How to Recover Deleted Emails in Microsoft 365

11 Min. Read

Email is an integral part of the business world today. Millions of employees communicate via email on a daily basis using Microsoft Office 365. Microsoft Office 365 is a cloud-based platform that provides email services along with other apps, such as Word, Excel, PowerPoint, Teams, etc. To use Microsoft’s enterprise-grade services, you need to purchase a licensed subscription for the appropriate number of users.

One of the biggest challenges you can face as a Microsoft email user is email deletion. The deletion can take place by accident or as a result of an internal or external security breach.

This blog post discusses all possible recovery options for your deleted Microsoft 365 email.

Introduction

Data deletion can occur at any time. However, you can prevent it from happening by following certain precautions. Email deletion can result from human error or security breaches. Here are simple rules that can help you avoid accidental and intentional deletions of your email messages:

> Choose a strong password. Prevent unauthorized access to your account by setting up a strong password. A strong password consists of random words, numbers, and special characters. Several words can be joined together to make the password stronger. Don’t choose short passwords that contain your name or carry personal connotations. Such passwords can be easily guessed by a password cracking tool. A long password consisting of two randomly selected words is your best bet to ensure the safety of your email account.

> Follow basic security standards. To ensure the safety of your email account, refrain from saving passwords as plain text. Don’t write down passwords on a piece of paper. Don’t leave your passwords at your desk or other locations where unauthorized individuals can find them. Never tell your password to an unfamiliar person, even if they introduce themselves as from a technical support service.

> Use multi-factor authentication. Provide another authentication method in addition to your password, such as:

  • A text message with a verification code
  • A confirmation call
  • A code from an authenticator app
  • Face recognition
  • Fingerprint

Multi-factor authentication ( MFA) offers an extra security layer to your Microsoft email account. If cybercriminals attempt to access your email with a stolen password, they won’t be able to bypass the second authentication step.

Choose the right Office 365 email backup strategy

You can recover your Microsoft emails either with or without a backup depending on your circumstances. However, to ensure continuous data protection and availability, you need to back up your data around the clock and keep your backups in a safe location.

Office 365 email backup strategy
Office 365 email backup strategy

Recover deleted emails without Office 365 Backup

If you have recently deleted your email messages, there is no reason to be disappointed. You can use an email client to recover your messages. Or you can recover your email either from Deleted items or Recoverable Items. Those recovery options are a part of Microsoft’s native data protection and don’t require having backups in place.

Recover in email client or web interface

If you run an email client, you can find all of your downloaded emails inside the client. If you delete your email messages inside the client, you can still retrieve your message from the mail server. To do this, you need to configure your email client to use Post Office Protocol 3 (POP3). As a result, your email messages are being preserved in the Microsoft Office Outlook 365 web interface.

On the other hand, if your Microsoft Office 365 account fell victim to a ransomware attack, you can restore your messages through your email client. Before doing so, reset the password for your Microsoft 365 account and scan your devices for malware. Generally, having a copy of your email messages gives you a chance for successful recovery.

Recover in a web interface

The deleted emails are stored in the Deleted Items folder for 30 days. Afterward, the messages transit to the Recoverable Items folder, where they are stored for another 30 days before being permanently deleted. You can recover your email within a 60-day period without using backups. However, if you notice that a critical message has been deleted after the 60-day recovery period, you need to have a backup in place to make the recovery possible.

Recover deleted emails from Office 365 Backup

If it’s past Microsoft’s retention period, you can only recover your data from a backup. You can use Microsoft’s native backup features or a third-party backup solution to recover your messages. Let’s review these options in greater detail.

Benefiting from the Archive folder

You can use the Internet Message Access Protocol (IMAP) to retrieve and synchronize emails in the email client or on the mail server. Alternatively, you can use IMAP to place messages in the Archive folder. If you delete messages from your email account, you can retrieve them from the Archive folder. In this case, message archiving may be viewed as equivalent to a backup.

Exporting emails from Outlook

A Personal Storage Table (PST) file allows you to store email messages, contacts, and email items in Microsoft. You can use Outlook desktop client to:

> Export email messages to/from a PST file

> Import email to/from a PST file

> Transfer a .pst file from one computer to another

> Export emails automatically within a defined time frame

These features enable you to back up and recover your email messages. When you export an email, a copy of your email message is exported to the PST file. Thus, you can use the PST file to recover your emails. Protect your backups by keeping your PST file safe in a secure location.

Setting up email forwarding

You can keep a copy of your messages by using email forwarding. You can set up email forwarding by applying appropriate settings in the Outlook Desktop Client, or you can simply enable email forwarding in the web interface.

To enable email forwarding, select the email forwarding address. Let’s say you have two accounts. To back up your messages, forward all incoming messages from email account 1 to email account 2. As a result, if you delete a message in account 1, you can always retrieve it from account 2.

Implementing an eDiscovery tool

If you have Office 365 Enterprise E3 and E5 plans, you can use the eDiscovery tool to help you back up your email messages. Only system administrators can use the eDiscovery tool for managing users’ email accounts. The eDiscovery tool allows you to enhance your backup process by:

> Managing messages that can be used for legal compliance cases

> Searching Office 365 backups for specific messages

> Exporting a user’s emails to a PST file

> Recovering emails from a PST file manually

Using a third-party backup solution

Finally, a third-party backup solution is a comprehensive approach toward protecting your environment. A modern backup solution can offer all-in-one protection for your physical and virtual environments. With the help of a third-party backup solution, you can back up and recover your email messages automatically and ensure continuous comprehensive data protection.

Recover Permanently deleted emails

Now that you are familiar with multiple recovery methods for your email messages, let’s discuss the actual recovery steps.

Recovery without a backup

To recover your emails within a 30-day period using a web interface, do the following:

In Outlook 365, on the left pane, select the Deleted items folder. Then in the Deleted items folder select all messages that you need to recover. To restore the deleted messages to the original location, click Restore. As a result, the selected messages will be restored to the Inbox folder.

If it’s passed the 30-day retention period, you can no longer recover your message from the Deleted email folder. However, you can still recover them from Recoverable Items. In the Deleted Items folder, you can see how many deleted messages are now available to restore from the Recoverable items.

The image below shows four items available for immediate recovery. To recover those items, click Recover items.

Deleted Items
Deleted Items

This will take you to the Recoverable Items folder. Once you are in the recoverable items folder, you can select the messages that you want to recover and then click Restore.

The messages you select will be recovered to your mailbox as shown in the figure below.

Restore
Restore

Recovery from a backup

Let’s recap the email recovery options for Microsoft 365 that we have discussed in the previous section.

During the early deletion stage, an email can be recovered by a user. Users can recover messages using:

> An archive folder

> A PST file

> Email forwarding

Administrators can run recoveries with the help of:

> eDiscovery tool

> Third-party backup solution

Now that we have discussed most of the recovery methods that users and administrators can use, let’s review the final backup method: a third-party backup solution.

In this example, we’ll use NAKIVO Backup & Replication software as an example of a third-party backup and recovery solution. NAKIVO Backup & Replication runs as a Linux-based virtual appliance.

First, add your Office 365 account to the inventory of NAKIVO Backup & Replication. To accomplish this:

1) Retrieve your Office 365 identifiers (IDs).

2) Register your backup solution with Microsoft Azure Active Directory (Azure AD).

In our example, we have a corporate account with several Microsoft Office 365 user accounts. The users have mailboxes in Outlook 365. The account has the following credentials:

> Domain name: email01.onmicrosoft.com
> Admin name: admin@email01.onmicrosoft.com

Microsoft 365 admin center
Microsoft 365 admin center

To add your Office 365 account to Inventory, you need to configure Azure Active Directory (Azure AD) Settings for Office 365. You will need to set up Application Programming Interface (API) permissions in AD to allow access and grant permissions to non-Microsoft applications.

First, go to the web page: https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview to open the Azure AD blade. Then sign in with your administrative account (domain).

The management portal is now open. Next, click Azure Active Directory. This will take you to the Azure Active Directory Overview page.

Azure Active Directory
Azure Active Directory

On the Default Directory page, select App registration on the left pane. Then click New registration as shown in the figure below.

Note: Sometimes you won’t be able to access the App Registration page from a certain location. In this type of scenario, you can use a virtual private network (VPN) connection and access the registration section by using external IP addresses that belong to other regions.

New App registration
New App registration

Once you are on the Register an application page, you can register your backup solution in the Azure Active Directory. To do so, follow these steps:

1) Enter the name of the app you want to register

2) In the Supported account types choose: Accounts in any organizational directory (Any Azure AD directory – Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)

3) Click Register

Register an application
Register an application

On the NAKIVO-9_2 page, you can find the following IDs:

> Application (client) ID
> Directory (tenant) ID
> Object ID

Write down a copy of the IDs for later use and then click View API permissions as shown in the figure below.

View API permissions
View API permissions

On the NAKIVO_9-2-API permissions page, click API permissions in the left pane. Then, click Add permission.

Add permission
Add permission

On the Request API permissions page, click Microsoft Graph as shown in the figure below.

Microsoft Graph
Microsoft Graph

Next, select the Application permissions option as shown in the figure below.

How to Recover Deleted Emails in Microsoft 365 1

On the Request API permissions page, select the right permissions:

> Mail.ReadWrite
> User.Read.All

Next, click Add permissions as shown in the figure below.

Request API permissions
Request API permissions

You can find the permissions you have selected in the Configured permissions section. However, their status is displayed as Not granted. Next, select Grant admin consent for (your directory name). In this example, we use a Default Directory.

Grant admin consent
Grant admin consent

After clicking Grant admin consent for Default Directory, you will see the confirmation message asking if you want to grant consent for the requested permissions for all accounts in Default Directory?

Select Yes.

The status of your API permissions will show now as Granted.

API permissions granted
API permissions granted

Now, you can create a client secret ID. First, select Certificates and secrets. Then, click New client secret.

New client secret
New client secret

Now, type Secret ID in the Description field and indicate the expiration period as shown in the figure below. Please note that in 1 year, the Secret ID will expire, you can renew it or extend its expiration date. Next, click Add.

Add a client secret
Add a client secret

You can find your secret ID in the Client secrets section as shown in the figure below. Copy the secret ID value and keep it in a secure location.

Secret ID
Secret ID

Now you have configured Office 365 in Azure, and you have your IDs. As a next step, you can add Office 365 to the Inventory:

1) Open NAKIVO Backup & Replication web interface

2) Go to Inventory

3) Click Add New…

4) Select Microsoft Office 365 account from the dropdown menu as shown in the figure below

Microsoft Office 365 account
Microsoft Office 365 account

Now it’s time to add your Microsoft 365 account. On the Add New Microsoft Office 365 Account page, enter your Display Name (Office 365) and the credentials you have generated in the Azure Active directory: Tenant ID, Azure Client ID, and Azure Client Secret. Then, click Add.

Add New Microsoft Office 365 Account
Add New Microsoft Office 365 Account

After you enter your credentials, your Office 365 account will appear in the Inventory. The Office 365 tab will display the number of Office 365 mailboxes and the amount of storage used:

> Office 365 48.4 GB, 96 mailboxes

Office 365
Office 365

You can click the Office 365 tab and view the number of mailbox users in your organization.

Office 365 Inventory
Office 365 Inventory

The next step is to create a Microsoft Office 365 repository:

1) Go to Configuration > Repositories

2) Click Add Backup Repository

3) Select Create new backup repository

Add Backup Repository
Add Backup Repository

Next, create a directory for your Office 365 backup repository. In our case, NAKIVO Backup & Replication is running on a Linux OS. Perform the following steps:

1) Create a directory:

mkdir /opt/nakivo/repo365

2) Assign NAKIVO as an owner of the directory:

chown -R bhsvc:bhsvc /opt/nakivo/repo365

3) Give the right permissions:

chmod 0755 /opt/nakivo/repo365
Linux Backup Repository permissions
Linux Backup Repository permissions

On Create Backup Repository page, add the parameters of the new repository:

> Name: Office365 repo
> Assigned transporter: Onboard transporter
> Type: Microsoft Office 365
> Path to the local folder: /opt/nakivo/repo365

Then, click Add to finish creating the repository as shown in the figure below.

Create Backup Repository
Create Backup Repository

The screenshot below shows our new Office 365 repository created.

Office 365 repository created
Office 365 repository created

Back up Office 365 email

Congratulations! You have added your Office 365 account to the Inventory and you have created an Office 365 backup repository. Now, you can successfully create backup jobs to keep your email messages protected.

On the NAKIVO Backup & Replication home page, click Create. Then select Microsoft Office 365 backup job as shown in the figure below.

Microsoft Office 365 backup job
Microsoft Office 365 backup job

1) Sources: select all mailboxes that you want to backup and then click Next.

Sources
Sources

2) Destination: In the dropdown menu, select Office 365 repo. This is the backup repository that we created earlier. During this step, you can select multiple repositories by choosing multiple accounts and selecting a custom repository for each of those accounts.

Destination
Destination

3) Schedule: Select the right scheduling option for your backup job as shown in the figure below.

Schedule
Schedule

4) Retention: Select the right retention settings for your backup job.

Retention
Retention

5) Options: Finally, select your Office 365 job options. You can select a job name. You can also choose to run either a pre-job or post-job script and send a report to a selected location. Next, click Finish & Run to save your settings and complete the backup job.

Options
Options

You can view the progress of the backup job on the main page of the web interface.

Recover deleted messages from Backups

To recover your Office 365 email messages from a backup, go to the NAKIVO Backup & Replication home page. Then, click the Recover option and select Microsoft Office 365 from the dropdown menu as shown in the figure below.

Microsoft Office 365
Microsoft Office 365

You are now on the Object Recovery Wizard for Microsoft Office 365 page. Here you can start the recovery process.

1) Backup: Select the required Office 365 backup job in the left pane. Indicate the user/users whose message(es) you plan to recover. Then select a recovery point. The latest recovery point is selected by default. However, you can choose any other recovery point that you need. Click Next to continue.

Backup
Backup

2) Recovery Account: If you have more than one account to recover, select the accounts you need from the list of options.

Recovery Account
Recovery Account

3) Objects: During this step, you can view the users’ email folders. This allows you to recover specific objects. Select the message you need to recover and click Next.

Objects
Objects

4) Options: Configure Recovery type and Overwrite behavior. The Recovery type has two options: Recover to the original location and Recover to a mailbox. The Recover to original location option allows you to recover the emails to the original user account. The Recover to mailbox option enables you to recover emails to the folder of any other user. By configuring Overwrite behavior, you can rename or skip the recovered item, and you can also overwrite the original item. After setting up your recovery options, click Recover.

Options
Options

5) Finish: View the progress of your Office 365 recovery jobs in the Activities tab. Then, click Close to finish your work. The Activities tab displays the status of your recovery activities as shown in the figure below.

Recovery activities
Recovery activities

Congratulations! Your recovery job is completed. You can now check the account to which you have recovered your messages. In this example, you can see that the recovered message (“Recover Me”) is restored to the Inbox folder.

Recover deleted email
Recover deleted email

Conclusion

This post has discussed possible backup and recovery strategies for your Microsoft 365 email. The Microsoft native data protection features allow you to recover your messages only within a 60-day period. Therefore, having office 365 email backup in place is critical when it comes to the recovery of permanently deleted messages.

A third-party backup solution is the number one choice for backing up and recovering your emails. It allows you to perform full recoveries of the email accounts as well as granular recoveries of single messages. This post provided step-by-step guidelines on how to backup and recover your Microsoft 365 email messages with a third-party solution.

To learn more about how to recover deleted emails, please check NAKIVO backup for Microsoft Office 365.

__
Thank you for reading my blog.

If you have any questions or feedback, please leave a comment.

-Charbel Nemnom-

Related Posts

Previous

Protect Critical Backup Operations with Multi-User Authorization for Azure Backup

Configure Multiple Backups for Azure Files

Next

Let me know what you think, or ask a question...

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe to Stay in Touch

Never miss out on your favorite posts and our latest announcements!

The content of this website is copyrighted from being plagiarized!

You can copy from the 'Code Blocks' in 'Black' by selecting the Code.

Please send your feedback to the author using this form for any 'Code' you like.

Thank you for visiting!