How to Backup OneDrive for Business: A Complete Guide for Admins

1. Backup OneDrive to external drive

1.1. How to backup OneDrive to external drive

1.2. Limitations of OneDrive backup to an external drive

• Time-consuming: Large volumes of data will take several hours or days to download. It is better to use an automated backup solution.

• Human error: Since the process is done manually, there is a high possibility that you might forget to download new or updated files.

• Since the backup copy is stored physically, you will lose your data if something happens to the computer or external drive.

• Lack of restoration capabilities: In case of a data loss incident, restoring files is going to be a tedious process, since you will have to manually upload all the files to OneDrive.

• Sharing permissions are not retained.

2. Backup OneDrive for Business using OneDrive Sync Client

2.1. How to set up OneDrive Sync Client

• Step 1: Click on the Cloud icon on your desktop and click on Sign in to sign in to OneDrive with your Microsoft 365 credentials. Enter your Microsoft 365 email address and click Sign in.

• Step 2: Select Next to accept the default folder location for your OneDrive files. If you want to change the folder location, select Change location – this is the best time to make this change.

• Step 3: Click on NEXT until you finish the steps and click on the Open my OneDrive folder option.

• Step 4: Once your files are synced, click on the OneDrive icon in your taskbar and click on the Settings option.

• Step 5: Under Sync and backup, choose the required settings.

• Step 6: In the Account tab, click on the Choose folders button to choose the folders for syncing with the local machine. Select the required folders and click OK.

2.2. Limitations of OneDrive backup using Sync Client

• Infrequent backups: Since the process of taking the backup is manual, creating consistent and regular backups will become a challenge.

• Limited storage: To manage your storage space, you will be forced to delete older files that are of less importance.

• High risk: Data stored on local devices can be lost due to hardware failures or ransomware attacks.

• Possibility of data loss: If a file is lost between two backup processes, it cannot be restored.

• Unreliability: Synchronization in OneDrive cannot be considered as a reliable alternative to backup. If you delete data from your computer, the data is also removed from the cloud. To create a backup, you will have to manually copy all the files to another folder or to an external drive.

• Responsibility on end users: This approach is applicable only if individual users take responsibility for backing up their data. An administrator cannot manage backups for individual users.

3. Backup OneDrive for Business using native Microsoft 365 retention tools

3.1. How to backup OneDrive for Business using Microsoft 365 retention policy and retention labels

3.1.1. How to create a retention policy for OneDrive for Business

3.1.2. How to create a retention label for OneDrive for Business

3.1.4. Limitations of using retention policies and labels as a OneDrive backup solution

• Retained data counts towards your Microsoft 365 storage quota, which is limited for each user. If you delete data to stay within the storage limit, it can't be restored later. Microsoft keeps full versions of all modified or deleted data (without incremental backups) which can lead to reaching storage limits more quickly.

• Unlike third-party cloud backup tools, native retention methods lack automated recovery features. If data is lost, retained data can only be exported offline and restored manually, which can be a time-consuming process - especially for large amounts of data.

• If the Microsoft 365 account falls victim to a ransomware attack and becomes encrypted, so will all the data retained.

• Microsoft does not retain data belonging to deleted user accounts. To retain this data, you will need to maintain the user licenses and continue paying for them.

• Retention policies and legal holds are part of the Compliance Center which is only available in senior E3/E5 plans that are more expensive than Microsoft (Office) 365 Business plans.

• Older versions of files cannot be retained. Only the most recent version of a document is preserved.

• Data cannot be restored from one user account to another. If you have a user leaving the company, you need to manually export the user’s data and import it to another account, which will take a significant amount of manual effort and time.

3.2. How to backup OneDrive for Business using Microsoft eDiscovery

3.2.1. How to create an eDiscovery hold for OneDrive for Business

3.2.2. Limitations of OneDrive backup using eDiscovery

• eDiscovery feature is available only for organizations with Microsoft 365 Enterprise E3 or E5 plans, which are more expensive than Microsoft (Office) 365 Business plans. 

• If a ransomware attack affects a Microsoft 365 account, all the data that is on legal hold will also get encrypted.

• Each user has a limited amount of storage available, and once data is deleted to free up space, it cannot be recovered. Additionally, eDiscovery holds cannot be used to delete unimportant data (unlike retention policies), which can lead to an exponential increase in storage needs and costs over time.

• Older versions of files cannot be retained. Only the most recent version of a document is preserved.

• Data belonging to deleted user accounts is not retained, so if you need to keep data of employees who have left the company, you must continue paying for their user licenses.

• Data cannot be restored from one user account to another. If a user leaves the company, their data must be manually exported and imported into another account, which is a time-consuming process.

4. Backup OneDrive for Business Using OneDrive for Business API

4.1.1. Registering Your Application with Azure Active Directory

• Step 1:  Sign into the Azure portal: https://portal.azure.com/

• Step 2: Navigate to Azure Active Directory > App registrations. 

• Step 3: Click New registration and fill in the required details, including the application name and redirect URI. 

• Step 4: Under Supported account types, select Accounts in this organizational directory only.

• Step 5: Once the registration is complete, note the Application (client) ID and Directory (tenant) ID for future use.

4.1.2. Configuring API Permissions

• Step 1: In the Azure portal, navigate to App registrations and select your registered application.

• Step 2: Click API permissions > Add a permission.

• Step 3: Choose Microsoft Graph> Delegated permissions. 

• Step 4: Add the following permissions: "Files.Read.All" and "Files.ReadWrite.All." 

• Step 5: Click Add permissions to save your changes.

4.1.3. Acquiring an Access Token

• Step 1: Set up an OAuth 2.0 authorization flow to obtain an authorization code. 

• Step 2: Exchange the authorization code for an access token by making a POST request to the Azure AD token endpoint. You'll need the client ID, tenant ID, and client secret obtained during app registration.

4.1.4. Creating a Custom Backup Solution

• Step 1: Retrieve a list of all files and folders stored in your organization's OneDrive for Business by making a GET request to the following endpoint: https://graph.microsoft.com/v1.0/me/drive/root/children

• Step 2: Loop through the list and download each file using the API's download endpoint: https://graph.microsoft.com/v1.0/me/drive/items/{item-id}/content 

• Step 3: Store the downloaded files in your chosen backup destination, such as a separate cloud storage service, a local server, or an off-site data center. 

• Step 4: Maintain the original folder structure and metadata, including file versions and timestamps, during the backup process to ensure data integrity and easy restoration. 

• Step 5: Implement error handling to manage cases where a file download or upload fails. This will involve logging the error and retrying as required. 

• Step 6: Schedule the backup process to run periodically, either through a cron job or a task scheduler, depending on your platform. This ensures that your organization's data is continuously backed up and protected.

• Step 7: Implement a notification system to inform administrators about backup successes, failures, or other issues that may arise during the process.

4.1.5. Restoring Backed Up Data

• Step 1: Identify the files and folders that need to be restored from your backup storage.

• Step 2:  Use the OneDrive for Business API to create or select the target folder for restored files: https://graph.microsoft.com/v1.0/me/drive/root/children 

• Step 3:  Upload the backed-up files to the appropriate folders in your organization's OneDrive for Business using the API's upload endpoint: https://graph.microsoft.com/v1.0/me/drive/items/{parent-item-id}/children 

• Step 4: Restore metadata, such as file versions and timestamps, to ensure data integrity.

• Step 5: Verify that the restored files are accessible and functioning as expected.

4.2. Limitations of OneDrive backup using OneDrive API

• API rate limits: Microsoft imposes rate limits on API requests to prevent abuse and ensure fair usage. This may slow down your backup process, especially for large organizations with massive amounts of data.

• Handling large files: The OneDrive API supports uploading and downloading large files, but it requires using specific methods (like creating upload sessions) that may add complexity to your backup solution.

• Complex setup: Implementing a custom OneDrive API backup solution requires good understanding of the API and OAuth 2.0 authentication, and coding expertise, making it unsuitable for organizations lacking dedicated developers.

• Maintenance: A custom backup solution built on the OneDrive API will require ongoing maintenance to address changes in the API, handle new features, and fix potential bugs.

• Backup storage: Managing and securing the backup storage location may involve additional cost.

• Manual restoration: In case of data loss or corruption, you may need to manually restore the files from the backup, which can be time-consuming and prone to errors.

5. Backup OneDrive for Business using third-party cloud backup tools

5.1. Why should you use third-party cloud backup software for OneDrive backup?

• Effortless backup: Users can take customized backups to effortlessly backup whatever that’s necessary.

• Incremental backup: No duplication of backup data; after the initial backup, only newly added data and modified data are backed up.

• Automatic/scheduled backup: Take regular backups at a set frequency, so that you don’t miss out any important files.

• Easy data retrieval: Even if an account is permanently deleted, a specific user’s data will be available in the backup application and can be restored easily in just a few clicks.

• Better storage space management: Set retention periods and extensions to avoid backing up unnecessary files.

• Regular activity reports: Get granular reports of all the activities in the backup account.

5.2. SysCloud backup for Microsoft 365

5.2.1. How to backup OneDrive for Business using SysCloud

• Step 1: Log in to your SysCloud backup account. 

• Step 2: Navigate to Jobs on the top menu and click Create new backup job.

• Step 3: Name the backup job and give a description (if required). Click Next. 

• Step 4: To connect your Microsoft 365 account to SysCloud, navigate to Microsoft Office 365 and click Connect.

• Step 5: Review the apps to be backed up, limitations and permissions required, and click Connect and add accounts.

• Step 6: Log in to your Microsoft account in the pop-up box. Read the permissions required and click Accept.

• Step 7: Click Next.

• Step 8: You will have to define the scope of your backup job. For this, click Select under Scope. You can select the entities to back up from the Entities column. Here, you can select the domains, groups, and users to include in the backup job. Simply navigate to the desired tab and click the checkbox next to the domain, user, or group. 

• Step 9: Click the edit icon (pencil icon) under Apps to define the apps you want to back up. By default, all apps are selected for the backup job. If you want to back up only OneDrive data, check only the box next to OneDrive.

• To exclude any app from the backup job, click the checkbox next to it to remove it from the selection. You can choose to specify which SharePoint Sites and Teams to back up by clicking the hyperlink beside the app name under Apps. 

• Auto-backup is turned on by default for all the apps. You can choose to turn it off only for SharePoint Sites and Teams, by checking the OFF box under Auto-backup.

• Snapshot-level retention is available only for OneDrive. All other apps have item-level retention only. 

• If you want the items retained only for a certain period of time, uncheck the box under Retention period and specify the number of days, months, or years for which you want the items retained. 

• You can also choose to exclude certain file types or file sizes in OneDrive, and Deleted Items or Junk folder in Outlook. Click the pencil icon beside the app name under Exclusions and specify the desired exclusions.