Administrators can choose specific accounts to include or exclude.

Select the location to place retention policy
  • Step 5: Choose the retention duration. Administrators can choose to retain the data in the chose OneDrive account for a custom period or forever.

Set a retention policy duration
  • Step 6: Review and finish. Check the settings and click “Submit”.

After the retention policy is created, it could take at least 24 hours to take effect.

What happens when OneDrive for business data gets deleted after retention policy is applied?

The diagram below illustrates what happens when OneDrive files get deleted after a retention policy is applied.

Deleted OneDrive data timeline after applying retention policy

Microsoft eDiscovery to retain OneDrive for business data

eDiscovery refers to the process of searching, compiling, analyzing, and presenting important business data as possible evidence in a legal case. Microsoft 365 provides two eDiscovery tools (Core and Advanced eDiscovery) to help organizations collect and preserve the required data. Using a Core eDiscovery case, organizations can run content searches, and place holds to preserve OneDrive data indefinitely.
Using an Advanced eDiscovery case, organizations can collect, review, analyze, and export OneDrive for business data. 

To learn more about eDiscovery, click here.

License requirements to access eDiscovery to preserve OneDrive for business data

To access the Core eDiscovery feature, organizations would need the Microsoft E3 license. Businesses using a Microsoft E5 license can access both Core and Advanced eDiscovery.

How to enable eDiscovery holds to retain OneDrive for business files?

Note: Users need to login with Global administrator or compliance administrator credential to access the Microsoft Compliance center.

  • Step 2: Navigate to Core eDiscovery under “eDiscovery” in the left-hand side menu bar.

Core eDiscovery
  • Step 4: Create a case by clicking ‘+Create a case’.

  • Step 5: Click the case name and navigate to ‘Holds’ on the top menu bar. Click ‘+Create’.

Create new holds in Core eDiscovery case
  • Step 6: Add a name for the hold and a description if needed.

  • Step 7: Turn on the toggle button next to SharePoint Sites. (OneDrive for business accounts are included under SharePoint sites).

  • Step 8: To place a hold on specific OneDrive for business accounts, click ‘Choose sites’. The administrator can choose from a list of OneDrive for business site URLs or manually add a specific OneDrive account URL.

Choose sites to put on hold
  • Step 9: Add keywords to lookout for.

  • Step 10: Review the settings and click ‘Submit’.

To know more about difference between retention policies and eDiscovery holds in Microsoft 365, click here.

Limitations of native retention methods

  • Retention policies and eDiscovery features are available only with E3 and E5 licenses.  

  • In case of modification or deletion of any OneDrive data retained using retention policies, a copy of the data moves to the preservation hold library. Preservation hold library storage is counted against the total storage quota and businesses will have to purchase additional storage when using retention. Below is a note from Microsoft that highlights the storage implication when using the Preservation Hold Library.

Storage limitation for retention settings
  • Unlike third-party backup tools, native retention feature does not come with automated recovery options. In case of a data loss event, administrators can only export the data and restore it manually. Microsoft eDiscovery also lacks the auto-enrollment feature that automatically preserves  data belonging to newly added users.

  • To retain deleted/suspended user data, organizations need to continue paying license costs.

  • OneDrive data retained using eDiscovery becomes inaccessible to the users. Users cannot modify or work on the OneDrive data as long as the hold is in place.

Retain OneDrive for business files using third-party backup solutions

Third-party backup solutions like SysCloud helps organizations effortlessly back up OneDrive for business data. SysCloud automatically backs up all OneDrive data and allows administrators to restore the data from the backup archives at any time.

Click here to learn more about SysCloud.

Click here to know why businesses should use third-party backup solutions to secure their OneDrive for business data.

 
Get actionable SaaS administration insights

We don’t spam. Unsubscribe anytime.

In this article

  • Default data retention in OneDrive for business
  • Limitations of default retention methods
  • Native retention methods
  • Retention policies to retain OneDrive for business data
  • eDiscovery to retain OneDrive for business data
  • Limitations of native retention methods
  • Retention with third-party backup solutions

Start enjoying faster and easier backups, today

Avoid costly data retention gaps and minimize time to recovery with SysCloud's cloud backup.Start 30-Day Free Trial
Certifications
Certifications