March 18, 2020
How to Recover Deleted Emails in Office 365 with NAKIVO Backup & Replication
Microsoft Office 365 is a cloud-based solution that provides subscription services which are typically used for business purposes. You are required to buy licenses for your Microsoft Office 365 subscription for the appropriate number of users to make it possible for them to access and use enterprise-grade applications and services. Email correspondence is an essential aspect of modern-day business operations, but occasionally an email message can be accidentally deleted. Another bad situation that can occur is when a user loses email credentials as a result of a cyberattack and cannot log in to their Outlook 365 account. This blog post explains how to recover deleted emails in Office 365.
You can also visit the NAKIVO Community Forum and discuss how to recover deleted emails in Office 365 in a fast and efficient manner.
General Recommendations to Reduce Chances of Losing Emails
You can reduce the probability of having to recover accidentally deleted emails if you take measures to prevent losing emails and email accounts. The following precautions can help you avoid losing your email data:
- Strong password. Using a strong password can make it difficult to hack your password.
- Respect and comply with the security policy. Don’t save passwords as plain text, and don’t write down passwords on a piece of paper that can be accessed by other people. Don’t tell passwords to people who introduce themselves as the support service.
- Two-factor authentication. When this authentication method is used, an additional security level is provided by adding a second authentication form from a range of available authentication methods. After entering a password to log into your Office 365 account, you have to enter a verification code or use another configured verification option. Two-factor authentication makes hacking your account far more difficult.
Defining Your Office 365 Email Recovery Strategy
To be able to restore lost or deleted data in Office 365 when required, you need to regularly perform backup and keep those backups in a secure location. Hence, you should primarily check whether or not you already have an Office 365 backup in place which can be used for data recovery.
Recovery without a backup
If you haven’t made a backup, available recovery methods are limited. The basic Office 365 email recovery methods which can be used in such case are explained in the section below.
Using an email client and a web interface in conjunction offers some advantages. You possess all downloaded emails in your email client until you delete them inside the client. If you have deleted the email message in the email client which is configured to use the POP3 email retrieving protocol, the message will not be deleted from the mail server immediately (if the appropriate settings are configured in the email client). As a result, your email message is preserved in the web interface of Microsoft Office Outlook 365 (even if you have deleted this email message in the email client).
However, if you have lost your Microsoft Office 365 account as a result of a malware or hacker attack, your email messages can be restored via your email client. Ask a system administrator to reset the password of your Microsoft Office 365 account, an then scan your computer and all installed storage devices for viruses and malware.
As you can see, having a copy of your email messages increases the chances of successful email recovery.
Using a web interface
Within 30 days after their deletion, emails are stored in the Deleted Items folder. Once they are deleted from the Deleted Items folder, your email messages are moved to the Recoverable Items folder. The email messages are stored in the Recoverable Items folder for 30 days and then deleted permanently and irreversibly. Thus, you still have 60 days to restore required emails since the moment of their deletion. In this blog post, you will see how to recover deleted emails in Office 365 using the web interface when there is no backup available.
If a user notices that an important email has been deleted and the recovery period of 60 days has already expired, the mere presence of a backup in place can save the user a lot of headache and ensure recovery of the accidentally deleted email.
Recovery from a backup
Having a backup in place of your email messages provides you with additional recovery options. First, let’s consider the native options that can be used to back up Office 365 emails.
Use the Archive folder
If the IMAP protocol is used to retrieve and synchronize email messages in the email client and on a mail server, configure the archiving settings to archive email messages to the Archive folder. When you configure email archiving, the Archive folder can be considered as a backup by using built-in features of Microsoft Office 365.
Configure email forwarding
Email forwarding can be enabled in the web interface of Microsoft Office 365 and by configuring the rules in Outlook desktop client. Select the address you want your email messages to be sent to and configure it to keep copies of the forwarded messages on your first email account (it will prevent a message from deleting from the first email account after forwarding). For example, we have two email accounts:
We can set all incoming email messages of the firstname.lastname@example.org to be forwarded to email@example.com automatically to increase the probability of recovering Office 365 deleted emails. If an email message is accidentally deleted from the first account, it is still possible to find a copy of the message in the second account.
Export emails from Outlook
Outlook desktop client provides options to export/import email messages to/from a PST file. This feature can be used to transfer emails from one computer to another and backup or recover email messages. When you export your emails, they are not deleted from the email client. However, a copy of your email messages is exported to the PST file. Keep the PST file in a safe place and use it to recover emails when needed. You can set up the AutoArchive feature in Outlook desktop client to export emails automatically within the defined time period (1 day, 2 days, 7 days etc.).
eDiscovery is a tool that is available only for Microsoft Office 365 subscribers who have Office 365 Enterprise E3 and E5 plans. This tool can be used by system administrators who manage email accounts for a domain of the company in Office 365 Admin Center, but not by end users of Office 365 email accounts. Electronic discovery can be utilized to identify and deliver information to be used as evidence for investigations and legal cases. Another popular use case of eDiscovery is to search, collect and export data from Office 365 for corporate users and organizations. The export feature can be used to export emails of a user to a PST file. Emails are not recovered to the original location automatically. A user has to import the PST file manually and manage the recovered email messages as needed.
Using NAKIVO Backup & Replication
NAKIVO Backup & Replication is a universal data protection solution that can back up virtual, physical, and cloud environments. This is all-in-one solution that can be used to back up and recover Office 365 email accounts. You can download NAKIVO Backup & Replication 9.2 with Microsoft Office 365 support from the official website. The backup process can be automated, making Office 365 email backup fast and easy.
Now that you are familiar with the diverse methods of how to recover deleted emails in Office 365, let’s find out how to recover deleted emails on practice.
How to Recover Deleted Emails in Office 365 without Backup
One of the most popular use cases is described in this section. As mentioned above, when using web interface of Microsoft Office 365 Outlook, your deleted emails can be recovered from the Deleted Items folder within 30 days. In Outlook 365 go to the Deleted Items folder and select the necessary email messages. Then click the Restore button to restore the deleted messages to the source location (emails deleted from the Inbox folder will be recovered to the Inbox folder).
If 30 days have passed after email deletion, or you have deleted an email message from the Deleted Items folder manually, the deleted message will no longer be displayed in this folder. However, it is still possible to recover the deleted message from the Recoverable Items folder within 30 days after deleting it from the Deleted Items folder. On the screenshot below, you can see that the Deleted Items folder is empty and there are four items deleted from the Deleted Items folder which are still recoverable. In order to recover those items, click Recover items deleted from this folder.
Now you are in the Recoverable Items folder. Select the message you wish to recover and click Restore. The email message is recovered to the source location (the Inbox folder in our case).
How to Create a Backup of Office 365 Emails
Having a backup provides you with far greater abilities for recovering Office 365 deleted emails. Suggested backup approaches were explained above and now it’s time to put them in practice. Let’s review how to back up Office 365 mailboxes and email messages with NAKIVO Backup & Replication in an example. You have to configure environment only once and then your Office 365 mail accounts will be backed up and protected. NAKIVO Backup & Replication is running as a Linux-based virtual appliance in this example.
The first action you have to do is find Office 365 identifiers (IDs) and register the backup application in the Microsoft Azure Active Directory which can be accessed by using a web browser. These identifiers which are used as credentials will be required to add your Office 365 account to Inventory of NAKIVO Backup & Replication.
Starting conditions in this example are the following: there is a corporate account with a couple of user accounts for Microsoft Office 365, the domain name is email01.onmicrosoft.com and the admin name is firstname.lastname@example.org. Users have mailboxes in Outlook 365. System administrator can manage user accounts by visiting the web page:
Azure Active directory settings for Office 365
You have to perform a certain configuration before you can get the necessary credentials for adding the Office 365 account to Inventory of NAKIVO Backup & Replication. Management APIs of Office 365 use Azure Active Directory (AD) for providing authentication services for non-Microsoft applications to grant rights and allow access.
Go to Azure Active Directory settings by opening the web page:
Log in by using an administrative account of your company (domain). Click Portal to open the management portal.
In the Azure services section, hit Azure Active Directory to open Azure Active Directory settings.
In the left pane, select App registrations and click New registration.
Note: If these options are inactive and not accessible or a network error is displayed, try using an IP address from another country. For some strange reason, it can sometimes be impossible to load the App Registration page in Azure Active Directory settings from certain countries. You can use a VPN service and open this web page by using an external IP addresses that belong to the USA or the European Union, for example.
The Register an application window is opened. You have to register NAKIVO Backup & Replication as the allowed application for your Office 365 account in Azure Active Directory settings. Use the following algorithm:
1. Enter the name for your registered application, for example, NAKIVO_9-2.
2. In the Supported account types section, select:
“Accounts in any organizational directory (Any Azure AD directory – Multitenant) and personal Microsoft accounts”.
3. Click Register.
In the App Registrations > NAKIVO-9_2 > Overview section, you can see the identifiers (IDs) – Application (client) ID, Directory (tenant) ID and Object ID. In the current example, the credentials are the following:
Application (client) ID: vv807d81-5e44-26e5-7621-dd5e21843a6a
Directory (tenant) ID: adb12933-1385-31a7-aa4f-b614511df15a
Object ID: 1d67c837-19e0-40e6-aef5-e7ef0537271a
Write down or copy these IDs because you will need them later. Then click View API permissions.
Select API permissions in the left pane. In the Configured permissions section, click Add a permission.
In the next window, hit Microsoft Graph.
After that, click Application permissions.
Add the necessary permissions in the Request API permissions window. Tick the checkbox near the following strings:
After ticking the checkboxes, click the Add permissions button in the bottom of the window.
The two entities you added before are now displayed in the API permissions section, but their status is Not granted. Click Grant admin consent for [your directory name]. In this example, the Default Directory name is used.
The confirmation message is displayed:
Do you want to grant consent for the requested permissions for all accounts in Default Directory? This will update any existing admin consent records this application already has to match what is listed below.
Now the status of the entities is Granted.
This means that now you can generate a client secret ID.
Go to Certificates and secrets and click New client secret.
Type Secret ID as the description and define the expiration period, for example, by setting the secret to expire in one year. Click Add.
Now the secret ID is displayed. Copy the secret ID value and keep this information secured in a safe place.
Adding Office 365 account to Inventory
Once you have all the needed IDs (credentials) and configured Office 365 on the Azure side, you can go to configuration of NAKIVO Backup & Replication. First you need to add your Office 365 account to Inventory. Open the web interface of NAKIVO Backup & Replication, go to Configuration and select the Inventory tab. Click Add New and in the drop-down menu, select Microsoft Office 365 account.
Add new Microsoft Office 365 account by entering the name and credentials. Use the credentials that you collected before in the Azure Active directory configuration.
Display Name: Office 365
Tenant ID: adb12933-1385-31a7-aa4f-b614511df15a
Azure Client ID: vv807d81-5e44-26e5-7621-dd5e21843a6a
Azure Client Secret: @DhF4ah3eSj-cF-sJf40_HvhDE5AVbcH
If you entered the correct credentials, you will see your Office 365 account appear in Inventory in a moment. The total amount of used storage and number of mailboxes is displayed after adding an Office 365 account to Inventory.
You can click your Office 365 account name and see the list of Office 365 users of your organization (domain).
If you already use NAKIVO Backup & Replication, you know that if you want to run a backup job, you should prepare a backup repository. Notice that Office 365 backup requires you to create a special Microsoft Office 365 repository type. Let’s create a new backup repository for Office 365. Go to Configuration > Repositories, click Add Backup Repository and select Create new backup repository.
You should create a directory for your Microsoft Office 365 backup repository on the machine where NAKIVO Backup & Replication is installed. In our example, the product is running on a Linux machine and /opt/nakivo/repo365 will be the directory used for the Office 365 backup repository.
Create a new directory on a Linux machine running NAKIVO Backup & Replication:
Make the NAKIVO user to be the owner of the directory:
chown -R bhsvc:bhsvc /opt/nakivo/repo365
Set the correct permissions for the directory:
chmod 0755 /opt/nakivo/repo365
Now you can enter the parameters for the new Office 365 backup repository.
Name: Office365 repo
Assigned transporter: Onboard transporter
Type: Microsoft Office 365
Path to the local folder: /opt/nakivo/repo365
Hit Add to finish creating a new backup repository for Office 365.
On the screenshot below, you can see that a new Microsoft Office 365 backup repository has been successfully created.
Creating a Microsoft Office 365 backup job
Once your Office 365 account is added to Inventory and Office 365 backup repository is created, you can create a new Office 365 backup job to back up the email data of your users. On the home page of NAKIVO backup & Replication web interface, click Create and select Microsoft Office 365 backup job.
The New Backup Job Wizard for Microsoft Office 365 is opened.
Select the necessary mailboxes that you would like to back up. Tick the checkboxes next to the appropriate users to select them. Hit Next to continue for each step in the wizard.
In the drop-down menu, select Office365 repo you created before as a backup repository for Office 365. If you have multiple backup repositories for Office 365, you can click each account and select a custom backup repository for each account.
Select the scheduling options for a backup job as you usually would.
Similarly, select retention settings that are typical for your backup jobs in NAKIVO Backup & Replication.
The final step of the wizard is to select Office 365 backup job options. Enter the job name, for example, Office 365 backup job and set additional options if needed. Hit Finish & Run to save Office 365 backup job settings and run the job.
You can see the progress and job status on the main page of the web interface when selecting the job.
How to Recover Deleted Emails in Office 365 from Backups
Now you have a backup of your Office 365 mailboxes created in NAKIVO Backup & Replication. It means that it is possible to recover the entire email account or custom email messages. Let’s recover an email message from the Office 365 backup. On the home page, click Recover > Microsoft Office 365.
The Object Recovery Wizard for Microsoft Office 365 is opened.
In the left pane, select the required Office 365 backup job, click the job name, and select the required user(s) whose mailbox(es) you wish to recover. In the right pane, select a recovery point. By default, the latest recovery point is selected. Hit Next to continue for each step in the wizard.
2. Recovery Account
If you have two or more Microsoft Office 365 accounts, you can select the required account from the drop-down menu.
On this step, you can select the necessary users and view email folders (click the user to expand folders). Let’s recover the email message whose subject is “Recover Me” in the Inbox folder. Tick the checkbox near the messages you wish to recover by clicking on them. In our example, we recover the email message received by Michael Bose.
At this step, you can configure two parameters.
- Recover to original location. Emails are recovered to the original location of the source user account.
- Recover to mailbox. Emails are recovered to the appropriate folder of another selected user.
- Rename recovered item if such an item exists.
- Skip recovered item if such an item exists.
- Overwrite the original item if such an item exists.
In this example, we are recovering the email to the original location.
Hit Recover to recover deleted emails in Office 365 with NAKIVO Backup & Replication.
You can see the status of the Office 365 recovery job in the Activities tab, or click Close to exit the Wizard.
On the screenshot below, you can see the status of the Microsoft Office 365 recovery job displayed in the Activities tab.
Once the job is complete, you can open the web interface of Microsoft Office 365 Outlook and log in as a user to the account to which you have recovered the email data. In our case, this is the account of Michael Bose. As we recovered the email message to the source location, let’s check the Inbox folder. The message has been recovered successfully and it is present in the Inbox folder .
There are a couple of recovery options for Microsoft Office 365 mailboxes and today’s blog post has covered the most affordable of them. Having a backup in place plays an important role when it comes to recovering deleted email messages, and defines Microsoft Office 365 recovery strategy. Without creating backups, you can only recover deleted emails within 60 days in the web interface of Office 365. If you use an email client, then you have a local copy of emails that can help if your account becomes compromised, blocked, or wiped out. If you have deleted an email message in the email client that is properly configured, the message can be still accessed in the web interface of Office 365. The best option is to perform backup of Office 365 email accounts regularly. NAKIVO Backup & Replication can protect your Office 365 email accounts by running backup jobs automatically and regularly. If a user has lost an email message, granular recovery allows you to recover the appropriate email messages without recovering entire mailboxes.