Granular email restoration, available through third-party backup solutions such as Veeam Backup for Microsoft 365, is a premium option for retrieving specific emails and file attachments. It’s the perfect solution for environments and accounts looking for a reliable backup scheme that supports efficient storage and resource management. Use this guide as an outline on how to maximize this strategy and integrate it into your workflow.
Methods for setting up granular email restoration
Use the table to choose and quickly navigate to your preferred activation steps.
📌 Prerequisites:
- Backup software with M365 support (e.g., NinjaOne, Veeam Backup for M365, Synology Active Backup, Acronis)
- Backup jobs must be running successfully with recent restore points
- Application-level permissions (Graph API or EWS) for mailbox access
- Admin credentials with restore rights
- PowerShell is installed with the appropriate modules
- Optional: NinjaOne or RMM platform for automation and logging
➤ Reminder: Some steps may vary depending on system defaults or additional settings, or requirements set by the respective third-party backup solution.
Click to Choose a Method | 💻 Best for Individual Users | 💻💻💻 Best for Enterprises |
| Method 1: Veeam Explorer | ✓ | |
| Method 2: Synology | ✓ |
💡 Tip: Check out the Things to look out for section for tips on managing potential risks.
Method 1: Set up granular restore with Veeam Explorer
Veeam Explorer is specifically built for item-level recovery from backups made using Veeam Backup for Microsoft 365.
📌 Use cases: Restore deleted email or calendar event, contact, task, note, or journal item.
- Launch Veeam Backup for Microsoft 365 and open Veeam Explorer for Microsoft Exchange.
- Browse to the desired mailbox or item and select the data (e.g., email, contacts, calendar, tasks) to restore.
- Right-click and choose:
- Restore to the original location
- Restore to another mailbox
- Export as PST (Personal Storage Table) or MSG (Outlook Mail Message)
- Use the Session Log to confirm if the action was successful.
💡 Tip: Use filters by subject, date range, or folder to speed up navigation.
Method 2: Restore email using Synology Active Backup for M365
Synology’s Active Backup allows granular recovery through a web-based Restore Portal.
📌 Use cases: Recovery of Exchange data such as emails, archive mailboxes, contacts, and calendar events.
- Sign in to Synology DSM and open Active Backup for Microsoft 365.
- Access the Restore Portal.
- Select Mailbox → User.
- Navigate to the required folder or message.
- Choose a restore method:
- Restore to the original mailbox
- Download as EML (single email file format)
- Forward to the admin email
- Check the user’s mailbox to confirm if the action was successful.
Note: DSM logs provide a full audit trail of restore activity.
Best practices for backup verification, auditing, and tracking
While retrieving data is the main focus of this guide, the next set of methods can be incredibly useful for auditing and control.
Automate search and export via PowerShell (Microsoft Graph)
This method is best used for auditing scenarios rather than operational restores.
Step 1: Use the following command to connect to Exchange Online and Security & Compliance via PowerShell.
Prerequisite: Before running any commands, make sure your account has the eDiscovery Manager or eDiscovery Administrator role assigned in Microsoft Purview. To assign it, go to purview.microsoft.com → Settings → Roles and scopes → Role groups → eDiscovery Manager.
Connect-ExchangeOnline -UserPrincipalName [email protected]Connect-IPPSSession -UserPrincipalName [email protected] -EnableSearchOnlySession
Reminder: Before you start, remember to update the placeholder values below (i.e., [email protected], [email protected]) to your personal email address.
Step 2: Next, run a content search:
$case = Get-ComplianceCase -Identity "Content Search"
New-ComplianceSearch -Name "RestoreRequestUser01" -ExchangeLocation "[email protected]" -ContentMatchQuery 'subject:"Invoice July 2025"' -Case "Content Search"
Start-ComplianceSearch -Identity "RestoreRequestUser01"
To verify the search status, run:
Get-ComplianceSearch -Identity "RestoreRequestUser01" | Select-Object Name, Status, Items
Note: Wait until the Status shows Completed before proceeding to Step 3.
Step 3: Then, export matching content using the Microsoft Purview portal:
- Navigate to eDiscovery → Cases → Content Search.
- Select the created search.
- Click on Export.
- Fill in export details (name, description, scope).
- Confirm and then download from the Exports tab under the same case.
💡 Note: The option to download exports in Microsoft Purview is only available to users with the right permissions, such as eDiscovery Managers or Administrators.
Use registry keys to track restore actions or history
This is not a recovery method itself, but can be used for tagging endpoints or restoration actions with registry values for audit trails.
- Press Win + R, type regedit, and tap OK to open the Registry Editor.
- Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Org\M365EmailRestore or create the registry key if it doesn’t exist.
- Add the following String Values:
- LastRestoreUser (String) = “[email protected]”
- RestoreDate (String) = “2025-07-01T14:00Z”
- Method (String) = “VeeamExplorer”
- Close the Registry Editor.
In this instance, an audit trail for Veam is directly created in the registry. You may replace the String Values according to your preferences. To add, LastRestoreUser records the user whose mailbox or email data was restored, while RestoreDate logs a timestamp of when the restore action occurred.
⚠️ Warning: Editing the registry can cause system issues. Create a registry backup before proceeding.
Use CMD tools for backup path and status verification
Command-line tools help validate that backup files are available or readable and have passed integrity checks before initiating a restore.
- Use Search 🔎 to open Terminal → Command Prompt → Run as administrator.
- Start by checking if the location is available using this command.
net use Z: \\backupserver\veeam_m365
dir Z:\Mailboxes\user01\*.adb
- Then, validate the backup file metadata.
certutil -hashfile "Z:\Mailboxes\user01\2025-07-01.adb" SHA256
- Finally, use this command to log and output restore operation results:
echo "Restored mailbox for user01 on 2025-07-01" >> C:\Logs\restore.log
Command-line tools like net use, dir, and certutil are used here to verify backup paths and integrity (e.g., .ADB files from Veeam).
Enforce restore permissions or policy via Group Policy
MSPs or regulated environments may use policies to exercise control over recovery options.
💡 Note: This policy ensures that recovery actions, such as PST exports, remain under administrator control rather than being accessible to end users.
📌Prerequisite: Download and install the Group Policy administrative template files (ADMX/ADML) to configure the Microsoft Outlook 2016 folder.
- Press Win + R, type gpedit.msc, and tap OK to open Local Group Policy Editor.
- Navigate to User Configuration → Administrative Templates → Microsoft Outlook 2016 → Disable Items in User Interface → Custom. In some systems, the exact policy names may vary depending on the ADMX version of Office installed.
- Open Disable command bar buttons and menu items.
- Set to Enable if you want to prevent users from performing unsanctioned recovery operations.
You can run the gpupdate /force command to apply the changes immediately. Otherwise, the new settings will be applied on the next update interval.
💡 Tip: Watch this GPUpdate video demonstration for a visual reference.
⚠️ Things to look out for when restoring granular email
Missing something? Consider these scenarios and tips for handling errors, preventing system issues, and reinforcing policies.
| Risks | Potential Consequences | Reversals |
| No restore audit logging | Unable to track the item restored, by whom, or when | Use registry keys, session logs, or RMM alerts to create audit trails |
| Outdated or incomplete backups | Missing emails or incorrect restore points | Always verify backup timestamp and coverage before restoring |
| End-user PST exports enabled | Data may be restored or exported without authorization | Disable PST exports via Group Policy |
Some items may not be recoverable if they fall outside your organization’s backup retention policies. However, if a valid restore point still exists, you may be able to recover items even from several weeks or months ago.
NinjaOne offers dynamic backup solutions and more
For IT environments, these NinjaOne services and capabilities can give you more flexibility in your IT backup and recovery strategy.
- Automate restore script via PowerShell or API-based restore jobs per user or event.
- Track restore metadata on endpoints by using registry values.
- Trigger alerts when restore activity is performed or scheduled.
- Generate custom multi-tenant dashboards on restore frequency, success, and method.
- Use onboarding templates to require backup and restore toolsets across all clients.
NinjaOne SaaS Backup gives MSPs centralized visibility, control, and proof of restore capability in Microsoft 365 environments. This allows you to create a more robust backup plan with granular control over recovery options and auditing.
Building your granular backup strategy
Organizations looking for greater control over assets and business data, especially those managing distributed endpoints, can turn to granular email recovery to add resilience and variability to their backup strategy.
To achieve this, MSPs and IT teams can turn to third-party solutions like Veeam and Synology to manage their Microsoft 365 Workspace more efficiently. Then, at scale and for greater flexibility, there’s NinjaOne SaaS Backup for Microsoft 365 and Google Workspace environments with point-in-time and item-level recovery options.
Related topics:
