A SharePoint Online Backup Strategy for a Cloudy Day

A SharePoint Online Backup Strategy for a Cloudy Day

With an ever-growing Office 365 ecosystem, data backup and recovery often become a concern.  SharePoint Online sites, Exchange Online mailboxes, and other specific apps store the data for the apps.  It may be necessary to cope with two types of backup scenarios.

  • Backup of service content, which ensures all content is backed up in case of a service failure or corruption
  • Deleted content, either by accident or on purpose

The content of your sites is stored indefinitely in SharePoint Online.  There is no need to worry about your data disappearing unless someone explicitly deletes it or there are information management policies in place or other external actors are involved.  There will, however, be situations in which content is intentionally or inadvertently deleted.  You need ways to get all your data back, whether it is a single file or a whole site collection.  Rather than focusing on the types of solutions available, we should ask ourselves what exactly we are trying to back up and why.  Would it be possible to recover from wiping out your intranet, even if it caused disruption to your organization? 

Your SharePoint environment can be broken down into several layers

  • Work with Word, Excel, PDF, or any other format you prefer.  SharePoint, an Enterprise Management System) is used to manage the work product that your teams depend on.  Documents are constantly created and updated across the sites.
  • List Items - Calendars, action items, and risks - these are all integral to a SharePoint environment and change frequently.
  • Metadata - Over the years, there have been many discussions concerning its importance.  Metadata has many benefits.  Yet, regardless of the reasons, if the metadata can be reconstructed from the content itself, you're probably safe.  Whenever a document is created or modified, users will manually set some metadata (for example, changing the document's status).  Modified by and Modified date are also automatically updated. 
  • This refers to everything else that makes up a SharePoint site, such as information architecture, navigation, branding, custom web parts, and other elements that make SharePoint the IT centerpiece of many organizations.  There is a lot of work involved in setting it up, and once you reach that point, changes to the environment are much slower than changes to the content. 

Consider what would happen if your SharePoint environment was destroyed (imagine a virtual meteor).  In the shortest amount of time possible, what would it take to get your organization back on track?  Think about how you used to work before SharePoint.  Like in a good science fiction movie, when all metropolitan cities are destroyed and people live out of RVs, you may find yourself wishing for the days when documents were stored on network drives and lists were Excel spreadsheets (but only for a short while).

Nowadays, third-party software providers offer some great options for backing up your cloud content.  Unfortunately, these solutions are often expensive and too advanced for your specific use case.  Let's explore some alternatives.

Document Version Control

You can solve this problem in the simplest way possible.  Updates create new versions of documents.  It is possible to go back to an earlier version at any time and restore it as the current version.  It is possible to control how many versions will be saved at any given time using versions.  For example, suppose you set the limit at 50 versions.  As soon as you save a document again after reaching 50 versions, version 1 will be deleted, leaving versions 2 to 51.  Whenever you store a version, you are storing a copy of the document, thereby taking up additional space on your tenant.


Recycle bins in SharePoint

Documents and list items are deleted to the User recycle bin (first-stage recycle bin).  The content remains there for 93 days, during which the user can restore the content to its original location or delete it from the User recycle bin.  For the remainder of 93 days, deleted content will move to the Site Collection recycle bin (second-stage recycle bin).  From individual items to entire collections, the second-stage recycle bin can hold anything.  Site Collection recycle bin content can be restored via the SharePoint Online Administration Center Recycle Bin (https://-admin.sharepoint.com/_layouts/15/online/RecycleBin.aspx).


Requesting Backups from Microsoft

You may be able to get back content that has been permanently deleted from your SharePoint Online environment for a limited period of time by contacting Microsoft directly.  To request a restore, a user with global admin rights in Office 365 will need to contact Microsoft through the help channels.  The restore process will bring back the entire site collection with all its content to its original location.  In some cases, you may have only lost a single file and will need to reconcile all the other content manually.  Based on the urgency of getting the data, this may not be a viable solution. Microsoft backs up content every 12 hours and takes a few days to restore.


Policies for Retention

Rather than serve as a backup, Retention Policies restrict what data can (and should) be deleted when.  Regulations and laws usually dictate whether content should be kept or deleted.  Retention Policies allow you to apply rules to all content or only content that meets certain conditions, such as content containing specific keywords or specific types of sensitive information.

You can continue to edit your content in the original location if your content is subject to a retention policy.  If someone edits or deletes content that is governed by the policy, a copy is saved to a secure location where it is kept for as long as the policy is in effect.  You can further restrict how your content is handled by configuring Retention Policies so that once they have been enabled for a piece of content, they cannot be turned off.  Preservation Lock enables you to meet this requirement. After a policy is locked, it can never be turned off or made less restrictive, not even by the administrator.  The Retention Policies are not backups, but a safeguard against accidental (or malicious) deletion of content.  You will not be able to retrieve content once the Retention Policy takes effect if you introduce a policy that permanently deletes it.


Manual Content Backup

Alerts

Alerts by themselves are not a backup method.  However, you can use them to stay informed if any sensitive information is being deleted and decide how to react in time.  You can for instance enable alerts for specific document libraries that you are most concerned about, so that you have time to decide what action to take once the documents are in either the first-stage or second-stage recycle bins.


Flows can be used to deal with modified or deleted content

Microsoft Flow provides a number of triggers and actions you can use to automatically respond to events such as the deletion or modification of documents or items.  As a trigger, the flow would be triggered by an item/file deleted or modified.  You can then decide what to do based on your specific situation.  The file can be copied to another location such as a SharePoint site, Azure storage, OneDrive for Business, file system, or other service or simply sent as an alert via email (similar to an alert).  If you wish to maintain the existing metadata, you can export it along with the file in the form of an XML structure or similar.  If you ever need to restore the file, you could recreate it this way.  In order to stay within the limits of your service plan, you need to consider how many workflows could be triggered depending on the size of your organization and the amount of content being created or modified.  A user can execute 2,000 workflows a month by default.

PowerShell to copy data

PowerShell provides more flexibility, but it comes at a price of developing and maintaining scripts.  With PowerShell, you can automate many of these backup activities, including copying files, extracting metadata, and managing content from a remote location. 

OneDrive for Business Syncing

You can sync specific document libraries to your local machine with OneDrive for Business.  A similar scenario could be set up using a service account that syncs content from SharePoint Online to a folder on a network share.  There are two things you need to keep in mind with this continuous mechanism - 1) you are still responsible for backing up your file share, and 2) you need to set up a mechanism that copies the data from the sync folder to another location on your file share or outside of your SharePoint or OneDrive for Business setup, since files deleted from the library will also be deleted from the sync folder, which is what you're trying to avoid with this backup setup.


Leveraging Migration tools

In case you have already invested in a migration tool, you may be able to use it for backup.  You can perform delta migrations with most migration tools, which migrate only the content that has changed.  Such migrations can also usually be scheduled.  Using this method, you can run the migrations when system usage is low so that the impact on your organization is minimized. 

Using a migration tool that offers these features will enable you to set up a one-way migration/sync process that will pull data from your active SharePoint environment and copy it to a backup location.  It is possible to migrate specific document libraries or entire site collections to a number of places - another site collection in your existing tenant, a separate tenant, Azure, an on-premises SharePoint farm or file share, etc.  Each has cost and infrastructure implications.  To store the content in an on-premises SharePoint farm, for example, you will need to maintain a separate farm and infrastructure.  If your tenant or the data center where it is managed goes down, your backup may be compromised.  Having an alternate tenant in a different datacenter provides redundancy, however it is more expensive.  To reduce the cost, however, you can add your users to the alternate site collection without licensing them.  In this way, content ownership can be preserved while license costs can be avoided.  Syncing your user accounts is also necessary for this (minus the licensing part).

One of the biggest advantages you have over the Microsoft Backup request is that you can restore granular content or even an entire site collection to another URL so you can pick what to keep with a migration tool.


As you can see, there are a variety of options available for backing up your SharePoint Online data without having to invest in an expensive solution.  With Office 365, proper governance is important for reducing the risk of inadvertently deleting content you may need and having a way to retrieve it if it is accidentally deleted.