Finding and Recovering Deleted Office 365 Data
Configuring Data Archiving
The course is part of these learning paths
Microsoft 365 provides multiple features and services for managing working data as well as for retaining them as needed. It is critical for you as an IT administrator to understand the features available for ensuring that deleted data can be restored and that you can import other data and use Microsoft 365 as an archive.
This course will focus on how to manage archival, deletion, and restoration of content and data within Microsoft 365. By the end of this course, you will know the various options available for that and when to use the Admin Center or PowerShell to restore data and content. We will also discuss some of the important aspects of working with deleted data.
- Identify content for recovery
- Ensure your end-users have the data they need
- Recover data in Microsoft 365
- Archive data in Microsoft 365
This course is intended for people who want to become a Microsoft 365 Certified: Security Administrator Associate.
If you wish to follow along with this course, it is recommended that you have a Microsoft 365 tenant, an account with Global Administrator access, as well as content within SharePoint Online and OneDrive for Business, a few Exchange Online mailboxes, and users in Azure Active Directory.
Now, let's talk about Restoring Office 365 Groups. Office 365 Groups can be deleted within the Microsoft 365 Admin Center and via PowerShell. When you delete a group, you are permanently removing everything related to the group, including Conversations, Files, the group notebook, and Planner Tasks. As an IT Administrator, you can recover the group within 30 days of it being deleted. If you need to restore an Office 365 Group, you have a 30 day period, often referred to as the soft-delete period. After 30 days, everything for the group is deleted, and cannot be restored.
When you restore a group, the following content gets restored. The Azure Active Directory Microsoft 365 Group object, along with properties and members, the groups email address, the Exchange Online shared inbox and calendar, the SharePoint Online team site and files, The OneNote notebook, any of the planner tasks, any teams that are connected, and then Power BI Classic Workspaces, along with Yama Groups and Content, if it was created from within Yama.
You can restore the groups using the 'Deleted Groups' page, from either within Outlook or within the Admin Center. PowerShell can also be used to restore Office 365 Groups, by using the command Restore-AzureADMSDeletedDirectoryObject. In this example, we first connect to Azure Active Directory, then retrieve the deleted groups using 'Get-AzureADMSDeletedGroup', with a property of -All $true, to retrieve all of the deleted groups. Then we can retrieve the ID from that list, and then pass it into the restore command, which is Restore-AzureADMSDeletedDirectoryObject. So, let's go into our environment, and we'll look at executing PowerShell for deleting and restoring an Office 365 Group.
So, we're back in the Admin Centre. So, let's first have a look at the groups that we have here. So, I'm going to click 'Teams and groups', and 'Active teams and groups', and I'm going to click into 'Security' first, and you'll see we have a whole host of Security groups. But I have a new one here called sg-SecurityTeam. I'm going to select this one here, and just say 'Delete'. And I'll delete that group. And then, I'm going to go to Microsoft 365, and look through my list of groups that are here. Which, remember, these ones are ones that could be connected to Microsoft Teams, or they might be just regular Office 365 Groups. I'm going to scroll down to one called 'Security Team', select it, and I'll say, 'Delete the Team'.
Now of course, two different types there, one is a Security Group, one is a Office 365 Group. So, now that we have those here, we can click into Deleted groups, and you'll see that my Security Team one is here. But obviously, I don't see my Security group, and that's okay, because they are two different types. So the question is, how do we restore? Well, of course, I can actually use the interface here, and say, 'Restore group', or I can go into PowerShell. So, let's go back to our PowerShell environment.
Now, in order for us to restore and even see what's there, the first thing we have to do is actually connect to Azure Active Directory. Now, as before, we're going to import the module, which would be AzureAD. So, I'm going to say 'Import'. To make sure that that's there, I'm going to just say 'Connect-AzureAD'. Of course, if it didn't have that module imported, you would need to run the Install-Module. So, I'm going to say 'Connect-AzureAD'. This is then going to have a think about it for a second. Let me just minimize this, because what happens is it puts a little box right behind the window that you're in.
I'm then going to go ahead and pass my credentials into here as before. Choose 'Next'. And I'm going to grab my password here. Put my password in to sign in, and then maximize that back. So now, I'm connected to the tenant itself, using as AzureAD. What I can then do, is use a command called 'Get-AzureADMSDeletedGroup'. And I'm going to use the property of -All $true, and just press 'Enter' here. And fair enough, we can see the Security Team. Obviously, we don't see our Security group, so I wanted to make the point that it's a little bit more complicated to restore something that isn't an Office 365 Group, using this approach here. But what we get here is when I run Get-AzureADMSDeletedGroup, it shows me the Unique Identifier of that group. So, I can take this here and copy it and put it into there, or if I knew there was only one in the list, I could say Get-AzureADMSDeletedGroup, and I'm going to say '-All $true', like so. When I do $group, it returns that one value. And it means that I can now utilize that ID property.
Now of course, if you have more than one, that doesn't quite work. If I wanted to restore, then I can say 'Restore-AzureADMSDeletedDirectoryObject'. It's going to ask me for the Unique Identifier, and because I have that property $group.Id, I can now press 'Enter'. And of course, it instantly comes back and says 'it's been restored'. Now, what does that really mean? Did it actually restore it? Well, let's go back to our 365 tenant. So, back in the tenant. So, let me just refresh, and if I refresh the page, you'll notice that the group has gone. If I go to Active groups now, and scroll back down, you can see that my Security Team has now been restored.
Liam Cleary is a Microsoft MVP and Microsoft Certified Trainer focused on Microsoft 365 and Azure. He's been working with Microsoft Cloud and Azure technologies since their creation and focuses heavily on deployments, management, and the security of Microsoft 365 and Azure. He also holds multiple certifications for both Microsoft 365 and Azure.