SharePoint Archiving Best Practices for Compliance

SharePoint Archiving Best Practices for Compliance

SharePoint Archiving Best Practices for Compliance and Cost Savings

SharePoint Online has become the backbone of document management for many organizations. From project files to legal contracts, HR records to financial reports, it holds critical business data that grows relentlessly.

Squirrel Recycle Bin Capture

But as usage increases, so do two unavoidable challenges:

  • Escalating storage costs – Microsoft charges around $180–$200 per terabyte (TB) per month once you exceed your licensed allocation. For large tenants, that quickly becomes six figures per year.

  • Tightening compliance obligations – Frameworks like GDPR, HIPAA, SOX, ISO 27001, NIST, and the Australian Essential 8 demand strict retention, defensible deletion, and auditability.

The dilemma? Simply deleting files may reduce storage bills, but it risks non-compliance. Retention policies may satisfy regulators, but they don’t stop your storage from exploding in cost.

The solution is archiving: systematically moving inactive content out of costly SharePoint storage into secure, compliant, and lower-cost storage — without losing access or auditability. This article explores SharePoint archiving best practices to achieve both compliance and cost efficiency.

Understand the Difference Between Retention and Archiving

One of the most common mistakes organizations make is assuming Microsoft’s retention features are equivalent to archiving. They are not.

Retention policies (Microsoft Purview):
These prevent documents from being deleted or altered during a specified period. For example, you can set a 7-year retention for financial files. However, those files remain in your active SharePoint environment, consuming expensive storage.

Archiving:
This is about moving older or less frequently accessed content to a different tier of storage (e.g., Azure Blob). Users may still see stubs or shortcuts in SharePoint, but the heavy lifting of storage cost is moved elsewhere. Metadata, security, and accessibility are preserved.

Example:
A construction company keeps every project’s documents for 10 years. If they rely solely on retention, those files remain live in SharePoint, pushing storage bills above $250,000 annually. With archiving, the same files are securely stored in Azure Blob at a fraction of the cost, while still being retrievable for audits or disputes.

Best practice: Use retention to ensure legal minimums are met. Use archiving to keep costs sustainable while retaining compliance. Both should work together.

Align Archiving with Compliance Requirements

Archiving decisions cannot be random; they must reflect the regulatory landscape your business operates in.

Industry frameworks and requirements:

  • Financial services (SOX, SEC, APRA CPS 234 in Australia): Often mandates financial record retention for 7 years or more. Non-compliance can result in penalties and reputational damage.

  • Healthcare (HIPAA): Requires health records to remain accessible, immutable, and secured for extended periods. Archiving provides a way to meet those obligations without costly live storage.

  • Public sector (Essential 8, ISO 27001): Emphasizes governance, protection against accidental loss, and traceability. Archiving ensures agencies can produce records on demand.

Real risks and penalties:

  • Under GDPR, improper handling of data can result in fines of up to €20M or 4% of annual global turnover.

  • The SEC has fined firms millions for failing to retain communication records properly.

  • In healthcare, HIPAA penalties can run up to $1.5M per year, per violation.

Best practice checklist:

  • Map each compliance framework you fall under.

  • Translate requirements into archiving rules (e.g., “Archive project data after 2 years of inactivity, retain for 7 years in immutable storage”).

  • Document the rationale — auditors will want to see not just the process but the justification.

archiving and compliance

Create a Clear Archiving Policy

An archiving policy is more than a technical setting. It is a formal governance document that defines what, how, and why data is archived. Without it, you risk inconsistency, shadow IT, or gaps that auditors will notice.

A good archiving policy should cover:

  • Scope – Define what libraries, sites, or content types are included. Example: “All completed project sites will be archived 12 months after project close.”

  • Archiving rules – Define triggers such as inactivity (no edits in 24 months), age (files older than 3 years), or event-based (employee departure).

  • Exemptions – Identify exceptions (e.g., files under legal hold).

  • Retention length – How long archived content stays before defensible deletion (aligned with regulation).

  • Access controls – Who can request or restore archived content.

  • Audit process – How archiving will be verified and reported.

Example policy excerpt:

“All SharePoint documents not accessed in the past 36 months will be archived to Azure Blob storage via Squirrel. Archived files will be retained for 7 years, encrypted at rest, and logged for all access. Exceptions apply to documents under MIP label ‘Legal Hold.’ Restores must be requested via IT Service Desk.”

Best practice: Publish your archiving policy in your governance documentation. Communicate it to business units so users understand that archiving is not deletion — their files remain accessible when needed.

Automate the Archiving Process

Manual archiving is not sustainable. Expecting staff to move files manually, export libraries, or classify documents invites error and inconsistency. Worse, it creates compliance blind spots.

Why automation matters:

  • Consistency: Automation ensures the same rules are applied across all libraries.

  • Compliance: Automated logs and policy enforcement prove due diligence.

  • Scale: Organizations with millions of documents cannot rely on manual intervention.

Example without automation:
A legal department instructs staff to “move files older than 3 years to a separate library.” Compliance drops because staff forget, misunderstand, or leave.

Example with automation:
Squirrel applies rules automatically (e.g., archive files older than 24 months), replaces them with stubs in SharePoint, and logs every action. Compliance is achieved without staff intervention.

Best practice:

  • Use metadata or MIP labels to drive archiving decisions.

  • Apply idle-time rules (last modified >24 months).

  • Replace files with stubs so users can still access them seamlessly.

  • Ensure every archive event is logged for audit.

Ensure Secure, Auditable Storage

For compliance, archiving is not just about moving files to cheaper storage. The storage itself must be secure, auditable, and compliant.

Key requirements:

  • Immutability: Archived files must be protected against tampering or deletion until their retention period ends. Azure Blob supports Write Once Read Many (WORM) options.

  • Encryption: Data should be encrypted at rest and in transit. Azure provides automatic encryption with customer-managed keys.

  • Audit trails: Every access or restore event should be logged and reportable.

  • Accessibility: Files must remain retrievable within reasonable timeframes for eDiscovery or regulator requests.

Best practice:
Use Azure Blob as the underlying storage with Squirrel providing:

  • Stub file placeholders in SharePoint so users do not feel the archive gap.

  • Immutable storage configurations.

  • Full reporting dashboards to satisfy audits.

This ensures compliance is not compromised while achieving cost savings.

Review and Update Policies Regularly

Archiving policies cannot be “set and forget.” Regulations change, and so does your business.

Examples of change:

  • GDPR interpretations continue to evolve.

  • Australia’s Essential 8 maturity model has updated requirements.

  • NIST releases revisions that shift compliance expectations.

Best practice:

  • Conduct an annual governance review.

  • Involve IT, Legal, and Compliance teams.

  • Review audit logs from your archiving solution to ensure policies are being enforced.

  • Adjust rules as needed (e.g., change idle time from 24 months to 18 months if storage costs spike).

Proactive reviews protect you against regulatory surprises and maintain stakeholder trust.

FAQs

Q: How long should we keep archived SharePoint data?
It depends on industry rules. Financial services may require 7 years. Healthcare can extend to the lifetime of a patient. Always align with your sector’s legal requirements.

Q: Does archiving reduce SharePoint storage usage?
Yes. Proper archiving removes files from SharePoint’s active quota, cutting down Microsoft’s storage charges.

Q: Is archiving with third-party tools compliant with Microsoft’s shared responsibility model?
Yes. Microsoft manages the platform; you manage your data. Using solutions like Squirrel ensures you meet your responsibilities.

Q: Can archived files be restored quickly for an audit?
Yes. With Squirrel, stub files remain in SharePoint and can restore on demand with a click, ensuring compliance with audit requests.

Conclusion

SharePoint archiving is no longer optional. Organizations face spiraling storage costs and tightening compliance obligations. Deletion puts compliance at risk; retention policies inflate costs. Archiving delivers the best of both worlds: regulatory alignment and financial sustainability.

Best practices include:

  • Understanding the distinction between retention and archiving.

  • Aligning policies with compliance frameworks.

  • Documenting and communicating a clear archiving policy.

  • Automating the process to eliminate errors.

  • Using secure, auditable storage.

  • Balancing compliance with hard cost savings.

  • Reviewing policies regularly to stay aligned with evolving regulations.

With solutions like Squirrel, organizations can automate SharePoint archiving, reduce costs by 70% or more, and remain fully compliant with frameworks like GDPR, HIPAA, SOX, ISO 27001, and Essential 8.

Learn more about how Squirrel ensures compliant SharePoint archiving →

Archiving and Compliance in SharePoint doesnt have to be hard.

With Squirrel, you can reduce your SharePoint Online costs, archive to cheaper Azure Storage and remain compliant with your regulations.

Squirrel SharePoint Reports

Stay compliant and archive your SharePoint Data with Squirrel

Ready To Start Reducing your SharePoint Costs?

Stop paying for Microsoft 365 licenses

Stop paying for Microsoft 365 licenses

How to Stop Paying for Microsoft 365 Licenses After an Employee Leaves

When someone leaves your company, the natural step is to disable their Microsoft 365 account. But what many businesses don’t realize is that they often continue paying for that user’s license — just to retain access to their OneDrive files, Teams chats, and emails.

chipmunk dashboard

Over time, this adds up to thousands in unnecessary costs.

In this article, we’ll explain:

  • Why Microsoft 365 makes it difficult to offboard users without data loss

  • What happens to a user’s data when their license is removed

  • How to stop paying for ex-employee licenses while retaining access to critical data

  • A simpler, automated solution using Chipmunk

office 365 users tab

The Problem: You’re Still Paying for Departed User Licenses

When an employee leaves, their account is typically:

  • Disabled in Entra ID (formerly Azure Active Directory)
  • But the Microsoft 365 license remains assigned

Why? Because once the license is removed, Microsoft begins deleting that user’s data.

That means IT teams often keep licenses active just to preserve data — even if that data may never be used again.

If you’re paying $30/month for each departed user’s license, that’s:

  • 100 users = $3,000/month

  • 100 users = $36,000/year

And this is just to hold onto data that should already be safely archived.

What Happens to Microsoft 365 Data When a License is Removed?

Unless you’ve set up retention policies or manually archived the data, Microsoft will begin deleting user data after a license is removed.

Here’s what typically happens:

Service Retention After License Removal Outcome
OneDrive 30 days Files permanently deleted
Exchange Email 30–60 days Mailbox content deleted
Teams Chats Up to 93 days Chats and message history deleted

If you remove a license and haven’t backed up the data, you could permanently lose important files, emails, or conversations needed for handovers, audits, or legal compliance.

onedrive tab

Why This Is a Costly Problem?

Microsoft offers tools like retention policies and inactive mailboxes, but they are:

  • Difficult to configure correctly

  • Don’t cover everything (Teams chat is a common gap)

  • Often still require the license to remain in place

This means many organizations choose to keep paying for the license instead of risking data loss.

Over time, this becomes a hidden cost — one that can run into tens or hundreds of thousands of dollars per year, depending on your organization size and turnover rate.

The Right Way to Handle Offboarding: Archive Then Delete

The best solution is simple:

Archive all of the user’s data when they leave, then safely remove their license.

That means:

  • Downloading and saving their OneDrive data

  • Exporting all Exchange emails

  • Capturing Teams conversations

  • Storing the data securely for future reference

Doing this manually is time-consuming and error-prone. It also requires different tools for each data type, making it difficult to maintain consistency or ensure compliance.

email tab

Introducing Chipmunk: Automated Offboarding for Microsoft 365

Chipmunk is a purpose-built solution to solve this problem.

It automates the entire offboarding process by:

  • Detecting when a Microsoft 365 user is disabled in Entra ID

  • Automatically backing up their:

    • OneDrive files (with full folder structure)

    • Exchange emails (saved in .eml format)

    • Microsoft Teams messages (including private chats and attachments)

  • Uploading the data to your own Azure Blob Storage

  • Logging every action for full auditability

Once Chipmunk completes the archive, you can safely remove the license — no risk of data loss, no ongoing Microsoft billing.

How It Works (Step by Step)

  • A user is disabled in Microsoft Entra ID
  • Chipmunk automatically detects the change
  • It backs up OneDrive, Email, and Teams data
  • The archive is securely stored in your Azure Blob Storage
  • You delete the Microsoft license with confidence that nothing has been lost

No scripts. No retention policies. No risk.

archive restores

Built for Compliance and Peace of Mind

Chipmunk helps your organization meet data retention and compliance requirements across multiple regulatory frameworks, including:

  • ISO 27001

  • GDPR

  • HIPAA

  • SEC 17a-4

  • Microsoft Purview compatibility

By automatically archiving all content from disabled Microsoft 365 users and storing it securely in your own Azure tenant, Chipmunk ensures your data is fully retained, auditable, and under your control — without reliance on ongoing Microsoft licensing or complex configurations.

Summary: Don’t Let Data Loss or Licensing Waste Sneak Up on You

Without Chipmunk With Chipmunk
Continue paying $30+/user/month Remove license immediately after archiving
Manual exports or retention policies Fully automated archiving
Data gaps in Teams, OneDrive, Exchange All covered automatically
Compliance risk, audit blind spots Secure, logged, and audit-ready archives
smart ai search

Ready to Save on Microsoft 365 Licensing?

If your organization is still paying for ex-employee licenses just to preserve their data — it’s time to stop.

Chipmunk gives you a fully automated, secure, and cost-effective way to archive departed user data across OneDrive, Teams, and Exchange — and safely delete the license.

Departed M365 Users

Departed M365 Users

What Happens to Microsoft 365 Data After an Employee Leaves?

When someone leaves your organization, the first step IT usually takes is to disable their Microsoft 365 account. But have you ever stopped to ask:

“What happens to all their data — their files, emails, and chats — after that?”

The answer might surprise you.

If you’re not actively managing this, Microsoft will automatically delete that data — often in as little as 30 days.

This post explains exactly what gets deleted (and when), why this is a problem, and what you can do to protect that data — without paying for unnecessary licenses.

Microsoft’s Countdown to Data Deletion

Let’s start with a simple truth:

Disabling a user in Microsoft 365 doesn’t save their data forever.

Instead, Microsoft starts a ticking clock. Unless you take action, data begins disappearing — fast.

Here’s what typically happens:

Service Default Retention What’s Deleted Can You Recover It?
OneDrive 30 days All files and folders Maybe, but not always
Exchange 30–60 days Mailbox content Sometimes
Teams Chat Up to 93 days All chat history and attachments Usually not

So if an employee leaves on January 1st, by April their Teams messages, OneDrive files, and mailbox may be completely gone.

chipmunk dashboard

Why This Matters — And Who Should Care

Most people assume Microsoft keeps this data for legal or security reasons. But that’s not how it works.

Microsoft isn’t your backup provider. Its job is to deliver service, not long-term data retention.

This creates big risks for:

  • IT teams, who might need to retrieve a user’s files later

  • Legal and compliance officers, who must retain emails and chat records

  • HR and management, who need access to handover materials, customer comms, etc.

And unless you assign a license to the user’s account forever, that data is eventually lost.

A Real-World Scenario

Let’s say you’re offboarding an employee named Sarah. She’s been with the company for 5 years.

She has:

  • 200 GB of OneDrive files

  • 50,000 emails in Exchange

  • Years of chats with project teams in Microsoft Teams

You disable her Microsoft 365 account. Now what?

  • 30 days later, her OneDrive starts purging

  • 60 days later, her mailbox may be gone

  • By day 93, her Teams chat history is unrecoverable

Now legal asks for chat logs from a project she was on 6 months ago… and it’s too late.

Can’t I Just Use Microsoft Retention Policies?

Yes — but it’s not as easy as it sounds.

You’d need to:

  • Set up custom retention policies in Microsoft Purview

  • Create inactive mailboxes (which still require licenses)

  • Use PowerShell scripts to export OneDrive manually

  • Deal with Teams data that isn’t easily exportable

And even then, you’re not guaranteed to retain everything — especially chat data.

It’s complex, time-consuming, and risky.

The Simpler Option: Use Chipmunk

Chipmunk is a tool built specifically to solve this exact problem.

It watches for when you disable a user and automatically backs up their:

  • OneDrive files and folder structure

  • Exchange emails

  • Teams chats (including private and group chats)

All the data is stored in your own Azure Blob Storage, so:

  • You own the data

  • You don’t need to keep paying Microsoft licenses

  • You can access it anytime — for audits, legal cases, or handovers

No scripts. No licenses. No data loss.

How It Works — In Plain English

Here’s how Chipmunk fits into your offboarding process:

  • User is disabled in Microsoft Entra ID (formerly Azure AD)
  • Chipmunk detects it automatically
  • It downloads all key data — OneDrive, Email, and Teams
  • It uploads the data into organized folders in your Azure storage
  • It updates your central dashboard with status and logs
  • It emails you the results of the archive activity for each user.
  • You don’t have to remember to do anything. It just works in the background.

Bonus: Save on Microsoft Licenses

Did you know keeping a disabled user’s data often requires a paid Microsoft 365 license?

That could mean paying $20–$40/month per user just to retain inactive data.

With Chipmunk, you can archive it once — and delete the user safely.

For companies with hundreds of staff turnover each year, that’s tens of thousands in savings.

Compliant. Secure. Yours.

Chipmunk is built for:

  • Data compliance (GDPR, ISO, HIPAA-ready)

  • Cost reduction (free up licenses without losing data)

  • IT simplicity (no need to learn Microsoft Purview or eDiscovery)

And because all archived data is stored in your own Azure tenant, you stay in control at all times.

M365-Retention-Times

TL;DR

What Happens by Default What Chipmunk Does
Microsoft deletes data after 30–93 days Chipmunk backs it up automatically
You must set complex retention rules No configuration needed
Teams chat is hard to retain Chipmunk grabs it for you
Ongoing license may be required Chipmunk lets you delete users safely
Risk of permanent data loss Permanent backup in Azure

Ready to Never Lose Ex-Employee Data Again?

Don’t wait for day 93.

If you want peace of mind, predictable offboarding, and full control of your M365 user data — Chipmunk can help.

SharePoint Analytics

SharePoint Analytics

Unlock the Power of SharePoint Analytics with SharePoint Storage Explorer

Managing SharePoint storage can be a complex task, especially as your organization’s data continues to grow. Keeping track of how much space each site or user is consuming, identifying trends, and ensuring your storage stays within allocated limits are crucial for effective SharePoint management. This is where SharePoint analytics tools can make a significant difference, and SharePoint Storage Explorer stands out as an essential free tool to simplify the process.

sharepoint analytics

What is SharePoint Storage Explorer?

SharePoint Storage Explorer is a free and user-friendly tool that provides clear and detailed insights into your SharePoint storage usage. It allows you to see exactly how much storage each site, document library, and user is consuming, making it easier to stay on top of storage management. Whether you’re an IT administrator or a site manager, SharePoint Storage Explorer equips you with the data you need to make informed decisions about your SharePoint environment.

Key Features of SharePoint Storage Explorer

  • Comprehensive Storage Breakdown: With SharePoint Storage Explorer, you get an in-depth view of your storage usage, broken down by site collections, document libraries, and users. This feature helps you quickly identify which sites or users are using the most storage space.
  • Track Storage Trends Over Time: Understanding how your storage usage evolves is key for managing growth. SharePoint Storage Explorer lets you track storage usage over time, so you can anticipate future needs and avoid unexpected issues.
  • Simple and Intuitive Interface: Unlike other SharePoint analytics tools, SharePoint Storage Explorer is designed to be simple to use. You don’t need advanced technical skills to navigate the tool and access the data you need.
  • Find Large Files and Folders: Large files or document libraries can quickly eat up your storage space. SharePoint Storage Explorer helps you find these files so you can take action before they cause problems.
  • Optimize Storage Costs: With detailed reports on your SharePoint storage, you can identify areas where you can archive or delete unnecessary data, ultimately helping you optimize storage costs and improve efficiency.

Why Choose SharePoint Storage Explorer for Your SharePoint Analytics?

While there are many SharePoint analytics tools available, SharePoint Storage Explorer provides a unique combination of ease of use, detailed insights, and free access. It’s ideal for administrators who want a clear understanding of their SharePoint storage without the complexity and high costs that come with other tools.

By leveraging SharePoint analytics through this tool, you can ensure your SharePoint environment stays efficient, cost-effective, and scalable. It helps you stay ahead of potential issues, such as performance bottlenecks or storage overflow, by offering detailed, real-time data.

How Does SharePoint Storage Explorer Work?

Once you install SharePoint Storage Explorer, it automatically scans your SharePoint environment, gathering data on storage usage across all sites and libraries. The tool then generates a comprehensive report that categorizes storage usage by:

  • Site collections
  • Document libraries
  • User storage consumption
  • Storage trends over time

These insights allow SharePoint administrators to quickly spot inefficiencies or issues that could affect performance or lead to unnecessary costs.

Benefits of Using SharePoint Storage Explorer

  • Saves Time: SharePoint Storage Explorer makes storage management quicker and easier. You no longer have to manually track storage usage or generate complex reports; everything you need is right at your fingertips.
  • Better Control Over Your Storage: With clear data and trends, you have full control over your SharePoint storage. You can prevent unexpected issues and optimize your storage for better performance and cost savings.
  • Proactive Storage Management: By regularly monitoring your SharePoint storage with SharePoint Storage Explorer, you can proactively manage space, making sure you don’t run into capacity problems.
  • Free and Easy to Use: SharePoint Storage Explorer is completely free and designed for users of all technical levels. Whether you’re an experienced administrator or new to SharePoint, you’ll find it easy to use.

Get Started with SharePoint Storage Explorer

Ready to take control of your SharePoint storage? Download SharePoint Storage Explorer for free today and start monitoring your SharePoint environment with ease. With its intuitive interface and powerful features, it’s the perfect tool to help you manage and optimize your SharePoint storage efficiently.

Microsoft 365 Backup

Microsoft 365 Backup

Understanding Microsoft 365’s Native Data Protection

Protecting your organization’s data within Microsoft 365 is crucial to ensure business continuity, compliance, and resilience against threats like accidental deletions, cyberattacks, and data corruption. Implementing a comprehensive backup strategy safeguards your critical information and facilitates rapid recovery when needed.

Microsoft 365 offers built-in data protection features designed to maintain high availability and disaster recovery:

High Availability and Disaster Recovery (HADR): Microsoft 365 services are architected for resilience, with replicated data copies to ensure seamless failover during service disruptions.

Data Retention Policies: Tools like Microsoft Purview provide long-term retention capabilities, ensuring critical data remains preserved and compliant with organizational policies.

Versioning and Recycle Bin: Features such as file versioning and a two-stage recycle bin allow users to recover previous versions or deleted items within specific timeframes.

While these features offer a foundational level of data protection, they may not fully address all recovery scenarios, particularly those involving extensive data loss or corruption.

M365 Backup

Why Implement Additional Backup Solutions?

Relying solely on native Microsoft 365 protections might leave gaps in your data recovery strategy. Consider the following scenarios:​

Accidental or Malicious Deletions: Users might inadvertently delete important emails or documents, or malicious actors could remove critical data. Once retention periods expire, recovery becomes challenging.

Cybersecurity Threats: Ransomware attacks can encrypt or corrupt data, necessitating restoration from clean backups to resume normal operations.

Regulatory Compliance: Certain industries require data to be stored for extended periods or in specific formats, which may exceed Microsoft 365’s native retention capabilities.

To address these challenges, integrating a dedicated backup solution ensures comprehensive data protection and swift recovery options.

Best Practices for Microsoft 365 Backup

Assess Business Requirements and Risks: Identify which Microsoft 365 data—such as emails, documents, and calendars—are critical to your operations and determine the potential impact of data loss.

Select an Appropriate Backup Solution: Consider utilizing Microsoft’s own backup offerings or reputable third-party solutions that integrate seamlessly with Microsoft 365. These solutions should provide features like granular recovery, automated backups, and compliance support.

Define Backup Frequency and Retention Policies: Establish how often backups should occur and the duration for retaining backup data, aligning with your organization’s data recovery objectives and compliance requirements.

Implement Security Measures: Ensure backup data is encrypted both in transit and at rest to protect against unauthorized access. Utilize features like multi-factor authentication (MFA) and role-based access controls to enhance security.

Regularly Test Backup and Restore Processes: Conduct periodic tests to verify the integrity of backups and the effectiveness of restoration procedures. This practice helps identify and address potential issues before a real data loss event occurs.

Monitor and Audit Backup Activities: Implement monitoring tools to oversee backup operations and generate alerts for failures or unusual activities. Regular audits ensure compliance with internal policies and external regulations.

Educate Employees: Train staff on data protection policies and the importance of backups. Awareness reduces the risk of accidental deletions and encourages adherence to best practices.

Conclusion

Implementing a robust backup strategy for Microsoft 365 is essential to protect your organization’s data assets. By understanding the limitations of native protections and adopting comprehensive backup solutions, you can safeguard against data loss, ensure regulatory compliance, and maintain business continuity.