- Backup to external drive
- Using OneDrive Sync Client
- Using retention policy and labels
- Using eDiscovery
- Using OneDrive for Business API
- Using third party cloud backup tools
- Frequently asked questions
Article at a glance
• No built-in backup: Microsoft's terms of service state they are not responsible for backing up OneDrive data. • Manual backups are unreliable: Methods like external drives and OneDrive Sync are time-consuming, prone to errors, and lack full restoration capabilities.
What is the solution? • SysCloud offers automated, continuous backups for OneDrive for Business, ensuring secure, hassle-free recovery of files, folders, and permissions—protecting against accidental deletions, ransomware, and compliance risks.
As per their terms of service, Microsoft is not responsible for backing up your OneDrive data and they recommend using a third-party cloud backup solution for backing up your data. Don’t take our word for it; here is an extract from their Services Agreement (Section 6.b).
We strive to keep the Services up and running; however, all online services suffer occasional disruptions and outages, and Microsoft is not liable for any disruption or loss you may suffer as a result. In the event of an outage, you may not be able to retrieve Your Content or Data that you’ve stored. We recommend that you regularly backup Your Content and Data that you store on the Services or store using Third-Party Apps and Services.
1. Backup OneDrive to external drive
1.1. How to backup OneDrive to external drive
Step 1: Log in to your Microsoft 365 account and go to OneDrive. Select the files you need to back up. You can also select all the files by clicking on the toggle selection for all items.
Step 2: Click on the three dots beside the filename and select Download or click on the Download button at the top.
1.2. Limitations of OneDrive backup to an external drive
Time-consuming: Large volumes of data will take several hours or days to download. It is better to use an automated backup solution.
Human error: Since the process is done manually, there is a high possibility that you might forget to download new or updated files.
Since the backup copy is stored physically, you will lose your data if something happens to the computer or external drive.
Lack of restoration capabilities: In case of a data loss incident, restoring files is going to be a tedious process, since you will have to manually upload all the files to OneDrive.
Sharing permissions are not retained.
2. Backup OneDrive for Business using OneDrive Sync Client
1. Download OneDrive data to a local machine
2. Upload files on the local machine to OneDrive
2.1. How to set up OneDrive Sync Client
Step 1: Click on the Cloud icon on your desktop and click on Sign in to sign in to OneDrive with your Microsoft 365 credentials. Enter your Microsoft 365 email address and click Sign in.
Step 2: Select Next to accept the default folder location for your OneDrive files. If you want to change the folder location, select Change location – this is the best time to make this change.
Step 3: Click on NEXT until you finish the steps and click on the Open my OneDrive folder option.
Step 4: Once your files are synced, click on the OneDrive icon in your taskbar and click on the Settings option.
Step 5: Under Sync and backup, choose the required settings.
Step 6: In the Account tab, click on the Choose folders button to choose the folders for syncing with the local machine. Select the required folders and click OK.
2.2. Limitations of OneDrive backup using Sync Client
Infrequent backups: Since the process of taking the backup is manual, creating consistent and regular backups will become a challenge.
Limited storage: To manage your storage space, you will be forced to delete older files that are of less importance.
High risk: Data stored on local devices can be lost due to hardware failures or ransomware attacks.
Possibility of data loss: If a file is lost between two backup processes, it cannot be restored.
Unreliability: Synchronization in OneDrive cannot be considered as a reliable alternative to backup. If you delete data from your computer, the data is also removed from the cloud. To create a backup, you will have to manually copy all the files to another folder or to an external drive.
Responsibility on end users: This approach is applicable only if individual users take responsibility for backing up their data. An administrator cannot manage backups for individual users.
3. Backup OneDrive for Business using native Microsoft 365 retention tools
Native Microsoft retention tools such as retention policies or labels and eDiscovery can be used to retain OneDrive data beyond the default OneDrive retention. Administrators can also use native retention tools to back up their organization’s OneDrive data.
3.1. How to backup OneDrive for Business using Microsoft 365 retention policy and retention labels
To learn more about Microsoft 365 retention policies and labels, read our in-depth guide: Microsoft 365 Retention Policy and Retention Label: A Complete Guide
3.1.1. How to create a retention policy for OneDrive for Business
Note: To create and configure retention policies, one needs to be a global admin or a compliance admin.
Licensing requirements
To learn how to create a retention policy, click here.
Retained files are stored in the Preservation Hold Library, and data in the Preservation Hold Library counts against your SharePoint storage quota. The total SharePoint storage limit per organization is set at 1TB plus 10GB x the number of licensed Microsoft 365 users in your tenant. If you exceed the limit, you will have to purchase additional storage priced at $200/month/TB. To save on storage costs, you can opt for a third-party backup solution, like SysCloud.
3.1.2. How to create a retention label for OneDrive for Business
Note: To create and configure retention labels, one needs to be a global administrator or a compliance administrator.
Licensing requirements
To learn how to create a retention label, click here.
3.1.4. Limitations of using retention policies and labels as a OneDrive backup solution
- Retained data counts towards your Microsoft 365 storage quota, which is limited for each user. If you delete data to stay within the storage limit, it can't be restored later. Microsoft keeps full versions of all modified or deleted data (without incremental backups) which can lead to reaching storage limits more quickly.
Unlike third-party cloud backup tools, native retention methods lack automated recovery features. If data is lost, retained data can only be exported offline and restored manually, which can be a time-consuming process - especially for large amounts of data.
- If the Microsoft 365 account falls victim to a ransomware attack and becomes encrypted, so will all the data retained.
- Microsoft does not retain data belonging to deleted user accounts. To retain this data, you will need to maintain the user licenses and continue paying for them.
- Retention policies and legal holds are part of the Compliance Center which is only available in senior E3/E5 plans that are more expensive than Microsoft (Office) 365 Business plans.
- Older versions of files cannot be retained. Only the most recent version of a document is preserved.
- Data cannot be restored from one user account to another. If you have a user leaving the company, you need to manually export the user’s data and import it to another account, which will take a significant amount of manual effort and time.
3.2. How to backup OneDrive for Business using Microsoft eDiscovery
3.2.1. How to create an eDiscovery hold for OneDrive for Business
Note: To create a hold in Microsoft 365, one needs to be a global administrator or compliance administrator.
Licensing requirements:
To learn how to create an eDiscovery hold to retain OneDrive for Business data, click here.
eDiscovery hold is only available in Microsoft 365 Enterprise plans, which cost $32/user/month and $57/user/month respectively. To save on licensing costs, you can opt for third-party cloud backup solutions like SysCloud.
3.2.2. Limitations of OneDrive backup using eDiscovery
- eDiscovery feature is available only for organizations with Microsoft 365 Enterprise E3 or E5 plans, which are more expensive than Microsoft (Office) 365 Business plans.
- If a ransomware attack affects a Microsoft 365 account, all the data that is on legal hold will also get encrypted.
- Each user has a limited amount of storage available, and once data is deleted to free up space, it cannot be recovered. Additionally, eDiscovery holds cannot be used to delete unimportant data (unlike retention policies), which can lead to an exponential increase in storage needs and costs over time.
- Older versions of files cannot be retained. Only the most recent version of a document is preserved.
- Data belonging to deleted user accounts is not retained, so if you need to keep data of employees who have left the company, you must continue paying for their user licenses.
- Data cannot be restored from one user account to another. If a user leaves the company, their data must be manually exported and imported into another account, which is a time-consuming process.
SysCloud's cross-user restore functionality enables effortless data restoration to a different user account, saving significant time and manual effort. This feature is particularly useful when dealing with departing employees.
4. Backup OneDrive for Business Using OneDrive for Business API
Prerequisites:
4.1.1. Registering Your Application with Azure Active Directory
Step 1: Sign into the Azure portal: https://portal.azure.com/
Step 2: Navigate to Azure Active Directory > App registrations.
Step 3: Click New registration and fill in the required details, including the application name and redirect URI.
Step 4: Under Supported account types, select Accounts in this organizational directory only.
Step 5: Once the registration is complete, note the Application (client) ID and Directory (tenant) ID for future use.
4.1.2. Configuring API Permissions
Step 1: In the Azure portal, navigate to App registrations and select your registered application.
Step 2: Click API permissions > Add a permission.
Step 3: Choose Microsoft Graph> Delegated permissions.
Step 4: Add the following permissions: "Files.Read.All" and "Files.ReadWrite.All."
Step 5: Click Add permissions to save your changes.
4.1.3. Acquiring an Access Token
Step 1: Set up an OAuth 2.0 authorization flow to obtain an authorization code.
Step 2: Exchange the authorization code for an access token by making a POST request to the Azure AD token endpoint. You'll need the client ID, tenant ID, and client secret obtained during app registration.
4.1.4. Creating a Custom Backup Solution
Step 1: Retrieve a list of all files and folders stored in your organization's OneDrive for Business by making a GET request to the following endpoint: https://graph.microsoft.com/v1.0/me/drive/root/children
Step 2: Loop through the list and download each file using the API's download endpoint: https://graph.microsoft.com/v1.0/me/drive/items/{item-id}/content
Step 3: Store the downloaded files in your chosen backup destination, such as a separate cloud storage service, a local server, or an off-site data center.
Step 4: Maintain the original folder structure and metadata, including file versions and timestamps, during the backup process to ensure data integrity and easy restoration.
Step 5: Implement error handling to manage cases where a file download or upload fails. This will involve logging the error and retrying as required.
Step 6: Schedule the backup process to run periodically, either through a cron job or a task scheduler, depending on your platform. This ensures that your organization's data is continuously backed up and protected.
Step 7: Implement a notification system to inform administrators about backup successes, failures, or other issues that may arise during the process.
4.1.5. Restoring Backed Up Data
Step 1: Identify the files and folders that need to be restored from your backup storage.
Step 2: Use the OneDrive for Business API to create or select the target folder for restored files: https://graph.microsoft.com/v1.0/me/drive/root/children
Step 3: Upload the backed-up files to the appropriate folders in your organization's OneDrive for Business using the API's upload endpoint: https://graph.microsoft.com/v1.0/me/drive/items/{parent-item-id}/children
Step 4: Restore metadata, such as file versions and timestamps, to ensure data integrity.
Step 5: Verify that the restored files are accessible and functioning as expected.
4.2. Limitations of OneDrive backup using OneDrive API
API rate limits: Microsoft imposes rate limits on API requests to prevent abuse and ensure fair usage. This may slow down your backup process, especially for large organizations with massive amounts of data.
Handling large files: The OneDrive API supports uploading and downloading large files, but it requires using specific methods (like creating upload sessions) that may add complexity to your backup solution.
Complex setup: Implementing a custom OneDrive API backup solution requires good understanding of the API and OAuth 2.0 authentication, and coding expertise, making it unsuitable for organizations lacking dedicated developers.
Maintenance: A custom backup solution built on the OneDrive API will require ongoing maintenance to address changes in the API, handle new features, and fix potential bugs.
Backup storage: Managing and securing the backup storage location may involve additional cost.
Manual restoration: In case of data loss or corruption, you may need to manually restore the files from the backup, which can be time-consuming and prone to errors.
Note: These limitations may vary depending on your organization's specific needs and the complexity of your custom backup solution.
5. Backup OneDrive for Business using third-party cloud backup tools
Unlike the native Microsoft retention tools that are not designed for backup and restore, third-party cloud backup applications like SysCloud serve this purpose better.
5.1. Why should you use third-party cloud backup software for OneDrive backup?
Using a cloud backup application to secure your OneDrive for Business data comes with its own set of advantages:
Effortless backup: Users can take customized backups to effortlessly backup whatever that’s necessary.
Incremental backup: No duplication of backup data; after the initial backup, only newly added data and modified data are backed up.
Automatic/scheduled backup: Take regular backups at a set frequency, so that you don’t miss out any important files.
Easy data retrieval: Even if an account is permanently deleted, a specific user’s data will be available in the backup application and can be restored easily in just a few clicks.
Better storage space management: Set retention periods and extensions to avoid backing up unnecessary files.
Regular activity reports: Get granular reports of all the activities in the backup account.
5.2. SysCloud backup for Microsoft 365
SysCloud is a leading third-party cloud backup application that offers a fully automated backup and restore solution for all Microsoft 365 apps, including OneDrive.
Using SysCloud, businesses can easily back up OneDrive data for all their domains and restore it in just a few clicks.
5.2.1. How to backup OneDrive for Business using SysCloud
Step 1: Log in to your SysCloud backup account.
Step 2: Navigate to Jobs on the top menu and click Create new backup job.
Step 3: Name the backup job and give a description (if required). Click Next.
Step 4: To connect your Microsoft 365 account to SysCloud, navigate to Microsoft Office 365 and click Connect.
Step 5: Review the apps to be backed up, limitations and permissions required, and click Connect and add accounts.
Step 6: Log in to your Microsoft account in the pop-up box. Read the permissions required and click Accept.
Step 7: Click Next.
Step 8: You will have to define the scope of your backup job. For this, click Select under Scope. You can select the entities to back up from the Entities column. Here, you can select the domains, groups, and users to include in the backup job. Simply navigate to the desired tab and click the checkbox next to the domain, user, or group.
Notes:
Step 9: Click the edit icon (pencil icon) under Apps to define the apps you want to back up. By default, all apps are selected for the backup job. If you want to back up only OneDrive data, check only the box next to OneDrive.
To exclude any app from the backup job, click the checkbox next to it to remove it from the selection. You can choose to specify which SharePoint Sites and Teams to back up by clicking the hyperlink beside the app name under Apps.
Auto-backup is turned on by default for all the apps. You can choose to turn it off only for SharePoint Sites and Teams, by checking the OFF box under Auto-backup.
Snapshot-level retention is available only for OneDrive. All other apps have item-level retention only.
If you want the items retained only for a certain period of time, uncheck the box under Retention period and specify the number of days, months, or years for which you want the items retained.
You can also choose to exclude certain file types or file sizes in OneDrive, and Deleted Items or Junk folder in Outlook. Click the pencil icon beside the app name under Exclusions and specify the desired exclusions.
Note: If you have a job with a user-level app [Contacts, Calendars, Outlook, OneDrive], at least one user should be selected in the Scope column.
Step 10: Click Start backup to back up your selected scope.
Backup is just the first step in securing your business data. The ability to recover permanently deleted OneDrive files is critical for Microsoft 365 administrators. To learn the different ways to recover permanently deleted OneDrive data, check out our in-depth guide, How to Recover Permanently Deleted Files from OneDrive for Business.
Frequently asked questions on OneDrive backup
Should I back up OneDrive for Business?
- Data loss from ransomware attacks: In the event of a ransomware attack, OneDrive users who do not have a backup could lose critical data.
- User errors: 70 percent of data loss incidents are caused by accidental deletions. These can occur when employees in your organization:
(b) end up removing the original version of a file while trying to get rid of duplicates Such errors are hard to prevent and it would be impossible to restore the data past the default retention period.
- OneDrive sync feature: Due to OneDrive sync feature, if a malware infects a local machine – unless the sync is turned off – it could be synced immediately, locking all the OneDrive data on the cloud.
- Internal threats: A disgruntled employee could permanently delete critical business data.
- SaaS outages and shutdown: If Microsoft suffers an outage, data could become temporarily unavailable, disrupting business continuity. Backing up your OneDrive data can help you access them even if OneDrive is not available.
- Limitations of native retention settings: The native retention settings offered by Microsoft do not serve as an effective data recovery option. This is because the deleted files are:
- Legal compliance and litigation purposes: Most companies are required to comply with several state and federal regulations. A backup strategy can help in supporting compliance requirements.
OneDrive for Business retention policy
Can you use OneDrive as a backup solution?
2. Select Help & Settings -> Settings.
3. Navigate to Backup -> Manage backup.
4. Select the folders that you want to back up. Click Start backup.
1. It is not an admin-managed solution. The administrator cannot manage backup for individual users.
2. If the files on your PC are infected with ransomware, it can potentially infect all the OneDrive data on the cloud as well due to the OneDrive sync feature.
3. If Microsoft suffers an outage, OneDrive data could become temporarily unavailable, disrupting business continuity.
What's the difference between OneDrive Sync and OneDrive backup?
Does Microsoft back up OneDrive?
No, Microsoft doesn’t back up your OneDrive data. It is clearly stated in their terms of service that they are not responsible for any data loss due to negligence or malicious activities, and they recommend backing up your Microsoft 365 data including OneDrive files and folders using third-party apps.
Is OneDrive secure?
Yes, OneDrive for Business is secure. OneDrive files are protected both in transit and at rest. Data in transit is protected using Transport Layer Security (TLS) encryption. Data at rest is encrypted with unique AES256 keys. These unique keys are encrypted with a set of master keys that are stored in the Azure Key Vault. Learn more about how OneDrive safeguards your data in the cloud.
Are OneDrive files stored locally?
Can anyone see my OneDrive files?
All your files in OneDrive are private unless you decide to share them with others. You can choose whom to share your files with by using the Share option. If you share your OneDrive files with someone and give them edit access, the person will be able to share it with others.
How do I download files from OneDrive to my computer?
You can manually download files from OneDrive to your computer. Learn how to do this. The files will be downloaded as a .zip file.
What is the storage limit for OneDrive for Business?
For most subscription plans, the default storage space for each user’s OneDrive is 1 TB. Depending on your plan and the number of licensed users, you can increase this storage up to 5 TB. Microsoft will provide up to 5 TB of initial OneDrive storage per user based on the default quota for the tenant. Additional storage can be requested by contacting Microsoft support. Subscriptions for fewer than five users receive 1 TB of OneDrive storage that cannot be expanded. For more information, see the OneDrive service description.