There's a lot of content out there about backups for Office 365. I, personally, have written and spoken a lot about backups for Office 365. If you ask 10 experts, you will probably get 10 different opinions about how, or why, or what you should or should not backup in Office 365. Depending on the day (and let’s be honest, who I am working for) I may give you different answers myself.
Here is one thing I will say every time about backing up Office 365 – before you buy any add-on service, you better know what is built in.
In this blog post, I am going to look at Single Item Recovery for Exchange Online. I will go through what it is, how it works, and what is new in Single Item Recovery.
When we are talking about Exchange Online, “deleted” does not always means deleted. The term “deleted” is much like onions and ogres; they can all make you cry, and they all have layers. When you delete an item from your Exchange Online mailbox it may or may not be gone.
In most cases, when you delete an item from anywhere in your Exchange Online mailbox, that item will be moved to the deleted items folder. What happens from there depends on your tenant settings. If you have retention policies configured, items will be removed from your deleted items folder based on the retention policy that applies. If you do not have any retention policy configured, those items will sit in deleted items indefinitely. As I am writing this, the deleted items folder in my Office 365 mailbox is currently 5.11 GB. Items sit in my deleted items folder for a couple of years until they are moved to my Online Archive folder. In most circumstances, nothing should ever be permanently deleted from my Exchange Online mailbox, and that’s the way I want it. In rare cases, I delete something from my deleted items folder, and that is when the story of Single Item Recover (SIR) starts.
When an item is deleted from the “Deleted Items” folder, it is moved into a hidden folder called “recoverable items” for users who have SIR enabled. By default, new mailboxes will not have SIR enabled. SIR can be enabled with the Set-Mailbox cmdlet, or you can configure the mailbox plan to have SIR enabled. When you enable SIR, you can set how long items are held in that hidden recoverable items folder up to 30 days.
Please take a minute to verify if you have Single Item Recovery enabled for the mailboxes in your tenant, and how long those messages are recoverable with the following PowerShell command.
Get-Mailbox | FL Name, Single*, Retain*
Everyone with a mailbox can restore their own deleted items from SIR by clicking the “Recover items deleted from this folder” button in OWA or in Outlook.
That is easy and straight forward. Every Exchange Online admin should make sure that their users know about this feature and know how to use it.
What you, as an admin, need to know is that you can recover items from that hidden folder for your end-users too.
Within Exchange Online, administrators have the ability to search for and recover items that have been deleted by the end-user as well as items that are deleted by automated processes (like retention policies) until those items reach the deleted items retention period.
Before an administrator can recover these items for an end-user, that administrator’s account needs to have the Mailbox Import Export RBAC role added. Once the admin has that RBAC role added, they will have the ability to use the Search-Mailbox PowerShell cmdlet.
If you are comfortable with PowerShell, then Search-Mailbox (or New-ComplianceSearch which will replace this functionality) then you are good to go. If you are not comfortable with PowerShell, then there is a new feature coming to Exchange Online that I think you will like.
PowerShell is great. In fact, I am going to say that if you are not comfortable with PowerShell, then you need to spend some time figuring that out.
That being said, some people just do not want to use PowerShell so the good folks at Microsoft have added a new way for administrators to use Single Item Recovery via the Exchange Admin Center web interface. In the screenshot below, you can see I now have the option to “recover deleted items” from the EAC.
I imagine this new interface will be most useful for help desk personal who aren't really setup to use PowerShell. This new GUI option will give them the ability to aide users by recovering items that have been accidentally deleted, or even items that have been removed by a retention policy (which the end-users will not be able to recover themselves).
The new recoverable items GUI is easy to use. Below is a screenshot of the options administrators will have once this feature makes its way to your tenant.
Microsoft sells Office 365 and specifically Exchange Online as a complete solution that does not require traditional backups. Some organizations feel they need to add on backup services to ensure a higher-level recoverability and some do not.
I can see, and have made, arguments in both directions. When I talk to my customers about adding on backup services for Office 365 or Exchange Online, I always make it a point to ensure the customer knows everything about the recovery features already in place with their Office 365 licenses. Single Item Recovery is a big part of that Exchange Native Data Protection feature set and I strongly recommend you configure and use it before you look at other backup services.
Adding a second factor as well as massively reducing the attack surface for attacks go a long way – 98% of the way– to securing your identity landscape.
ENow’s Office 365 Monitoring solution is like your own personal outage detector that pertains solely to you environment. ENow’s solution monitors all crucial components including your hybrid servers, the network, and Office 365 from a single pane of glass. Knowing immediately when a problem happens, where the fault lies, and why the issue has occurred, ensures that any outages are detected and solved as quickly as possible.Monitor Your Hybrid - Office 365 Environment with ENow.
Nathan is a five time former Microsoft MVP and he specializes in Exchange, Microsoft 365, Active Directory, and cloud identity and security.