EPC Group - Enterprise Microsoft AI, SharePoint, Power BI, and Azure Consulting
G2 High Performer Summer 2025, Momentum Leader Spring 2025, Leader Winter 2025, Leader Spring 2026
BlogContact
Ready to transform your Microsoft environment?Get started today
(888) 381-9725Get Free Consultation
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌
‌

EPC Group

Enterprise Microsoft consulting with 28+ years serving Fortune 500 companies.

(888) 381-9725
contact@epcgroup.net
4900 Woodway Drive - Suite 830
Houston, TX 77056

Follow Us

Solutions

  • All Services
  • Microsoft 365 Consulting
  • AI Governance
  • Azure AI Consulting
  • Cloud Migration
  • Microsoft Copilot
  • Data Governance
  • Microsoft Fabric
  • vCIO / vCAIO Services
  • Large-Scale Migrations
  • SharePoint Development

Industries

  • All Industries
  • Healthcare IT
  • Financial Services
  • Government
  • Education
  • Teams vs Slack

Power BI

  • Case Studies
  • 24/7 Emergency Support
  • Dashboard Guide
  • Gateway Setup
  • Premium Features
  • Lookup Functions
  • Power Pivot vs BI
  • Treemaps Guide
  • Dataverse
  • Power BI Consulting

Company

  • About Us
  • Our History
  • Microsoft Gold Partner
  • Case Studies
  • Testimonials
  • Blog
  • Resources
  • Contact

Microsoft Teams

  • Teams Questions
  • Teams Healthcare
  • Task Management
  • PSTN Calling
  • Enable Dial Pad

Azure & SharePoint

  • Azure Databricks
  • Azure DevOps
  • Azure Synapse
  • SharePoint MySites
  • SharePoint ECM
  • SharePoint vs M-Files

Comparisons

  • M365 vs Google
  • Databricks vs Dataproc
  • Dynamics vs SAP
  • Intune vs SCCM
  • Power BI vs MicroStrategy

Legal

  • Sitemap
  • Privacy Policy
  • Terms
  • Cookies

Our Specialized Practices

PowerBIConsulting.com|CopilotConsulting.com|SharePointSupport.com

© 2026 EPC Group. All rights reserved.

SharePoint Recycle Bin & File Recovery - EPC Group enterprise consulting

SharePoint Recycle Bin & File Recovery

Enterprise guide to SharePoint file recovery covering first-stage and second-stage recycle bins, PowerShell restoration, versioning, retention policies, and prevention strategies.

SharePoint File Recovery: The Complete Enterprise Guide

How do you recover deleted files in SharePoint? Navigate to the Recycle Bin from the site's left navigation, select the deleted file(s), and click Restore. Files return to their original location with metadata and version history intact. If the file was removed from the first-stage recycle bin, check the second-stage recycle bin (Site Collection Recycle Bin) accessible to site collection admins. SharePoint retains deleted items for 93 days total across both stages. For bulk recovery, use PnP PowerShell: Get-PnPRecycleBinItem | Restore-PnPRecycleBinItem -Force.

File deletion in SharePoint is inevitable in any enterprise environment. Users accidentally delete documents, sync conflicts remove files, departing employees clean up their libraries, and automated processes occasionally misconfigure cleanup rules. The question is not whether files will be deleted — it is how quickly and completely you can recover them.

SharePoint provides multiple layers of file protection: recycle bins, versioning, retention policies, and the Preservation Hold Library. Understanding how these layers interact — and their limitations — is critical for any organization that relies on SharePoint for document management. A misconfigured retention policy can silently allow critical files to be permanently deleted, while a properly configured environment makes accidental data loss virtually impossible to cause permanent harm.

This guide covers every recovery mechanism available in SharePoint Online and SharePoint Server as of 2026, with enterprise-specific strategies used by EPC Group's SharePoint consulting team across Fortune 500 deployments in healthcare, financial services, and government.

First-Stage vs Second-Stage Recycle Bin

SharePoint uses a two-stage recycle bin system that provides 93 days of recovery time. Understanding both stages is essential for enterprise IT teams.

First-Stage Recycle Bin

The end-user recycle bin. Items land here immediately after deletion. Accessible to the user who deleted the item and anyone with site member permissions.

  • Located at Site Contents > Recycle Bin (or left navigation)
  • Visible to site members and the user who deleted the item
  • Items retain original location path for easy identification
  • Bulk select and restore multiple items simultaneously
  • Items stay for 93 days or until manually emptied
  • Emptying moves items to second-stage (not permanent delete)

Recovery steps: Site Contents → Recycle Bin → Select item(s) → Click Restore. Files return to their original library with all metadata and version history preserved.

Second-Stage Recycle Bin

The site collection recycle bin (admin recycle bin). Items arrive here after being deleted from the first-stage bin. Only site collection administrators can access it.

  • Accessible via Site Settings > Site Collection > Recycle Bin
  • In SharePoint Online: also available in SharePoint Admin Center
  • Only site collection admins and global admins can access
  • Shows items deleted from first-stage + auto-purged items
  • Retention: remainder of the original 93-day window
  • Storage counts against site collection quota (important!)

Recovery steps: Site Settings → Recycle Bin → Second-Stage Recycle Bin → Select item(s) → Click Restore. Items return to their original location.

SharePoint Retention Timeline: 93-Day Window

Understanding the 93-day retention clock is critical. The clock starts at deletion, not when the item moves between recycle bin stages.

Day 0

File Deleted

User deletes a file from a document library. File moves to the first-stage recycle bin immediately. The 93-day retention clock starts.

Day 1-93

In First-Stage Recycle Bin

File is visible in the site recycle bin. Any site member can restore it. File retains all metadata, permissions, version history, and its original location path.

Day X (User empties bin)

Moved to Second-Stage

If a user or admin empties the first-stage recycle bin, items move to the second-stage bin. They remain there for the remainder of the original 93 days.

Day 93

Permanently Purged

After 93 total days from the original deletion, the item is permanently removed from both recycle bins. Standard SharePoint recovery is no longer possible.

Day 93-107

Microsoft Support Window

Contact Microsoft support within 14 days of permanent purge. Microsoft may be able to restore from internal backups, but this is not guaranteed and depends on their backup schedule.

Admin Recovery with PowerShell

PowerShell is essential for enterprise-scale recovery. When hundreds or thousands of files need restoration, the browser interface is impractical.

Connect to SharePoint Online

# Using PnP PowerShell (recommended)
Install-Module PnP.PowerShell -Scope CurrentUser
Connect-PnPOnline -Url https://tenant.sharepoint.com/sites/sitename -Interactive

PnP PowerShell provides the most comprehensive recycle bin cmdlets. Use -Interactive for modern authentication with MFA support.

List All Deleted Items

# List all first-stage recycle bin items
Get-PnPRecycleBinItem | Select Title, DeletedByEmail, DeletedDate, ItemType, Size

# List second-stage items only
Get-PnPRecycleBinItem -SecondStage

Review deleted items before restoring. Filter by date, user, or file type to target specific recovery needs.

Restore Specific Items

# Restore a single item by ID
Restore-PnPRecycleBinItem -Identity "item-guid-here"

# Restore items deleted in the last 7 days
Get-PnPRecycleBinItem | Where-Object {
  $_.DeletedDate -gt (Get-Date).AddDays(-7)
} | Restore-PnPRecycleBinItem -Force

Use -Force to skip confirmation prompts during bulk operations. Always test with a small batch first.

Bulk Recovery by User or File Type

# Restore all items deleted by a specific user
Get-PnPRecycleBinItem | Where-Object {
  $_.DeletedByEmail -eq "user@company.com"
} | Restore-PnPRecycleBinItem -Force

# Restore all .docx files from recycle bin
Get-PnPRecycleBinItem | Where-Object {
  $_.Title -like "*.docx"
} | Restore-PnPRecycleBinItem -Force

Combine filters for precise recovery. Common in ransomware scenarios where you need to restore specific file types deleted in a time window.

Site-Level Recovery (Admin Center)

# Restore a deleted site collection
Restore-SPODeletedSite -Identity "https://tenant.sharepoint.com/sites/deletedsite"

# List all deleted site collections
Get-SPODeletedSite | Select Url, DeletionTime, SiteId

Requires SharePoint Online Management Shell and Global Admin or SharePoint Admin role. Sites restore with all content, permissions, and settings.

Versioning as Your First Line of Defense

The recycle bin recovers deleted files. Versioning recovers overwritten content. Together they cover the two most common data loss scenarios.

Version History Recovery

Every time a file is saved, SharePoint stores the previous version. Restore any prior version to recover from accidental overwrites, ransomware encryption, or sync conflicts. Open Version History from the file context menu and click Restore on the desired version.

Version Limits

Set major version limits per library (recommended: 100 for most libraries, 500 for critical content). Without limits, version history grows unbounded, consuming storage quota. SharePoint Online default is 500 major versions — review and adjust per library based on content type and change frequency.

Ransomware Recovery

Ransomware encrypts files in-place, creating new versions. Version history preserves the clean pre-encryption versions. Restore files to versions created before the attack timestamp. For OneDrive, Microsoft provides a one-click "Restore your OneDrive" feature that rolls back to any point in the last 30 days.

Major vs Minor Versions

Major versions (1.0, 2.0) are published and visible to all users. Minor versions (1.1, 1.2) are drafts visible only to editors. Use major-only for most libraries. Enable minor versions only for publishing scenarios requiring draft/publish workflows.

Storage Impact

Each version is a full copy of the file (not differential). A 10 MB file with 100 versions consumes up to 1 GB of storage. SharePoint applies shredded storage optimization to reduce this, but version limits remain important for storage management.

Audit Trail

Version history serves as an audit trail showing who modified the file and when. For compliance-heavy industries (healthcare, finance), version history provides evidence of document changes required by regulators. Combine with Microsoft Purview audit logs for complete tracking.

Retention Policies vs Recycle Bin

Retention policies and the recycle bin serve different purposes. Understanding the distinction is critical for compliance in regulated industries.

FeatureRecycle BinRetention Policy
PurposeUser recovery of deleted itemsCompliance preservation
VisibilityVisible to users/adminsHidden (Preservation Hold Library)
Maximum Duration93 daysUnlimited (configurable)
Can Users Delete?Yes (moves to next stage)No (preserved regardless)
Covers Modifications?No (only deletions)Yes (preserves original on edit)
ConfigurationAutomatic (no setup needed)Microsoft Purview portal
ScopePer site collectionOrg-wide, site, or label-based
CostIncluded in SharePointRequires E3+ or compliance add-on

EPC Group recommendation: Every enterprise should implement retention policies in addition to relying on the recycle bin. For HIPAA compliance, set 6-year retention. For financial services (SEC/FINRA), set 7-year retention. The recycle bin alone is insufficient for any regulated industry.

Third-Party Backup Solutions

Microsoft's shared responsibility model means you own your data protection. Native tools provide 93 days of recovery — third-party solutions extend this to years.

Veeam for Microsoft 365

Market leader for Microsoft 365 backup. Backs up SharePoint, OneDrive, Exchange, and Teams. Granular restore down to individual items, lists, and metadata. Supports on-premises and cloud storage targets. Unlimited retention with your own storage.

AvePoint Cloud Backup

SaaS-based backup built specifically for Microsoft 365. Automated daily backups with point-in-time restore. Includes SharePoint, OneDrive, Exchange, Teams, Groups, and Power Platform. Granular comparison view shows what changed between backup points.

Commvault for Microsoft 365

Enterprise-grade backup with advanced eDiscovery integration. Supports hybrid SharePoint environments (Online + Server). Deduplication and compression reduce storage costs. Integrates with existing enterprise backup infrastructure.

Microsoft 365 Backup (Preview)

Microsoft native backup solution announced in 2024. Provides fast restore at scale for SharePoint, OneDrive, and Exchange. Currently in preview — enterprise adoption should wait for GA and proven reliability. Will not replace third-party solutions for complex requirements.

Why Third-Party is Essential

Native protection has limits: 93-day recycle bin, no protection against admin deletion of retention policies, no air-gapped backup, limited granular restore options. Third-party solutions provide independent backup copies, longer retention, ransomware protection, and compliance evidence for auditors.

Backup Best Practices

Follow the 3-2-1 rule: 3 copies of data, 2 different storage media, 1 offsite copy. Test restores quarterly. Document recovery procedures. Encrypt backups at rest and in transit. Retain backups longer than your longest regulatory requirement. Monitor backup job success rates daily.

Prevention Strategies for Enterprise SharePoint

The best recovery strategy is preventing accidental deletion in the first place. These enterprise controls dramatically reduce data loss incidents.

Restrict Delete Permissions

Critical

By default, SharePoint Members have delete permissions. For critical document libraries, create a custom permission level that removes delete rights. Only site owners and designated content managers should have delete access on libraries containing business-critical documents.

Apply Retention Labels

Critical

Use Microsoft Purview retention labels to mark critical documents as records or apply "Do Not Delete" policies. Labeled content cannot be permanently deleted until the retention period expires, even by site collection admins. Auto-apply labels based on content type or sensitivity for consistent protection.

Enable Audit Logging

High

Configure Microsoft Purview audit logging to track all deletion events. Set up alerts for bulk deletion (more than 50 files in an hour) which may indicate ransomware or accidental cleanup. Audit logs provide forensic evidence of who deleted what, when, and from where.

Configure DLP Policies

High

Data Loss Prevention policies can block deletion of files containing sensitive information (PII, PHI, financial data). DLP scans file content and applies policy tips warning users before deletion. This is particularly important for HIPAA and PCI-DSS compliance.

User Training and Communication

Medium

Train users on the difference between deleting and archiving. Provide clear archive procedures so users do not delete files they think are no longer needed. Communicate recycle bin capabilities so users know they can self-service recover within 93 days.

Automated Monitoring Alerts

Medium

Use Power Automate to create flows that trigger on deletion events in critical libraries. Send immediate notifications to library owners when files are deleted. For high-value document libraries, require approval before deletion is processed.

Common Recovery Scenarios

Real-world recovery situations and the exact steps to resolve each one.

User Accidentally Deleted a File

  1. 1User navigates to Recycle Bin in left navigation
  2. 2Selects the file and clicks Restore
  3. 3File returns to original location with all metadata
  4. 4If not found: check second-stage recycle bin (admin)
  5. 5If past 93 days: contact Microsoft support or restore from third-party backup

Entire Library Contents Deleted

  1. 1Site admin opens second-stage recycle bin
  2. 2Sorts by Deleted Date to find the bulk deletion
  3. 3Selects all items from that deletion batch
  4. 4Clicks Restore — items return to original library
  5. 5For 1000+ items: use PowerShell Get-PnPRecycleBinItem with date filter and pipe to Restore-PnPRecycleBinItem

Ransomware Encrypted SharePoint Files

  1. 1Isolate affected accounts immediately (disable sync)
  2. 2Do NOT restore from recycle bin yet (may re-encrypt)
  3. 3Use Version History to identify pre-encryption versions
  4. 4For OneDrive: use "Restore your OneDrive" to roll back
  5. 5For SharePoint libraries: use PowerShell to restore all files to versions before the attack timestamp

Departing Employee Deleted Their Files

  1. 1Admin checks recycle bin of all sites the user had access to
  2. 2PowerShell: Get-PnPRecycleBinItem | Where DeletedByEmail -eq "user@company.com"
  3. 3Restore all items deleted by that user
  4. 4Apply litigation hold to the user mailbox/OneDrive before account deletion
  5. 5Review retention policies to ensure departing employee content is preserved

Need Enterprise SharePoint Disaster Recovery?

EPC Group has recovered petabytes of enterprise data across healthcare, financial services, and government organizations. From recycle bin optimization to full disaster recovery architecture, we ensure your SharePoint environment is resilient and compliant.

SharePoint Consulting Services Disaster Recovery Guide
(888) 289-8887 info@epcgroup.net

Frequently Asked Questions: SharePoint File Recovery

How do you recover deleted files in SharePoint?

To recover deleted files in SharePoint: 1) Navigate to the site where the file was deleted, 2) Click the Recycle Bin link in the left navigation (or go to Site Contents > Recycle Bin), 3) Select the file(s) you want to restore, 4) Click Restore. The file returns to its original location with all metadata, permissions, and version history intact. If the file is not in the first-stage recycle bin, check the second-stage recycle bin (accessible by site collection admins). Files remain in the first-stage recycle bin for 93 days, then move to second-stage for the remainder of the 93-day window. After 93 total days, contact Microsoft support within 14 days for potential recovery.

What is the difference between first-stage and second-stage recycle bin in SharePoint?

The first-stage recycle bin (also called the end-user recycle bin) is accessible to the user who deleted the item and site members. Items stay here for 93 days or until manually emptied. When an item is deleted from the first-stage recycle bin (or the bin is emptied), it moves to the second-stage recycle bin (also called the site collection recycle bin). The second-stage recycle bin is accessible only to site collection administrators. Items remain in the second-stage bin for the remainder of the original 93-day retention period. For example, if a file sat in the first-stage bin for 30 days before being deleted, it stays in the second-stage bin for 63 more days.

How long does SharePoint keep deleted files in the recycle bin?

SharePoint Online retains deleted items for a total of 93 days across both recycle bin stages combined. The 93-day clock starts when the item is first deleted from the site. If the item is manually deleted from the first-stage recycle bin, it moves to the second-stage bin for the remainder of the 93 days. After 93 days, the item is permanently purged from both recycle bins. Important: this 93-day period applies to SharePoint Online. SharePoint Server on-premises has configurable retention periods set by the farm administrator, typically defaulting to 30 days for first-stage.

Can a SharePoint admin recover files after the recycle bin is emptied?

If the second-stage recycle bin has been emptied or the 93-day retention has expired, standard admin recovery is not possible through the SharePoint interface. However, there are options: 1) Contact Microsoft Support within 14 days of the 93-day expiration — Microsoft may be able to restore from their internal backups, 2) If you have Microsoft 365 Retention Policies configured, the content may be preserved in the Preservation Hold Library even after recycle bin deletion, 3) Third-party backup solutions (Veeam, AvePoint, Commvault) maintain independent backups with longer retention. For enterprise environments, EPC Group always recommends implementing at least one of these additional recovery layers.

How do you recover deleted files using PowerShell in SharePoint Online?

Use the SharePoint Online Management Shell or PnP PowerShell for bulk recovery. With PnP PowerShell: Connect-PnPOnline -Url https://tenant.sharepoint.com/sites/sitename -Interactive. To list deleted items: Get-PnPRecycleBinItem. To restore a specific item: Restore-PnPRecycleBinItem -Identity <ItemId>. To restore all items: Get-PnPRecycleBinItem | Restore-PnPRecycleBinItem -Force. For second-stage items: Get-PnPRecycleBinItem -SecondStage | Restore-PnPRecycleBinItem -Force. For filtering by date: Get-PnPRecycleBinItem | Where-Object { $_.DeletedDate -gt (Get-Date).AddDays(-7) } | Restore-PnPRecycleBinItem -Force. PowerShell is essential for recovering hundreds or thousands of items that would be impractical to restore manually through the browser.

What is the difference between SharePoint retention policies and the recycle bin?

The recycle bin is a user-facing recovery mechanism — items move there when deleted and stay for 93 days. Retention policies (configured in Microsoft Purview) are compliance-driven preservation mechanisms that operate silently in the background. Key differences: 1) Recycle bin is visible to users; retention policies are invisible, 2) Recycle bin has a 93-day limit; retention policies can preserve content for years, 3) Recycle bin items can be permanently deleted by admins; retained items cannot be permanently deleted until the retention period expires, 4) Retention policies use the Preservation Hold Library (hidden) to keep copies of modified or deleted content. For regulated industries like healthcare and finance, retention policies are mandatory — the recycle bin alone is insufficient for compliance.

How does SharePoint versioning help with file recovery?

SharePoint versioning provides recovery for overwritten content (not just deleted files). When enabled, SharePoint keeps previous versions each time a file is modified. Recovery steps: Open the document library, click the three dots next to the file, select Version History, then click Restore on the desired version. Key settings: Major versions only (recommended for most libraries) or Major + Minor versions (for publishing scenarios). Set a version limit (e.g., 50-100 versions) to control storage. Versioning is your first line of defense against accidental overwrites, ransomware encryption, and sync conflicts. EPC Group recommends enabling versioning on every document library with a 100-version major version limit as the enterprise baseline.

How do you prevent accidental file deletion in SharePoint?

Prevention strategies for enterprise SharePoint environments: 1) Unique permissions — restrict delete permissions to site owners, not all members, 2) Approval workflows — require approval before permanent deletion of critical documents, 3) Information management policies — auto-classify sensitive content as records (records cannot be deleted), 4) Retention labels — apply "Do Not Delete" labels to critical business documents, 5) Alerts — configure email alerts on document libraries for deletion events, 6) Audit logging — enable Microsoft Purview audit log to track who deleted what and when, 7) Training — educate users on the difference between deleting and archiving, 8) Sensitivity labels — DLP policies can prevent deletion of classified content. EPC Group implements layered prevention strategies for enterprise clients to reduce the need for recovery.

Can you recover an entire deleted SharePoint site?

Yes. Deleted SharePoint sites go to the SharePoint admin center deleted sites collection. Site collection admins or global admins can restore them within 93 days: Go to SharePoint Admin Center > Active Sites > Deleted Sites, select the site, and click Restore. The site is restored with all content, subsites, permissions, and settings. For Microsoft 365 Group-connected sites, the associated group and its resources (mailbox, Planner, Teams) are also restored when the site is restored. After 93 days, the site is permanently deleted. PowerShell alternative: Restore-SPODeletedSite -Identity https://tenant.sharepoint.com/sites/deletedsite.

How does EPC Group approach SharePoint disaster recovery for enterprise clients?

EPC Group implements a multi-layered SharePoint disaster recovery strategy: 1) Native protection — ensure recycle bin, versioning, and retention policies are properly configured across all site collections, 2) Retention policy design — create Microsoft Purview retention policies aligned with industry regulations (HIPAA requires 6-year retention, financial services often requires 7 years), 3) Third-party backup — deploy Veeam, AvePoint, or Commvault for independent backup with granular restore capabilities and longer retention, 4) Recovery runbooks — documented step-by-step procedures for common recovery scenarios (single file, bulk files, entire site, ransomware recovery), 5) Regular testing — quarterly recovery drills to validate backup integrity and train IT staff, 6) Monitoring — automated alerts for unusual deletion patterns that may indicate ransomware or insider threats. Our SharePoint consultants have recovered petabytes of enterprise data across healthcare, financial services, and government organizations.