Categories
In this article
OneDrive data retention at a glance
Read more
When a file is deleted in OneDrive for Business, it is initially moved to the first-stage Recycle Bin, where end users can recover it. If the file is deleted from the first-stage Recycle Bin, it is transferred to the second-stage Recycle Bin, which is accessible only by the site collection administrator. Files remain recoverable across both stages for a total of 93 days from the initial deletion date. After the 93-day retention period ends, the files are permanently deleted and cannot be restored through native Microsoft 365 recovery options.
To learn more about how to recover deleted data from OneDrive, click here.
OneDrive is a personal file storage location and SharePoint is a collaborative storage platform. However, both these services share similar designs and core functionalities. Hence, the retention methods listed here also apply to SharePoint sites. To learn more about SharePoint retention, click here.
Organizations with supported Microsoft 365 licenses can use tools like Retention Policies, Retention Labels, and eDiscovery (Standard and Premium) to enforce data governance strategies. Additionally, Microsoft has introduced Microsoft 365 Backup as a solution to recover and restore OneDrive data.
These policies and labels operate silently in the background and are managed via the Microsoft Purview compliance portal. To learn more about retention policies and labels, click here.
Note: To create and configure retention policies, users would need Global admin or compliance admin credentials.
Step 1: Sign in to the Microsoft Purview portal -> Solutions -> Data Lifecycle Management.
Step 2: Select Policies -> Retention policies.
Step 3: Select ‘Retention policy’ -> ‘+New retention policy’.
Step 4: Add a name to your retention policy and select the type of retention policy you need.
Step 5: Choose ‘OneDrive account’ as the location. Administrators can choose specific accounts to include or exclude.
Step 6: Choose the retention duration. Administrators can choose to retain the data in the chose OneDrive account for a custom period or forever.
Step 7: Review and finish. Check the settings and click “Submit”.
User deletes a file: When a user deletes a file in OneDrive, it is first moved to the first-stage Recycle Bin, where it remains for up to 93 days. If the user deletes the file from the Recycle Bin during this period, it is moved to the second-stage Recycle Bin, accessible only by the administrator.
Retention policy triggers Preservation Hold: If a retention policy is in place, Microsoft 365 creates a hidden copy of the file and stores it in the Preservation Hold Library. This applies even if the user has deleted the file from both Recycle Bins. The preserved copy is not visible to the user but is retained securely until the end of the retention period.
File remains accessible to admins: While the file is no longer visible to the user, administrators can search, recover, or export the preserved data using Microsoft Purview Content Search, eDiscovery, or Graph API integrations. This ensures compliance even when end users delete content maliciously or unintentionally.
End of retention period: Once the retention period expires (e.g., 3 years, 7 years, etc.), Microsoft 365 automatically and permanently deletes the content. The file is purged from all back-end storage, including the Preservation Hold Library, and cannot be recovered using native tools.
Post-deletion recovery (Microsoft intervention): If an admin needs to recover a file that was mistakenly deleted and is no longer available, they can contact Microsoft within 14 days of permanent deletion. Beyond this 14-day window, data recovery is no longer possible through Microsoft support.
To learn more about eDiscovery, click here.
Step 1: Go to Microsoft Purview portal. In the left navigation pane, select Show all, and then select eDiscovery > Premium or eDiscovery > Standard.
Note: Users need to login with Global administrator or compliance administrator credential to access the Microsoft Compliance center.
Step 2: On eDiscovery (Standard) page, create a case that you want to create the hold in by clicking ‘+Create a case’ or open an existing case.
Step 3: Click the case name and navigate to ‘Holds’ on the top menu bar. Click ‘+Create’.
Step 4: Add a name for the hold and a description if needed.
Step 5 Turn on the toggle button next to SharePoint Sites. (OneDrive for business accounts are included under SharePoint sites).
Step 6: To place a hold on specific OneDrive for business accounts, click ‘Choose sites’. The administrator can choose from a list of OneDrive for business site URLs or manually add a specific OneDrive account URL.
Step 7: Add keywords to lookout for.
Step 8: Review the settings and click ‘Submit’.
To know more about difference between retention policies and eDiscovery holds in Microsoft 365, click here.
To ensure data protection and continuity, Microsoft 365 Backup automatically backs up OneDrive, SharePoint, and Exchange Online data at regular intervals. Microsoft 365 Backup allows you to restore OneDrive files and folders to a previously known good state using point-in-time recovery.
Third-party backup solutions like SysCloud helps organizations effortlessly back up OneDrive for business data. SysCloud automatically backs up all OneDrive data and allows administrators to restore the data from the backup archives at any time.
Explore how SysCloud offers automated backup, unlimited retention, and effortless recovery for OneDrive for Business.
29 Nov 2024
3 min read
16 Apr 2025
8 min read
26 Oct 2021
6 min read
28 Mar 2025
6 min read
We don’t spam. Unsubscribe anytime.
In this article