Windows Backup for Organizations Frequently Asked Questions (FAQ)

For a list of settings that are backed up, see Windows Backup for Organizations settings catalog

The UAC dialog might be shown after restoring a PC from backup if the User Account Control (UAC) Prompt for Consent or Prompt for consent on the secure desktop behavior is selected. The default behavior (Prompt for consent for non-Windows binaries) won't trigger this UAC prompt. The UAC prompt is expected when the UAC behavior is modified. The only restored setting that can trigger the UAC prompt is the Set time zone automatically setting. If the setting is off, the UAC prompt can appear.

If the backup policy has been configured for your organization by the IT administrator, the Windows Backup app will become available once the EnableWindowsBackup policy is enabled.

Not yet. Stay tuned for future updates.

No. Backups are tied to the user's current tenant.

When the backup policy is enabled, backups occur automatically every eight days. You can also initiate an on demand backup manually using the Windows Backup app.

Restore is currently available during the Windows out-of-box experience (OOBE).

If the background image is a system image stored under the C: drive, it's not restored by design. To restore background images that have been set by the user or admin, OneDrive Picture folder sync is required.

Windows Backup for Organizations is designed to back up and restore Windows settings and Microsoft Store application list. To backup user data, it's recommended to use OneDrive

Windows Backup for Organizations is designed to back up and restore Windows settings and the list of installed Microsoft Store apps only.

Windows Backup for Organizations currently supports backup and restore of Windows settings and the list of installed Microsoft Store apps only.

To synchronize Microsoft Edge favorites and settings, you can configure Microsoft Edge enterprise sync.

Yes—user-specific settings are classified as personal data and are included in the backup. This data is stored in the tenant's region and handled in accordance with Microsoft's privacy and compliance standards. That includes the Microsoft Products and Services Data Protection Addendum (DPA), which outlines Microsoft's contractual commitments to data protection, privacy, and regulatory compliance across cloud services.

If your tenant has a OneDrive subscription, then the user's desktop and lockscreen background are stored in OneDrive.

In the public cloud, you're prompted to select a ___location (shown as "Country/Region" in the admin portal) at the time of tenant creation (for example, signing up for Office 365 or Azure, or creating more Microsoft Entra instances through the Azure portal). Microsoft maps the selection to a geo-___location in the exchange online cloud. This feature also supports Exchange online multi-geo capabilities if configured for the tenant. This feature also supports Exchange online multi-geo capabilities if configured for the tenant. See Data Residency for Exchange Online for more information about managing your M365 Exchange Online data.

Settings for Windows Backup in organizational environments are stored in the Microsoft public cloud, with the specific data ___location determined during tenant creation (such as when registering for Office 365, Azure, or setting up additional Microsoft Entra instances). Administrators select a Country/Region in the admin portal, which Microsoft maps to a corresponding geo-___location within its cloud infrastructure. To view the actual data storage ___location for your tenant, navigate to Admin > Settings > Org Settings > Organization Profile > Data Location in the Tenant Admin Center. This ensures transparency and compliance with regional data residency requirements. More details about the data residency can be found here Data Residency for Exchange Online.

Customer data stored within Microsoft's enterprise cloud services is protected using one or more forms of encryption.

Microsoft provides service-side technologies that encrypt customer data at rest and in transit. For example, for customer data at rest, Microsoft Azure uses BitLocker and DM-Crypt, and Microsoft 365 uses BitLocker, Azure Storage Service Encryption, Distributed Key Manager (DKM), and Microsoft 365 service encryption. For customer data in transit, Azure, Office 365, Microsoft Commercial Support, Microsoft Dynamics 365, Microsoft Power BI, and Visual Studio Team Services use industry-standard secure transport protocols, such as Internet Protocol Security (IPsec) and Transport Layer Security (TLS), between Microsoft datacenters and between user devices and Microsoft datacenters.

For more information, see Encryption and key management overview.

• Microsoft implements strong measures to help protect a tenant's customer data from inappropriate access or use by unauthorized persons. This includes restricting access by Microsoft personnel and subcontractors and carefully defining requirements for responding to government requests for customer data. More details are available on the Microsoft Trust Center.
• Microsoft access is granted only when necessary, and always under strict management oversight (e.g., for legal compliance).
• Microsoft personnel may use customer data only for purposes compatible with providing you with the contracted services, such as troubleshooting and improving features like protection from malware.

All Microsoft 365 apps and services support compliance with EU General Data Protection Regulation (GDPR) requirements. For detailed information, see the GDPR Overview. All data handling aligns with Microsoft's privacy and compliance standards, including the Microsoft Products and Services Data Protection Addendum (DPA), which outlines Microsoft's contractual commitments to data protection, privacy, and regulatory compliance across its cloud services.

By default, data is retained as long as it's associated with an active Microsoft account and device.