A challenge for businesses supporting the hybrid workforce and cloud environments is recovering data that has been accidentally or intentionally deleted. Let's look at processes to recover recently deleted emails and emails that have aged past the 30-day threshold for deletions.

When an end user deletes an email message using a regular delete (not SHIFT+DELETE), the email message is moved from the Inbox or other folders to the Deleted Items folder. This allows users to quickly move a message that was accidentally deleted back to their Inbox. This is a self-service process that doesn't require the intervention of IT staff.

Deleted Items folder containing deleted email items

Deleted Items folder containing deleted email items

When a user empties the Deleted Items folder or SHIFT+DELETEs an email, these go into a special folder located at Recoverable Items > Deletions. The same happens when you right-click the Deleted Items folder and choose Empty Folder. When emails are moved here, there is still an opportunity to recover the items, as we will see.

Emptying the Deleted Items folder

Emptying the Deleted Items folder

To see the email items in this location, click Deleted Items > Recover items deleted from this folder. The link appears at the top of your email panel when accessed from the web portal or Outlook client.

Recovering emails deleted from Deleted Items

Recovering emails deleted from Deleted Items

Configuring recoverable items

Microsoft 365 has the following retention periods for emails:

  • Inbox—persistent until manually deleted
  • Deleted Items—persistent until manually deleted.
  • Recoverable items (items deleted from your Deleted Items folder)—14 days by default (max 30)

We can check the configured retention policy for recoverable items with the PowerShell cmdlet below:

Get-Mailbox -identity <your user> | select RetainDeletedItemsFor

As shown below, the default RetainDeletedItemsFor property for a user in a Microsoft 365 subscription is 14 days.

Viewing the retaindeleteditems property for a user

Viewing the retaindeleteditems property for a user

You can use PowerShell to increase the RetainDeletedItemsFor property and set the maximum to 30 days. Notice below that attempting any value higher than 30 is not allowed.

Set-Mailbox -Identity <your user> -RetainDeletedItemsFor 30

Configuring the RetainDeletedItemsFor property for a 30 day retention period

Configuring the RetainDeletedItemsFor property for a 30 day retention period

Creating in-place and litigation holds

Businesses do have a way to prevent emails from being deleted due to the default retention settings found natively in Microsoft 365. The in-place hold allows the creation of a granular hold policy to preserve mailbox items. The in-place hold can hold items based on the following:

  • Indefinite hold—This is similar to the litigation hold, which keeps the mailbox indefinitely
  • Query-based hold—Hold only items based on a query that contains certain keywords, start and end dates, sender and recipient, addresses, and message types
  • Time-based hold—Specify the duration for which mail items are held

Litigation holds use the LitigationHoldEnabled property of a mailbox. These are not granular, and place the entire mailbox contents on hold.

Recovering deleted emails after permanent deletion

What happens after your email items roll past the 30-day retention period in the Recoverable items > Deletions folder? If there are no compliance, in-place, or litigation holds that would retain the emails past this point, your emails, from a Microsoft perspective, are not recoverable.

After the 30-day retention period, businesses must use their own solutions and methods to recover deleted emails. Many third-party backup solutions offer the ability to protect Microsoft 365 cloud emails and files. Of course, a third-party backup solution must be in place before the data loss event.

Another way to save a copy of Microsoft 365 emails is to export your mailbox to a PST file.

Wrapping up

It is important for organizations using Microsoft 365 to understand the retention of data and the default policies in place. Both the Deleted Items and the hidden Recoverable Items > Deletions folder are safety nets that help prevent data loss when emails are deleted.

Subscribe to 4sysops newsletter!

After a maximum of 30 days, the Recoverable Items > Deletions folder is emptied, and the emails here are gone forever without additional compliance or other holds put in place. Organizations must then use third-party backup solutions and other means to back up business-critical email data.

avatar
1 Comment
  1. Pretty good article for people using Microsoft 365 email solution. Another important command to set the mailboxes of all org users in one go:

    Get-Mailbox -ResultSize unlimited -Filter "RecipientTypeDetails -eq 'UserMailbox'" | Set-Mailbox -RetainDeletedItemsFor 30

    Source: MS docs

Leave a reply

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2023

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account