How to Perform SharePoint Online and OneDrive for Business Backup

Subscribe banner

SharePoint and OneDrive for Business are important applications for Microsoft 365 users to store data and work with documents. It is important to back up SharePoint Online because data can be lost as a result of ransomware attacks, human error, or other unfortunate events. There are some things you need to consider when performing backup and recovery for SharePoint and OneDrive because Microsoft 365 data is stored in the cloud. This blog post explains how to back up SharePoint and OneDrive for Business.

Native Backup and Restore Methods in Microsoft 365

SharePoint Online uses OneDrive for Business as data storage in the cloud. Content in SharePoint Online is spread across multiple sites, lists, libraries, and OneDrive folders. This makes it more difficult to back up. Microsoft 365 provides some native features that can help you restore deleted or corrupted data.

Recycle Bin

You can use the Recycle Bin to restore deleted sites, libraries, lists, calendar events, folders, and files in SharePoint Online. Deleted items are stored in the Recycle Bin for a maximum retention period of 93 days (including the second-stage Recycle Bin). When the 93 days have expired, items are deleted permanently. If the size of deleted items exceeds the maximum available size of the Recycle Bin, the oldest deleted items are deleted permanently.


Versioning allows you to save multiple versions of a file after changes are made to the file. If unwanted changes were written to a document, you can restore one of the previous versions. Be aware that storing multiple file versions requires additional storage space in the Microsoft 365 cloud. If your Microsoft 365 subscription plan doesn’t provide unlimited storage, you may need to pay more for storing additional file versions.

The maximum number of versions is limited. By default, the limit is 500 versions for document libraries, and it can be increased to 50,000 versions. Versioning is enabled for document libraries in SharePoint Online (by default) and can be enabled manually for page libraries and SharePoint lists. Versioning is unavailable for site metadata.

When users are editing a document, versions are created periodically and automatically approximately every 30 minutes (but not after each change). A version is saved when a user closes a file. Versions can be deleted by SharePoint users, which can complicate data recovery if an item is lost or modified.

Retention policies

Retention policies is not a backup feature per se. However, this feature allows you to create rules that define how long to preserve documents or other files in SharePoint and OneDrive for Business. Retention policies are used to configure what data can be deleted and when it can be deleted. Retention policies don’t support recovery of deleted list columns in SharePoint.

It is possible to set retention policies for different content types. This way, when you create the certain content, the associated retention policy is automatically applied to this content. Retention policies can be configured for document libraries, folders, and files. Compliance retention policies are available for premium subscription plans.

Traditional backup methods used for SharePoint on-premises don’t work with SharePoint Online. You cannot back up the whole server running SharePoint Online or back up a database used by SharePoint Online directly. Microsoft provides APIs (Application Programming Interfaces) to allow third-party backup applications to interact with Microsoft 365 and transfer data.

Disadvantages of Native Backup Features for SharePoint Online

Built-in features have disadvantages. If you do not notice that an item has been deleted in time, it may be too late to recover the deleted item after the retention period has expired, and the item is deleted permanently. If too many files are corrupted, for example, with ransomware, you have to spend a long time recovering each item by selecting the correct file version to recover.

Microsoft is responsible for the high availability of the services it provides. But it is not responsible for user data loss. The appropriate level of geo-redundancy is ensured in Microsoft datacenters to make it possible to maintain service availability in case of a failure. Microsoft performs a backup of Microsoft 365 data including SharePoint sites of customers every 12 hours in its datacenters. Customers can request Microsoft to restore the entire site collection in SharePoint Online if all else fails in recovering your data. You can send a ticket requesting your data to be restored. This option is available for 14 days after permanent (or hard) data deletion (deletion from Recycle Bin). In this case, there is no granular recovery options, and the latest changes are lost because recovery overwrites existing data in SharePoint (changes made after the recovery point). There is no guarantee of successful data restore according to the Microsoft service level agreement (SLA). If data is not restored within 14 days since it was deleted from the second stage Recycle Bin, the data is gone forever.

Using NAKIVO Backup & Replication for SharePoint Online Backup

NAKIVO Backup & Replication is a universal data protection solution that interacts with Microsoft 365 by using the provided APIs. The solution provides backup and flexible granular recovery for both OneDrive and SharePoint Online for Microsoft 365 business subscription plans.

You can create a Backup Repository on a local machine running on-premises to store Microsoft 365 backups including SharePoint and OneDrive backups. A Backup Repository is well protected (if you don’t share the directory with write permissions for everyone).

You can recover deleted data even if more than 93 days passed by using a SharePoint Online backup created by NAKIVO Backup & Replication. The GFS retention policy helps you preserve multiple recovery points for different point-in-time versions.

Recovery doesn’t take a long time. You just need to select a recovery point for the needed date/time and select recovery options. These operations are performed with a few clicks in the user-friendly web interface.

Granular recovery allows you to recover document libraries and lists. Recovery to a source location or to a different location is supported.

How to Back Up SharePoint Online with NAKIVO Backup & Replication

Now, when you are familiar with the functionality of NAKIVO Backup & Replication, let’s find out how to configure the environment to back up SharePoint and OneDrive for Business with NAKIVO Backup & Replication.

The workflow consists of the following main steps:

  • Preparing the Microsoft 365 account in Microsoft Azure – adding API permissions
  • Adding your Microsoft 365 account to the inventory of NAKIVO Backup & Replication
  • Creating a Backup Repository
  • Creating the Microsoft 365 backup job
  • Recovering SharePoint Online data

Preparing the Microsoft 365 account

As NAKIVO Backup & Replication uses APIs provided by Microsoft to interact with Microsoft 365 apps, first you should configure API permissions for NAKIVO Backup & Replication on Microsoft’s side for your Microsoft account.

Open, enter the credentials of your Microsoft 365 administrator account to log in to the Azure portal, and go to App registrations.

Opening app registrations in the Microsoft Azure portal

Click + New registration on the App registrations page to register NAKIVO Backup & Replication as an application that can access Microsoft 365 applications via the provided APIs.

New registration of a backup application in the Microsoft Azure portal

Register an application in the window that opens.

Enter the application name, for example, NAKIVO10-2.

Select who can use this application or access this API by selecting supported account types:

  • Accounts in any organizational directory (Any Azure AD directory – Multitenant)

By proceeding, you agree to the Microsoft Platform Policies. Hit Register.

Registering an application in the Azure portal

The application is now registered. You have to save identifiers used for application registration in a safe place. You will need them later when configuring NAKIVO Backup & Replication.

Application (client) ID


Directory (tenant) ID


Object ID


Once you have saved IDs, click View API permissions.

Viewing credentials for a registered application in the Microsoft Azure portal

On the API permissions page hit + Add a permission. As you can see, there is only one User.Read permission by default.

Adding API permissions for a registered application to allow backup of SharePoint for business and OneDrives

Click Microsoft Graph among available Microsoft APIs.

Selecting Microsoft Graph to set API permissions

Click Application permissions to request API permissions for your application (NAKIVO Backup & Replication).

Requesting application permissions

The list of permissions required to back up and recover Exchange Online, OneDrive for Business and SharePoint Online data is displayed in the table below.

API Permissions Usage
Files>Files.Read.All OneDrive for Business backup
Files>Files.ReadWrite.All OneDrive for Business recovery
Group>Group.Read.All SharePoint Online backup
Mail>Mail.Read Exchange Online backup
Mail>Mail.ReadWrite Exchange Online recovery
MailboxSettings>MailboxSettings.Read Backup and recovery of shared mailboxes
Sites>Sites.FullControl.All SharePoint Online backup and recovery
Sites>Sites.Read.All SharePoint Online backup
Sites>Sites.ReadWrite.All SharePoint Online recovery
Sites>Sites.Manage.All SharePoint Online recovery
User>User.Read.All Exchange Online backup/recovery, OneDrive backup/recovery, SharePoint Online backup
User>User.ReadWrite.All SharePoint and OneDrive recovery

On the Request API permissions page, select all required permissions necessary for running Microsoft 365-related activities in NAKIVO Backup & Replication. Once you have selected all needed API permissions, hit Add permissions.

Selecting required API permissions to back up Exchange Online, SharePoint and OneDrive

API permissions are selected now but their status displayed in the right column is Not granted. Click Grant admin consent for your_organization_name (Nakivo in our case) to change status to Granted.

Grant admin consent for the application

The following message will be displayed:

Do you want to grant consent for the requested permissions for all accounts in your_organization_name? This will update any existing admin consent records this application already has to match what is listed below.

Hit Yes.

Now the status of the API permissions is changed to Granted.

API permissions for Exchange, SharePoint, and OneDrive backup and recovery are granted

In addition to Application (client) ID and Directory (tenant) ID you need to generate a secret ID and save its value.

In the Manage section of the left pane of the App registrations page click Certificates & secrets.

Click + New client secret.

Enter a description, for example, Secret ID.

Select the expiration period: 1 year, 2 years, or never.

Hit Add.

Adding a client secret in the Azure portal for the backup application

The secret ID and value are displayed in the Client secrets section of the Certificates & secrets page. Copy these values and save them in a safe location. Be aware that after closing this page you won’t be able to see the secret anymore. If you don’t save the secret value, you will have to generate a new one. In my example, I’m using the secret value generated on this page.

Azure Client secret:


Viewing the secret value and ID for the backup application

Adding a Microsoft 365 account to the Inventory of NAKIVO Backup & Replication

After you have generated credentials for your Microsoft 365 account in the web interface of the Microsoft Azure portal, and selected API permissions, you should add your Microsoft 365 account to the inventory of NAKIVO Backup & Replication.

Open the web interface of NAKIVO Backup & Replication and go to Settings > Inventory.

Click Add New, and, in the menu that opens, hit Microsoft 365 account.

Adding a Microsoft 365 account to the inventory of NAKIVO Backup & Replication

Add a new Microsoft 365 account. Enter the needed parameters, click the (?) icon to read useful tips for the appropriate field. In the Services field, you can select one, two, or all of the supported Microsoft 365 apps. You have to enter the Tenant ID, Azure Client ID, and Azure Client secret you have saved before when configuring app registration in the web interface of the Azure portal.

The administrator account credentials for your Microsoft 365 account are required for support of SharePoint Online. Enter a user name and password for a user with administrative permissions in Microsoft 365. If you leave the Username and Password fields empty, SharePoint Online data is not added to the Inventory and SharePoint data cannot be backed up.

In my example, I will enter the following values to add our Microsoft 365 account.

Display name: Office 365

Services: Exchange Online, OneDrive for Business, SharePoint Online

Tenant ID: adb12933-1385-31a7-aa4f-b614511df15a

Azure Client ID: vv807d81-5e44-26e5-7621-dd5e21843a6a

Azure Client secret: @DhF4ah3eSj-cF-sJf40_HvhDE5AVbcH


Password: ****************

After entering the correct information hit Add.

Adding a new Microsoft 365 account to protect Exchange Online, SharePoint and OneDrive

Wait until your Microsoft 365 account is added to the inventory. It may take a few minutes; time depends on the amount of data and number of objects stored in Microsoft 365. When your Microsoft 365 account is present in your inventory, the information about used space, the number of mailboxes, OneDrives, and SharePoint sites is displayed.

The Office 365 account is added to the inventory

Once the account has been added to the inventory, you can open Inventory, click your Microsoft 365 account (Office 365 in our case), and view added mailboxes, OneDrives and SharePoint sites.

Viewing Microsoft 365 items available in the inventory of NAKIVO Backup & Replication

Creating a Backup Repository

A Backup Repository is the place where backups are stored. Create a new directory on the machine on which NAKIVO Backup & Replication is running. If you deployed NAKIVO Backup & Replication on a Linux machine or as a virtual appliance, connect to this machine via SSH and log in to the console. Run commands as root (enter sudo -i to get root privileges).

Go to /opt/nakivo/ and create a new directory to be used for your Microsoft 365 Backup Repository. In our case, we use /opt/nakivo/repo365 for a Backup Repository.

cd /opt/nakivo

mkdir repo365

Set the correct owner and permissions for this directory (bhsvc is the name of the user created by NAKIVO Backup & Replication during installation).

chown bhsvc:bhsvc /opt/nakivo/repo365

chmod 0775 /opt/nakivo/repo365

Check the contents of the /opt/nakivo/ directory, and make sure that permissions for the repo365 directory are set properly.

ls -al

Creating a directory for a backup repository on a Linux machine

Once the directory for the Backup Repository is prepared, open the web interface of NAKIVO Backup & Replication. Go to Settings > Repositories. Click Add Backup Repository > Create new backup repository.

Creating a new backup repository to store SharePoint and OneDrive backups

The Create Backup Repository wizard contains three steps.

1. Type. Select SaaS as the backup repository type for Microsoft 365 objects. Hit Next at each step to continue.

Selecting the SaaS type for a backup repository to store Microsoft 365 data2. Name & Location. Enter a name and select a location for your Microsoft 365 Backup Repository.

Name: Office 365 repo

Assigned transporter: Onboard transporter

Path to the local folder: /opt/nakivo/repo365

Note: You can deploy a Transporter on a remote machine, create a directory on that remote machine, and use it to create a Backup Repository. This approach provides you more flexibility and allows you to store Microsoft 365 data backups on remote machines.

Selecting the name and location for the Backup Repository3. Options. There is only one option at this stage and you can skip and leave it unselected. Optionally, it is possible to detach this Backup Repository on schedule when backup jobs are not running to transfer data and preserve data consistency. Hit Finish to save settings and create the Backup Repository.

Additional options for the Backup Repository

Creating the Microsoft 365 backup job

The Microsoft 365 account is added to the inventory now and a Backup Repository is created to store Microsoft 365 data. Everything is ready to create a new backup job to back up SharePoint and OneDrive for Business data.

In the web interface of NAKIVO Backup & Replication, open the Dashboard, and click Create > Microsoft 365 backup job.

Creating a new Microsoft 365 backup job in NAKIVO Backup & Replication

A new backup job wizard for Microsoft 365 is opened and consists of five steps.

1. Sources. In the left pane you can see Mailboxes, OneDrives and SharePoint sites. Let’s back up a SharePoint site in this walkthrough. Select one or multiple SharePoint sites or subsites. In our example we select the Automation01 site. Hit Next at each step of the wizard to continue.

You can read how to back up Exchange Online mailboxes and OneDrive storage using NAKIVO Backup & Replication in our blog posts that are available on our website.

Selecting data that you want to back up (OneDrive for Business SharePoint)2. Destination. Select a Backup Repository to store your SharePoint backup. In my case, I’ll select a repository with the name Office 365 repo (that was created before). You can click a site name to expand the advanced setup and select different Backup Repositories for each site if needed.

Selecting backup destination for a new SharePoint for business backup job3. Schedule. This is a traditional step for a backup job with job schedule settings.

SharePoint Online backup job scheduling4. Retention. Configure retention settings. NAKIVO Backup & Replication uses the grandfather-father-son (GFS) retention policy.

Configuring retention settings for a new SharePoint Online backup job

5. Options. Enter a job name, for example, SharePoint Online backup job. Select additional job options if needed. Hit Finish & Run to save job settings, and run this SharePoint Online backup job.

SharePoint Online backup job options

On the dashboard, you can see the progress of the running SharePoint Online backup job. On the screenshot below, 13,635 items have been backed up at that moment of time. Click the link to see details of the backup process. Wait until the SharePoint Online backup job is finished. Time needed to finish the job depends on the internet speed and amount of backed up data.

A SharePoint Online backup job is running

How to recover SharePoint Online data in NAKIVO Backup & Replication

You have created a SharePoint Online backup with NAKIVO Backup & Replication and you know how to back up OneDrive for Business. Let’s explain how to recover SharePoint Online data from a backup. The process of SharePoint Online recovery and OneDrive recovery is similar.

Open the dashboard in the web interface of NAKIVO Backup & Replication, click Recover > Microsoft 365.

Starting granular recovery for SharePoint Online by using NAKIVO Backup & Replication

The Object recovery wizard for Microsoft 365 is opened and consists of five steps.

1. Backup. In the left pane select items you want to recover. If your backup contains Exchange Online, OneDrive for Business and SharePoint Online items, they all are displayed in the left pane. As our backup contains only one SharePoint site, we select this site to recover. Once you have selected the needed objects to recover, select the recovery point in the right pane. We select the oldest recovery point in this example. Hit Next at each step to continue.

Selecting a recovery point and items from a SharePoint Online backup2. Recovery account. Select the recovery account. This is an account to which you recover data from a backup. In our case the name of the Microsoft 365 account we added to the inventory is Office 365.

Selecting the Office 365 recovery account to restore SharePoint Online data

3. Objects. Select objects you want to recover. You can select custom SharePoint objects, for example, document libraries. We select Documents and testlibrary1 for our Automation01 site to recover.

Selecting SharePoint Online objects to recover

4. Options. Select the recovery type and overwrite behavior. Supported options for the recovery type and overwrite behavior are listed below.

Recovery type:

  • Recover to original location
  • Recover to site

Overwrite behavior:

  • Rename recovered item if such item exists
  • Skip recovered item if such item exists
  • Overwrite the original item if such item exists

Note: Recover to original location will not be possible if the selected recovery account is different than the original account.

Select the needed options and hit Recover to start the SharePoint Online recovery process. Wait until the data is recovered.

Selecting the recovery type and overwrite behavior in recovery options

After finishing the recovery process, go to SharePoint and check the recovered items.

You can download the Free Edition of NAKIVO Backup & Replication to get full access to the Pro edition functionality for 5 Microsoft 365 accounts and enjoy robust and reliable data protection at zero cost for one year.


Native features to recover SharePoint and OneDrive data in Microsoft 365 have some disadvantages due to limited functionality. For this reason, Office 365 users and administrators should use third-party backup and recovery software. This blog post covered SharePoint and OneDrive for business backup and explained how to configure your environment to back up Microsoft 365 with NAKIVO Backup & Replication. You have to configure API permissions in the Microsoft Azure portal by using your Microsoft account, add your Microsoft 365 account to the inventory of NAKIVO Backup & Replication, create a backup repository and then run backup and recovery jobs for Exchange Online, SharePoint and OneDrive for Business. Use NAKIVO Backup & Replication to protect your data and get advanced backup and recovery options.

Let’s Stay in Touch

Subscribe today to our monthly newsletter
so you never miss out on our offers, news and discounts.