The most common data loss incident in Microsoft 365 environments is not a ransomware attack or a server failure. It is a user accidentally deleting a file or overwriting a document, not noticing for a few weeks, and then asking IT to recover it. Until recently, recovering that single file from Microsoft 365 Backup required restoring the entire SharePoint site to a point in time — which means rolling back all changes made by all users since that point, often causing more disruption than the original data loss.
Microsoft's file-level restore feature, rolling out in public preview in March 2026 and reaching general availability in late April, changes this. Administrators can now recover individual files and folders without touching the rest of the site. This post covers how it works, what the DSGVO implications are for backup configuration, and the specific setup steps needed to use it effectively.
Understanding Microsoft 365 Backup Before File Restore
Microsoft 365 Backup is a paid add-on service — it is not the same as SharePoint version history or the Recycle Bin, and it does not come free with any Microsoft 365 plan. The pricing is approximately €0.07 per GB per month for protected storage.
What Microsoft 365 Backup provides that native SharePoint does not:
- Retention up to one year: SharePoint version history retains a configurable number of versions but is not a backup. The Recycle Bin holds deleted items for 93 days. Microsoft 365 Backup extends recovery capability to 12 months.
- Protection against ransomware and accidental bulk deletion: If a user or automated process deletes or encrypts thousands of files, and this is not noticed for 30+ days, the Recycle Bin offers no help. Microsoft 365 Backup does.
- Administrative restore without user involvement: Admins can restore data without the user needing to do anything or even be notified, which matters for incident response speed.
- Backup frequency every 10 minutes: For active SharePoint sites with frequent updates, this means the maximum data loss window is minutes, not days.
Important clarification: Microsoft 365 Backup currently covers SharePoint Online and OneDrive for Business. Exchange Online mailbox backup via this service is in roadmap but not yet generally available. For email backup, a separate solution is currently required.
What File-Level Restore Adds
Before this feature, restoring data from Microsoft 365 Backup offered one option: restore an entire SharePoint site to a specific point in time. This is called a site-level restore. It reverses all changes to the site since the restore point — including work done by all users, not just the changes related to the data loss incident.
File-level restore allows an administrator to select a specific file or folder from the backup history and restore it to its state at a chosen point in time, without touching anything else on the site. The restored file appears in its original location (or an admin-specified location) with the previous content.
Common Scenarios Where File-Level Restore Solves a Real Problem
Scenario 1: Overwritten Contract
A user opens a contract template and saves a new version over an important client contract. The old version is gone from version history because it was saved as the same filename. Microsoft 365 Backup retains the state of the file at backup points throughout the day — the previous version can be recovered without any other site changes.
Scenario 2: Malicious or Accidental Folder Deletion
A departing employee deletes a project folder containing 200 files before their account is disabled. By the time IT notices (often when their replacement cannot find the files), the 93-day Recycle Bin retention may have expired. File-level restore recovers the entire folder structure from backup.
Scenario 3: Corrupted Document Library
A Power Automate flow with a bug writes incorrect data to a document library, corrupting metadata across 500 files. A site-level restore would reverse all legitimate work since the automation ran. File-level restore lets you target only the affected documents.
How to Configure and Use File-Level Restore
The feature is accessed through the Microsoft 365 Admin Center under Settings → Microsoft 365 Backup. Prerequisites:
- An active Microsoft 365 Backup subscription with OneDrive and/or SharePoint protection enabled.
- Global Administrator or SharePoint Administrator role in the tenant.
- The Microsoft Graph PowerShell SDK for scripted restoration workflows.
Restoring a File via Admin Center
- Navigate to Microsoft 365 Admin Center → Settings → Microsoft 365 Backup.
- Select the SharePoint site or OneDrive account containing the file to restore.
- Use the backup timeline to select the point-in-time from which to restore.
- Browse the backup snapshot and select the specific file or folder.
- Choose to restore in-place (overwrites current version) or to a new location for side-by-side comparison.
- Confirm the restore operation — the file is typically available within minutes for small files, longer for large folders.
PowerShell for Automated or Scripted Restores
For helpdesk integration or scripted workflows, the Microsoft Graph PowerShell SDK supports restoration cmdlets. A basic query to check existing backup policies:
Connect-MgGraph -Scopes "BackupRestore.Read.All"
Get-MgSolutionBackupRestoreProtectionPolicy
Full restoration cmdlets are available in the Microsoft Graph API reference. Scripted restores are particularly useful for helpdesk integration — a ticket-based restore workflow can trigger a PowerShell script that executes the restore and posts the result back to the ITSM system without requiring an admin to log into the portal for each incident.
DSGVO Article 32 and Backup Obligations
DSGVO Article 32 requires controllers to implement "appropriate technical and organisational measures" to ensure data integrity and availability, including "the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident."
In plain terms, the DSGVO requires a backup. What constitutes adequate backup for SharePoint and OneDrive data depends on the nature of the data and the recovery time objectives your business can accept. For most organisations, SharePoint version history plus the Recycle Bin is not sufficient to meet Article 32 — they do not provide the 12-month recovery window that most regulators expect for personal data, and they are vulnerable to incidents that affect the entire site rather than individual files.
Microsoft 365 Backup's combination of 12-month retention, high backup frequency, and now file-level granularity provides a strong basis for Article 32 compliance. You should document the backup configuration, the retention period, the RPO (Recovery Point Objective — 10 minutes for active sites), and the RTO (Recovery Time Objective — typically 1–4 hours for large restores) in your DSGVO documentation.
One important note: Microsoft processes your backup data under its Data Processing Addendum. The data is stored within the EU Data Boundary for EU tenants. This satisfies the DSGVO's requirements for data processor agreements and cross-border transfer restrictions.
How IDE Solutions Can Help
We configure Microsoft 365 Backup for businesses across Germany, Austria, and Switzerland — covering the backup policy design (which sites, which OneDrive accounts, retention intervals), the DSGVO documentation, and the administrative runbooks your team needs to execute file-level restores confidently without calling us for every incident.
We also run data protection assessments that evaluate whether your current SharePoint and OneDrive configuration meets Article 32 requirements — including version history settings, Recycle Bin retention, sensitivity labels, and the overall backup architecture — and produce a remediation plan where gaps exist.
Reference: Office 365 for IT Pros — M365 Backup File Restore