SharePoint data deletion in Microsoft 365
SharePoint stores objects as abstracted code within application databases. When a user uploads a file to SharePoint, that file is disassembled and translated into application code and stored in multiple tables across multiple databases. In SharePoint, all content that a customer uploads is broken into chunks, encrypted (potentially with multiple AES 256-bit keys), and distributed across the datacenter. For specific details about the chunking and encryption process, see Encryption in the Microsoft Cloud.
When using the SharePoint application within a browser, items deleted by any user are retained in the site Recycle Bin for 93 days from the time they were deleted them from their original location. They stay in the site Recycle Bin the entire time, unless someone deletes them from there or empties that Recycle Bin. In that case, the items go to the site collection Recycle Bin, also known as the second-stage Recycle Bin, where they stay for the remainder of their retention period. Items deleted from the site collection Recycle Bin are purged immediately. If the item deleted causes the site collection Recycle Bin to exceed its quota, it starts purging the oldest items until there's space for the most recently deleted item. For info about restoring deleted items, see Restore items in the Recycle Bin of a SharePoint site and Restore deleted items from the site collection recycle bin.
When you delete a site collection, you're also deleting the hierarchy of sites in the collection, and all content within them:
- Documents and document libraries
- Lists and list data
- Site configuration settings
- Role and security information that is related to the site or its subsites
- Subsites of the top-level website, their contents, and user information
If you accidentally delete a site collection, it can be restored by a global or SharePoint admin using the SharePoint admin center.
Deleted site collections are retained for 93 days. After 93 days, sites and all their content and settings are permanently deleted, including lists, libraries, pages, and any subsites.
Hard deletion occurs when a user purges deleted items from the site collection Recycle Bin, when the retention and backup periods expire, or when an administrator permanently deletes a site collection using the Remove-SPODeletedSite cmdlet. When a user hard deletes (permanently deletes, or purges) content from SharePoint, all encryption keys for the deleted chunks are also deleted. The blocks on the disks that previously stored the deleted chunks are marked as unused and available for reuse.
Users can also interact with the SharePoint platform by using CSOM/REST APIs. API calls can be used to either recycle or delete items on SharePoint such as files and folders. Recycling an item adds it to the Recycle Bin, similar to the browser application behavior described earlier in this article. However, deleting results in the item being immediately purged and it will not be recoverable from the site or site collection Recycle Bins. You can read more about SharePoint APIs here.
SharePoint retains backups of all content for 14 additional days beyond actual deletion to facilitate a full site collection restore for customers. Customers can reach out to Microsoft support to initiate a full site collection or sub-site point in time restore if files have been hard deleted, corrupted, or infected with malware and are unrecoverable using the methods described above. After this 14 day period, data is no longer retained by Microsoft and isn't recoverable.