SharePoint Recycle Bin: Recovery and Management Guide

SharePoint Recycle Bin: Your Safety Net for Data Recovery

The SharePoint recycle bin is the last line of defense against accidental data loss. Every deleted file, list item, folder, and site goes to the recycle bin before permanent deletion. Understanding how the recycle bin works, its retention periods, and its limitations is essential knowledge for every SharePoint administrator and site owner.

This guide covers the recycle bin architecture, recovery procedures, management automation, and strategies for preventing data loss.

---

Recycle Bin Architecture

Two-Stage Recycle Bin

SharePoint uses a two-stage recycle bin system.

First-stage recycle bin (end-user recycle bin): When a user deletes an item, it goes to the first-stage recycle bin. Users can restore items from here without administrator assistance. Items remain in the first-stage bin for 93 days from the date of deletion.

Second-stage recycle bin (site collection recycle bin): When a user empties their first-stage recycle bin or the 93-day period expires from the first stage, items move to the second-stage recycle bin. Only site collection administrators can access the second-stage bin. Items in the second stage share the same 93-day total retention window from the original deletion date.

Important: The 93 days is total, not cumulative. If an item spends 60 days in the first-stage bin and is then emptied to the second stage, it remains in the second-stage bin for only 33 more days (93 minus 60), not an additional 93 days.

What Goes to the Recycle Bin

The recycle bin captures files deleted from document libraries, items deleted from lists, folders deleted from libraries and lists, entire lists and libraries (when deleted from site contents), subsites (legacy), and document versions (when a file is deleted, all versions go with it).

What Does Not Go to the Recycle Bin

Some deletions bypass the recycle bin entirely. Content deleted by retention policies (permanently deleted after retention period). Content deleted through certain API operations that specify permanent deletion. Site collections deleted by administrators (these have their own 93-day recovery window in the admin center). Content that exceeds the recycle bin storage quota.

---

Recovery Procedures

End-User Recovery (First Stage)

Users can recover their own deleted items without administrator help.

• Navigate to the site where the item was deleted
• Click Recycle bin in the left navigation (or go to Site Contents then Recycle bin)
• Select the items to restore
• Click Restore
• Items are restored to their original location with all metadata, permissions, and version history intact

Administrator Recovery (Second Stage)

Site collection administrators can recover items from the second-stage recycle bin.

• Navigate to Site Settings then Site Collection Administration then Recycle bin
• Switch to the Second-stage recycle bin view
• Select the items to restore
• Click Restore
• Items are restored to the first-stage recycle bin and then to their original location

PowerShell Recovery

For bulk recovery operations, use PowerShell.

```powershell

# Connect to the site

Connect-PnPOnline -Url "https://contoso.sharepoint.com/sites/HR" -Interactive

# View all items in the recycle bin

Get-PnPRecycleBinItem | Select-Object Title, ItemType, DeletedDate, DeletedByEmail, DirName | Sort-Object DeletedDate -Descending

# Restore a specific item

Restore-PnPRecycleBinItem -Identity "item-guid"

# Restore all items deleted by a specific user

Get-PnPRecycleBinItem | Where-Object { $_.DeletedByEmail -eq "[email protected]" } | Restore-PnPRecycleBinItem

# Restore all items deleted in the last 24 hours

Get-PnPRecycleBinItem | Where-Object { $_.DeletedDate -gt (Get-Date).AddDays(-1) } | Restore-PnPRecycleBinItem

# Restore items from second-stage recycle bin

Get-PnPRecycleBinItem -SecondStage | Where-Object { $_.Title -like "*.xlsx" } | Restore-PnPRecycleBinItem

```

Site Collection Recovery

When an entire site collection is deleted, it does not go to the site-level recycle bin. Instead, it is available for recovery through the SharePoint Admin Center or PowerShell for 93 days.

```powershell

# List deleted site collections

Get-SPODeletedSite

# Restore a deleted site collection

Restore-SPODeletedSite -Identity https://contoso.sharepoint.com/sites/DeletedSite

```

---

Recycle Bin Storage

Storage Quota

Second-stage recycle bin content counts against the site's storage quota. The second-stage recycle bin has a default storage allocation of an additional percentage of the site quota. When the recycle bin is full, the oldest items are permanently deleted to make room for new deletions.

Freeing Storage via Recycle Bin

During storage cleanup operations, clear the recycle bin to immediately reclaim storage.

```powershell

# Clear all items from first-stage recycle bin

Clear-PnPRecycleBinItem -All -Force

# Clear only second-stage items

Clear-PnPRecycleBinItem -SecondStageOnly -Force

# Clear items older than 30 days from recycle bin

Get-PnPRecycleBinItem | Where-Object { $_.DeletedDate -lt (Get-Date).AddDays(-30) } | Clear-PnPRecycleBinItem -Force

```

---

Preventing Data Loss

Permission Controls

Limit delete permissions to reduce accidental deletions. For critical libraries, set permissions so that standard users have Contribute without Delete rights. Only site owners and designated editors have full Edit or Contribute permissions.

Retention Policies

Microsoft Purview retention policies override user deletions. When a retention policy applies to a library, deleted items are moved to the Preservation Hold library (a hidden library) where they are retained for the policy duration even if the recycle bin is emptied.

Legal Holds

For content subject to litigation, apply legal holds through Microsoft Purview eDiscovery. Legal holds prevent permanent deletion regardless of user actions, recycle bin expiration, or retention policy expiration.

Training and Awareness

Train users on the recycle bin and recovery process. Most SharePoint users do not know the recycle bin exists or how to use it. Include recycle bin training in your SharePoint onboarding materials.

---

Bulk Deletion Scenarios

Accidental Bulk Deletion

When a user accidentally deletes hundreds or thousands of files (common when reorganizing libraries), the recycle bin captures all of them. Recovery steps include immediately stopping any further deletions, using PowerShell to bulk restore from the recycle bin filtering by deleted date and user, verifying all files are restored by comparing file counts, and documenting the incident for governance review.

Malicious Deletion

If a departing employee intentionally deletes content, the recycle bin provides 93 days of recovery time. Immediately disable the user's account to prevent further damage. Use PowerShell to identify all items deleted by that user. Restore all affected content. Review audit logs for the full scope of the damage.

---

Monitoring and Alerts

Recycle Bin Monitoring

Create automated monitoring to detect unusual deletion activity.

```powershell

# Alert on bulk deletions (more than 50 items in 1 hour)

$recentDeletions = Get-PnPRecycleBinItem | Where-Object { $_.DeletedDate -gt (Get-Date).AddHours(-1) }

if ($recentDeletions.Count -gt 50) {

# Send alert to administrators

Send-MailMessage -To "[email protected]" -Subject "Bulk deletion detected" -Body "$($recentDeletions.Count) items deleted in the last hour by $($recentDeletions[0].DeletedByEmail)"

}

```

Audit Log Alerts

Configure Microsoft 365 audit log alerts for bulk file deletion events. The alert triggers when a single user deletes more than a threshold number of files within a specified period.

---

Frequently Asked Questions

Can I recover an item after 93 days?

No. After 93 days, items are permanently deleted from the recycle bin and cannot be recovered through standard means. If you have a backup solution (such as a third-party backup tool or Microsoft 365 Backup), recovery may be possible.

Do recycle bin items count against storage?

First-stage recycle bin items count against the site storage quota. Second-stage items use an additional storage allocation beyond the site quota.

Can external users access the recycle bin?

External users can access the first-stage recycle bin for items they deleted. They cannot access the second-stage recycle bin.

What happens when I delete a site?

The entire site collection enters a 93-day recovery window accessible through the SharePoint Admin Center. All content, permissions, and settings can be restored within that window.

---

For help implementing data protection strategies for your SharePoint environment, [contact our team](/contact) for a data protection assessment. We design backup, recovery, and prevention frameworks for organizations where [data loss would have significant business impact](/services).

Disaster Recovery Beyond the Recycle Bin

Microsoft 365 Backup

Microsoft 365 Backup (released in 2024) provides point-in-time restore capabilities beyond the 93-day recycle bin window. Configure backup policies that protect SharePoint sites with restore points every 10 minutes. Restore individual files, folders, libraries, or entire sites to any point in the configured retention window.

Third-Party Backup Solutions

For organizations requiring longer retention or more granular recovery options, third-party backup solutions like Veeam, AvePoint, or Druva provide extended retention periods (years instead of months), granular item-level restore, cross-tenant restore capabilities, compliance-oriented backup reporting, and air-gapped backup copies for ransomware protection.

Ransomware Recovery

SharePoint is increasingly targeted by ransomware attacks that encrypt files in synced libraries. Recovery strategy includes immediately disabling the OneDrive sync client on affected machines, identifying the timestamp of the ransomware encryption, using version history to restore files to versions before the encryption, using the recycle bin to recover any deleted files, and filing a support ticket with Microsoft for tenant-level assistance if the attack is widespread.

Business Continuity Planning

Include SharePoint recovery procedures in your business continuity plan. Document the recovery point objective (maximum acceptable data loss) and recovery time objective (maximum acceptable downtime). Test recovery procedures quarterly to ensure they work within the defined objectives.