Restoring lost data is just a matter of a few clicks

Try SysCloud out with a FREE trial and discover how much faster, easier, and more flexible backups could be - for everyone in your organization. 

Start enjoying faster and easier backups, today

Protect Your Cloud Data, Now!

OneDrive for Business lacks comprehensive backup options, putting critical business data at risk of permanent loss.

• No built-in backup: Microsoft's terms of service state they are not responsible for backing up OneDrive data.
• Manual backups are unreliable: Methods like external drives and OneDrive Sync are time-consuming, prone to errors, and lack full restoration capabilities.

What is the solution?
• SysCloud offers automated, continuous backups for OneDrive for Business, ensuring secure, hassle-free recovery of files, folders, and permissions—protecting against accidental deletions, ransomware, and compliance risks.

This article explores the effective ways to back up SharePoint Online along with compelling reasons to have a backup in place for SharePoint.

Item title 1

Learn how admins can backup Google Drive using Google Vault, Google Takeout, Google Backup and Sync client, manual backup, and third-party cloud backup tools.

Item title 2

Learn how admins can recover permanently deleted Google Drive files using Google Vault, Google Takeout, Drive Trash, and third-party cloud backup tools.

Item title 3

Title

OneDrive for Business is a collaboration platform used by millions of organizations worldwide. Widespread adoption of OneDrive by businesses also means there is an increase in risk of data loss due to a wide variety of reasons.

As per their terms of service, Microsoft is not responsible for backing up your OneDrive data and they recommend using a third-party cloud backup solution for backing up your data. Don’t take our word for it; here is an extract from their Services Agreement (Section 6.b).

We strive to keep the Services up and running; however, all online services suffer occasional disruptions and outages, and Microsoft is not liable for any disruption or loss you may suffer as a result. In the event of an outage, you may not be able to retrieve Your Content or Data that you’ve stored. We recommend that you regularly backup Your Content and Data that you store on the Services or store using Third-Party Apps and Services.

This article explores six different options available to backup OneDrive for business.

It is possible to manually backup OneDrive for Business files to an external computer/hard drive to keep them secure in case your Microsoft 365 account is compromised. Follow the below steps to back up your OneDrive files to a computer/hard drive:

Follow the below steps to back up your OneDrive files to an external drive or computer:

Step 1: Log in to your Microsoft 365 account and go to OneDrive. Select the files you need to back up. You can also select all the files by clicking on the toggle selection for all items.

Step 2: Click on the three dots beside the filename and select Download or click on the Download button at the top.

This will download the selected files to your device. The downloaded files can further be copied to an external hard drive. 

Time-consuming: Large volumes of data will take several hours or days to download. It is better to use an automated backup solution.

Human error: Since the process is done manually, there is a high possibility that you might forget to download new or updated files.

Since the backup copy is stored physically, you will lose your data if something happens to the computer or external drive.

Lack of restoration capabilities: In case of a data loss incident, restoring files is going to be a tedious process, since you will have to manually upload all the files to OneDrive.

The OneDrive Sync Client is an application that you install on Windows that lets you sync selected local folders to OneDrive and vice versa. It can be used to: 

1. Download OneDrive data to a local machine 

2. Upload files on the local machine to OneDrive 

The application is mainly used to transfer files easily between the cloud and a local machine, but it can also be used as a backup tool for creating a copy of your data. 

To set up OneDrive Sync Client, follow the below steps:

Step 1: Click on the Cloud icon on your desktop and click on Sign in to sign in to OneDrive with your Microsoft 365 credentials. Enter your Microsoft 365 email address and click Sign in.

Step 2: Select Next to accept the default folder location for your OneDrive files. If you want to change the folder location, select Change location – this is the best time to make this change.

Step 3: Click on NEXT until you finish the steps and click on the Open my OneDrive folder option.

Step 4: Once your files are synced, click on the OneDrive icon in your taskbar and click on the Settings option.

Step 5: Under Sync and backup, choose the required settings.

Step 6: In the Account tab, click on the Choose folders button to choose the folders for syncing with the local machine. Select the required folders and click OK.

All the selected OneDrive folders will be available on the desktop. However, the files will be in sync with OneDrive; any deletion in OneDrive will be reflected on the desktop, erasing the backed-up data. 

To create a backup, copy all the downloaded files to another folder on the desktop or to an external hard drive. 

Though the Desktop Sync Client can be used as a backup, relying on it completely could be risky, as local machines are prone to crashes or malware attacks. 

Infrequent backups: Since the process of taking the backup is manual, creating consistent and regular backups will become a challenge.

Limited storage: To manage your storage space, you will be forced to delete older files that are of less importance.

High risk: Data stored on local devices can be lost due to hardware failures or ransomware attacks.

Possibility of data loss: If a file is lost between two backup processes, it cannot be restored.

Unreliability: Synchronization in OneDrive cannot be considered as a reliable alternative to backup. If you delete data from your computer, the data is also removed from the cloud. To create a backup, you will have to manually copy all the files to another folder or to an external drive.

Responsibility on end users: This approach is applicable only if individual users take responsibility for backing up their data. An administrator cannot manage backups for individual users.

Native Microsoft retention tools such as retention policies or labels and eDiscovery can be used to retain OneDrive data beyond the default OneDrive retention. Administrators can also use native retention tools to back up their organization’s OneDrive data.

A retention policy is used to assign retention settings at a container level, that is, to a OneDrive account, whereas a retention label is used to assign retention settings at an item level. For example, if all the files in a OneDrive account need to be retained for ten years, it is easier to use a retention policy on the OneDrive account than to apply the same retention label on all the files in that account. However, if only some files in that account need to be retained for five years, then retention labels must be applied at a file level.  

To learn more about Microsoft 365 retention policies and labels, read our in-depth guide: Microsoft 365 Retention Policy and Retention Label: A Complete Guide 

Note: To create and configure retention policies, one needs to be a global admin or a compliance admin.  

For organization-wide, location-wide, or include/exclude retention policies, the following licenses provide user rights: 

Microsoft 365 E5/A5/G5/E3/A3/G3, Business Premium 

Microsoft 365 E5/A5/G5/F5 Compliance and F5 Security & Compliance 

Microsoft 365 E5/A5/F5/G5 Information Protection and Governance 

If the retention policy location is SharePoint or OneDrive for Business, the following license also provides user rights: 

If the retention policy uses an adaptive policy scope, then one of the following licenses is required to provide user rights: 

(Source: https://learn.microsoft.com/en-us/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#information-governance) 

To learn how to create a retention policy, click here. 

Retained files are stored in the Preservation Hold Library, and data in the Preservation Hold Library counts against your SharePoint storage quota. The total SharePoint storage limit per organization is set at 1TB plus 10GB x the number of licensed Microsoft 365 users in your tenant. If you exceed the limit, you will have to purchase additional storage priced at $200/month/TB. To save on storage costs, you can opt for a third-party backup solution, like SysCloud.

Note: To create and configure retention labels, one needs to be a global administrator or a compliance administrator. 

For retention label creation, the following licenses provide user rights: 

Microsoft 365 E5/A5/G5/E3/A3/G3/F3/F1/Business Premium 

Office 365 E5/A5/G5/E3/A3/G3/F3/E1/A1/G1 

The following retention label creation settings: 

Start the retention period based on an event type 

Trigger a disposition review at the end of the retention period 

During the retention period mark items as a record or a regulatory record 

After the retention period, automatically change the retention label 

require these specific licenses to provide user rights: 

To publish retention labels, the following licenses provide user rights: 

If the publishing location is OneDrive, the following licenses provide user rights: 

The following deployment methods for retention labels require specific licensing: 

Auto-apply to content that contains sensitive information 

Auto-apply to content that contains specific words, phrases, or properties 

Apply a default retention label to a SharePoint document library, folder, or document set 

Using an adaptive policy scope in the retention label policy 

The following licenses provide user rights for these deployment methods: 

To learn how to create a retention label, click here. 

Retained data counts towards your Microsoft 365 storage quota, which is limited for each user. If you delete data to stay within the storage limit, it can't be restored later. Microsoft keeps full versions of all modified or deleted data (without incremental backups) which can lead to reaching storage limits more quickly.

Unlike third-party cloud backup tools, native retention methods lack automated recovery features. If data is lost, retained data can only be exported offline and restored manually, which can be a time-consuming process - especially for large amounts of data.

If the Microsoft 365 account falls victim to a ransomware attack and becomes encrypted, so will all the data retained.

Microsoft does not retain data belonging to deleted user accounts. To retain this data, you will need to maintain the user licenses and continue paying for them.

Retention policies and legal holds are part of the Compliance Center which is only available in senior E3/E5 plans that are more expensive than Microsoft (Office) 365 Business plans.

Older versions of files cannot be retained. Only the most recent version of a document is preserved.

Data cannot be restored from one user account to another. If you have a user leaving the company, you need to manually export the user’s data and import it to another account, which will take a significant amount of manual effort and time.

Electronic discovery or eDiscovery in Microsoft 365 is used to search and export content in Exchange Online, OneDrive for Business, SharePoint Online, Microsoft Teams, Microsoft 365 Groups, and Yammer. It is also used to preserve data for compliance and litigation purposes. eDiscovery can also be used as a backup solution for your OneDrive for Business data.

Note: To create a hold in Microsoft 365, one needs to be a global administrator or compliance administrator. 

eDiscovery (Standard) (formerly named Core eDiscovery): Exchange Online Plan 2, Exchange Online Archiving, SharePoint Online Plan 2, Microsoft 365 Business Premium (Exchange only), Microsoft 365 E5/A5/G5/E3/A3/G3, Office 365 E5/A5/G5/E3/A3/G3, F5 Compliance, and F5 Security & Compliance. 

eDiscovery (Premium) (formerly named Advanced eDiscovery): Microsoft 365 E5/A5/F5/G5, Microsoft 365 E5/A5/F5/G5 Compliance, Microsoft 365 E5/A5/F5/G5 eDiscovery and Audit, and Office 365 E5/A5/G5. 

To learn how to create an eDiscovery hold to retain OneDrive for Business data, click here. 

eDiscovery hold is only available in Microsoft 365 Enterprise plans, which cost $32/user/month and $57/user/month respectively. To save on licensing costs, you can opt for third-party cloud backup solutions like SysCloud.

eDiscovery feature is available only for organizations with Microsoft 365 Enterprise E3 or E5 plans, which are more expensive than Microsoft (Office) 365 Business plans. 

If a ransomware attack affects a Microsoft 365 account, all the data that is on legal hold will also get encrypted.

Each user has a limited amount of storage available, and once data is deleted to free up space, it cannot be recovered. Additionally, eDiscovery holds cannot be used to delete unimportant data (unlike retention policies), which can lead to an exponential increase in storage needs and costs over time.

Data belonging to deleted user accounts is not retained, so if you need to keep data of employees who have left the company, you must continue paying for their user licenses.

Data cannot be restored from one user account to another. If a user leaves the company, their data must be manually exported and imported into another account, which is a time-consuming process.

SysCloud's cross-user restore functionality enables effortless data restoration to a different user account, saving significant time and manual effort. This feature is particularly useful when dealing with departing employees.

The OneDrive for Business API consists of a series of REST-based endpoints that developers can utilize to build applications that interact with OneDrive for Business. This API allows you to access, manage, and manipulate files and folders stored in OneDrive for Business programmatically. By leveraging this API, you can create custom backup solutions tailored to your organization's specific needs. 

Administrator access to your organization's Azure Active Directory (Azure AD) 

Familiarity with programming languages such as Python, JavaScript, or C# 

To use the OneDrive for Business API, you first need to register your application with Azure AD. This process grants your application the required permissions to access your organization's OneDrive for Business data.  

To register your application with Azure AD, follow the below steps: 

Step 1:  Sign into the Azure portal: https://portal.azure.com/

Step 2: Navigate to Azure Active Directory > App registrations. 

Step 3: Click New registration and fill in the required details, including the application name and redirect URI. 

Step 4: Under Supported account types, select Accounts in this organizational directory only.

Step 5: Once the registration is complete, note the Application (client) ID and Directory (tenant) ID for future use.

After registering your application, you need to configure the API permissions to access OneDrive for Business. To configure the API permissions to access OneDrive for Business, follow the below steps:

Step 1: In the Azure portal, navigate to App registrations and select your registered application.

Step 2: Click API permissions > Add a permission.

Step 3: Choose Microsoft Graph> Delegated permissions. 

Step 4: Add the following permissions: "Files.Read.All" and "Files.ReadWrite.All." 

Step 5: Click Add permissions to save your changes.

To make API calls, your application will need an access token. This token is used to authenticate and authorize your application to access the OneDrive for Business API.  

To obtain an access token, follow the below steps: 

Step 1: Set up an OAuth 2.0 authorization flow to obtain an authorization code. 

Step 2: Exchange the authorization code for an access token by making a POST request to the Azure AD token endpoint. You'll need the client ID, tenant ID, and client secret obtained during app registration.

With the access token in hand, you can now interact with OneDrive for Business API to create a custom backup solution. Follow the below steps:

Step 1: Retrieve a list of all files and folders stored in your organization's OneDrive for Business by making a GET request to the following endpoint: https://graph.microsoft.com/v1.0/me/drive/root/children

Step 2: Loop through the list and download each file using the API's download endpoint: https://graph.microsoft.com/v1.0/me/drive/items/{item-id}/content 

Step 3: Store the downloaded files in your chosen backup destination, such as a separate cloud storage service, a local server, or an off-site data center. 

Step 4: Maintain the original folder structure and metadata, including file versions and timestamps, during the backup process to ensure data integrity and easy restoration. 

Step 5: Implement error handling to manage cases where a file download or upload fails. This will involve logging the error and retrying as required. 

Step 6: Schedule the backup process to run periodically, either through a cron job or a task scheduler, depending on your platform. This ensures that your organization's data is continuously backed up and protected.

Step 7: Implement a notification system to inform administrators about backup successes, failures, or other issues that may arise during the process.

In the event of data loss or corruption, your custom backup solution should provide an efficient way to restore your OneDrive for Business data. Follow the below steps:

Step 1: Identify the files and folders that need to be restored from your backup storage.

Step 2:  Use the OneDrive for Business API to create or select the target folder for restored files: https://graph.microsoft.com/v1.0/me/drive/root/children 

Step 3:  Upload the backed-up files to the appropriate folders in your organization's OneDrive for Business using the API's upload endpoint: https://graph.microsoft.com/v1.0/me/drive/items/{parent-item-id}/children 

Step 4: Restore metadata, such as file versions and timestamps, to ensure data integrity.

Step 5: Verify that the restored files are accessible and functioning as expected.

API rate limits: Microsoft imposes rate limits on API requests to prevent abuse and ensure fair usage. This may slow down your backup process, especially for large organizations with massive amounts of data.

Handling large files: The OneDrive API supports uploading and downloading large files, but it requires using specific methods (like creating upload sessions) that may add complexity to your backup solution.

Complex setup: Implementing a custom OneDrive API backup solution requires good understanding of the API and OAuth 2.0 authentication, and coding expertise, making it unsuitable for organizations lacking dedicated developers.

Maintenance: A custom backup solution built on the OneDrive API will require ongoing maintenance to address changes in the API, handle new features, and fix potential bugs.

Backup storage: Managing and securing the backup storage location may involve additional cost.

Manual restoration: In case of data loss or corruption, you may need to manually restore the files from the backup, which can be time-consuming and prone to errors.

Note: These limitations may vary depending on your organization's specific needs and the complexity of your custom backup solution.

Unlike the native Microsoft retention tools that are not designed for backup and restore, third-party cloud backup applications like SysCloud serve this purpose better.  

Using a cloud backup application to secure your OneDrive for Business data comes with its own set of advantages:

Effortless backup: Users can take customized backups to effortlessly backup whatever that’s necessary.

Incremental backup: No duplication of backup data; after the initial backup, only newly added data and modified data are backed up.

Automatic/scheduled backup: Take regular backups at a set frequency, so that you don’t miss out any important files.

Easy data retrieval: Even if an account is permanently deleted, a specific user’s data will be available in the backup application and can be restored easily in just a few clicks.

Better storage space management: Set retention periods and extensions to avoid backing up unnecessary files.

Regular activity reports: Get granular reports of all the activities in the backup account.

SysCloud is a leading third-party cloud backup application that offers a fully automated backup and restore solution for all Microsoft 365 apps, including OneDrive. 

Using SysCloud, businesses can easily back up OneDrive data for all their domains and restore it in just a few clicks. 

Follow the steps below to set up OneDrive for Business backup for your organization using the SysCloud backup application: 

Step 1: Log in to your SysCloud backup account. 

Step 2: Navigate to Jobs on the top menu and click Create new backup job.

Step 3: Name the backup job and give a description (if required). Click Next. 

Step 4: To connect your Microsoft 365 account to SysCloud, navigate to Microsoft Office 365 and click Connect.

Step 5: Review the apps to be backed up, limitations and permissions required, and click Connect and add accounts.

Step 6: Log in to your Microsoft account in the pop-up box. Read the permissions required and click Accept.

Step 8: You will have to define the scope of your backup job. For this, click Select under Scope. You can select the entities to back up from the Entities column. Here, you can select the domains, groups, and users to include in the backup job. Simply navigate to the desired tab and click the checkbox next to the domain, user, or group. 

A domain/group/user can only be included in one job. They cannot be included in more than one job. You would need to select at least one user in a backup job. 

Selecting a domain will add all the users in that domain. Similarly, selecting a group will add all users within that group. You don't need to select the domain & then users individually.  

Step 9: Click the edit icon (pencil icon) under Apps to define the apps you want to back up. By default, all apps are selected for the backup job. If you want to back up only OneDrive data, check only the box next to OneDrive.

To exclude any app from the backup job, click the checkbox next to it to remove it from the selection. You can choose to specify which SharePoint Sites and Teams to back up by clicking the hyperlink beside the app name under Apps. 

Auto-backup is turned on by default for all the apps. You can choose to turn it off only for SharePoint Sites and Teams, by checking the OFF box under Auto-backup.

Snapshot-level retention is available only for OneDrive. All other apps have item-level retention only. 

If you want the items retained only for a certain period of time, uncheck the box under Retention period and specify the number of days, months, or years for which you want the items retained. 

You can also choose to exclude certain file types or file sizes in OneDrive, and Deleted Items or Junk folder in Outlook. Click the pencil icon beside the app name under Exclusions and specify the desired exclusions. 


Actionable insights, best practices and tips for IT admins to protect SaaS data.

Explore SaaS 
data protection center

Get expert insights on SaaS data and security

How to Backup OneDrive for Business: A Complete Guide for Admins

I acknowledge cookies need to be deleted from my browser to remove tracking.

Ensure complete tracking removal by deleting cookies from your browser. Click here to learn how.

These cookies are set through our site by a range of third-party social media services that we have added to the site to enable you to share our content with your friends and networks. These cookies are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies, you may not be able to use or see the social media sharing tools.

These cookies are necessary for the website to function and allow us to count visits and traffic sources so we can measure and improve the performance of our site. The cookies may be set by us or third-party providers in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. All information these cookies collect is aggregated and therefore anonymous.

This website uses cookies. We use cookies to personalize content and ads, to provide social media features and to analyze our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.Learn more about how we process personal data in our  Privacy Policy.

These cookies are set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They are based on uniquely identifying your browser and internet device. If you disable these cookies, you will experience fewer or no targeted advertising. You may still see advertisements.

How to Backup OneDrive for Business: A Complete Guide for Admins

1. Backup OneDrive to external drive

1.1. How to backup OneDrive to external drive

1.2. Limitations of OneDrive backup to an external drive

2. Backup OneDrive for Business using OneDrive Sync Client

2.1. How to set up OneDrive Sync Client

2.2. Limitations of OneDrive backup using Sync Client

3. Backup OneDrive for Business using native Microsoft 365 retention tools

3.1. How to backup OneDrive for Business using Microsoft 365 retention policy and retention labels

3.1.1. How to create a retention policy for OneDrive for Business

3.1.2. How to create a retention label for OneDrive for Business

3.1.4. Limitations of using retention policies and labels as a OneDrive backup solution

3.2. How to backup OneDrive for Business using Microsoft eDiscovery

3.2.1. How to create an eDiscovery hold for OneDrive for Business

3.2.2. Limitations of OneDrive backup using eDiscovery

4. Backup OneDrive for Business Using OneDrive for Business API

4.1.1. Registering Your Application with Azure Active Directory

4.1.2. Configuring API Permissions

4.1.3. Acquiring an Access Token

4.1.4. Creating a Custom Backup Solution

4.1.5. Restoring Backed Up Data

4.2. Limitations of OneDrive backup using OneDrive API

5. Backup OneDrive for Business using third-party cloud backup tools

5.1. Why should you use third-party cloud backup software for OneDrive backup?

5.2. SysCloud backup for Microsoft 365

5.2.1. How to backup OneDrive for Business using SysCloud

Frequently asked questions on OneDrive backup