1. Home
  2. Training Library
  3. Microsoft 365
  4. Microsoft 365 Courses
  5. Working With Archived and Deleted Data in Microsoft 365

Restoring OneDrive for Business Data

Start course
Overview
Difficulty
Intermediate
Duration
56m
Students
65
Ratings
5/5
starstarstarstarstar
Description

Microsoft 365 provides multiple features and services for managing working data as well as for retaining them as needed. It is critical for you as an IT administrator to understand the features available for ensuring that deleted data can be restored and that you can import other data and use Microsoft 365 as an archive.

This course will focus on how to manage archival, deletion, and restoration of content and data within Microsoft 365. By the end of this course, you will know the various options available for that and when to use the Admin Center or PowerShell to restore data and content. We will also discuss some of the important aspects of working with deleted data.

Learning Objectives

  • Identify content for recovery
  • Ensure your end-users have the data they need
  • Recover data in Microsoft 365
  • Archive data in Microsoft 365

Intended Audience

This course is intended for people who want to become a Microsoft 365 Certified: Security Administrator Associate.

Prerequisites

If you wish to follow along with this course, it is recommended that you have a Microsoft 365 tenant, an account with Global Administrator access, as well as content within SharePoint Online and OneDrive for Business, a few Exchange Online mailboxes, and users in Azure Active Directory.

Transcript

So now, let's talk about restoring OneDrive for Business Data. When you delete a user from within the Microsoft 365 Admin Centre, you can choose what you want to do with the user's product licenses, email, and OneDrive. You can remove the license from the user and then remove it from the tenant subscription to start paying with it. If the user has content within OneDrive, you can give another user access. Giving another user access to the deleted user's email will convert the deleted user's mailbox to a shared mailbox. The new mailbox owner can then access the mailbox and monitor for new email.

If you're using Active Directory On-premises to synchronize with Azure AD, you will need to delete the user account from Active Directory, as you won't be able to do that through Office 365. When deleting a user within the Microsoft 365 admin centre, the associated OneDrive site is retained for 30 days, which is about 4 and a half weeks. Any content that is shared to others is still available to those users. However, after 93 days, so approximately three months, the OneDrive for Business site is removed, and it can then only be restored by a Global or SharePoint Administrator.

If you choose to delete the OneDrive completely, Microsoft performs a very specific process. The first step is the account deletion event is synchronized to SharePoint Online. The OneDrive clean up job will then mark the selected OneDrive for deletion with a retention period of 30 days. If you happen to have set a manager for the deleted user, the manager will then be notified and can still access the OneDrive files to retrieve them. Seven days before the retention period of 30 days expires, the manager or secondary owner is then notified again. After seven days, the deleted user account and the OneDrive site collection is moved to the recycle bin and then kept for a further 93 days. At this point, only PowerShell can restore it. As a note, if you apply retention policies to the content before deletion, the period of retaining the OneDrive site can be much longer, as retention policies will always take precedence.

If the associated user was removed within 30 days, the admin centre can be used to restore the entire OneDrive site collection. If 30 days has passed, then you will have to use PowerShell. This is completed by connecting to the SharePoint Online site and using the command "Get-SPODeletedSite" to retrieve that specific site. Once you have the specific URL, you can then use the "Restore-SPODeletedSite". Once it's been restored, you will need to set the OneDrive administrator or the person that needs access to the data. And as a note, if you permanently delete a OneDrive site, it cannot be restored. PowerShell can also be used to restore a deleted OneDrive Site by using the command "Restore-SPODeletedSite". In this example, we've connected to SharePoint Online and then, we have retrieved the deleted OneDrive Site using "Get-SPODeletedSite" command to ensure that it exists, we passed the same URL that we needed. We can then restore using "Restore-SPODeletedSite" by passing the same URL to that command.

Now, the last task is to assign an administrator to that restored OneDrive site using "Set-SPOuser". So, let's go into our environment and look at executing the PowerShell for deleting and Restoring OneDrive for Business Sites. In order for us to restore OneDrive for business data, we need to connect to the SharePoint online service. The first thing we actually have to do here is to install the module, which is the Microsoft.Online.SharePoint.PowerShell. So, I'm going to execute the install command here. This will then go ahead and retrieve that from the repository and if needed, it will ask us to confirm that we wish to install that. Once that module has been installed, then as before will need to import the module so that we can put that in.

So, I'm going to press 'Yes' now. This will do the install, then we'll import, and then we can initialize a connection to the actual tenant itself to the SharePoint Online specific components of that. So, there we go. We can see it's installing there, so we'll give it a second to complete. So, let's rerun that command but this time change it to be import-module, comes back and it says, hey, some of the names to do with verbs, etc. That's okay, no issue there whatsoever. The most important thing is we wish to connect to the SharePoint Online service. So, I'm going to click this here, and the first thing you'll notice is you asked me for a URL. And the URL is the admin centre URL for SharePoint. So, let me just change that.

I'll just come here to connect Connect-SPOService-url and then, the URL that we're trying to get to is going to be the name of a domain, and it's also going to be on the end of the SharePoint.com domain. So, what we'll do here say, http, I've got My Site domain -admin.sharepoint.com and click 'Enter'. At this point, we get prompted, as we did before. So, I'm going to take My username, put My username into here, choose 'Next'. It's going to ask me for password. I'll do the same thing again, password and click 'Sign In', and then it should connect us to the service.

So, how do we know that we've connected because there's no feedback? Well, the first thing we can do is just in here. We can type "Get-SPOSite" "Get-SPOSite" there we go and you'll see it brings back all of the sites. So, all of our site collections, so we know that that's correctly connected. Now, the Get-SPOSite command, if I do this also has a few properties. I'm just tapping through some of them here and it says IncludePersonalSite. So, I'm going to press 'Enter' here, notice it requires a value. So, I'm going to say true and press 'Enter'.

Now, what happens this time is we get the personal sites or the OneDrive sites that make up the OneDrive storage and the user profile, etc. So, if we scroll through here, you can see there's a whole host and I'm going to pick one of these. So, we'll pick this one here, which is debrab's, just copy that and we just clear that here. I'm going to say Get-SPOSite. I'm gonna just, let's just paste the URL  and it returns back. Deborah's specific one that's there. So, now that we have the connection, what we need to do is actually look at how we remove that. So, I'm going to say "Remove-SPOSite". You can see it's going to have an identity of some description. That's literally the only field but I'm just going to pace the euro like so and press 'Enter', it will say, "Do you wish to remove it?" I'm going to say 'Yes'. And now, it deletes that site.

So, how do we get that site back? Well, first off, we can use the "Get-SPODeletedSite" and notice it doesn't return anything back. If we go back through here and type through the values it says include personal site and then the personal sites show up. So, just be aware the "Get-SPODeletedSite" is limited to just bring you back site collections. You'll need to include the personal sites as part of that. So, once we have that, then of course, I can re-copy this specific URL here. I can say "Get-SPODeletedSite". I can then say 'Identity' paste that in there and press 'Enter' and then the site returns. So, as long as we know the URL, we can always retrieve that.

Now, how do we actually restore that back? Well, that's going to be done using the "Restore-SPODeletedSite" command, exactly the same process, 'Identity' were paste in the URL, and we can do "Restore-SPODeletedSite." Now, what does that mean? Well, if we go back to Get-SPO, including personal sites, not the deleted one, sorry. If we go all the way back up here, get SPO Site -IncludePersonal. What we should see if we scroll a bit further, back up here is debrab site should be back. And there it is, so Deborah site is right here. So, we restored and put that back.

Once that site is back, then, of course, we can then say "Set-SPOUser." If we wanted to, we can specify the Site URL, which in this instance is going to be the My Site. I can then specify a 'LoginName' so whatever that account might be that I wish to add as a separate kind of owner or administrator to that one. So, I'm going to put My Site admin account here. And then, I can use a 'SiteCollectionAdmin$true' press 'Enter' here. So, that's now added me as a site collection admin. So, the advantage that we've got here is that we can delete them. We can then also retrieve them and then once it's been retrieved, we can put it back and set new owners to that as well. So very, straightforward process of being able to delete, restore, and then allow somebody access back to a My Site.

 

About the Author

Liam Cleary is a Microsoft MVP and Microsoft Certified Trainer focused on Microsoft 365 and Azure. He's been working with Microsoft Cloud and Azure technologies since their creation and focuses heavily on deployments, management, and the security of Microsoft 365 and Azure. He also holds multiple certifications for both Microsoft 365 and Azure.