Skip to main content

Auto-delete preserved users

Provides details for auto-deletion of users in preserved state

Overview

You can preserve a user in inSync at any point in time. Such users cannot backup any more data.InSync marks the users as preserved using one of the following techniques:

  • Preserved manually by an administrator.

  • Preserved automatically through AD/LDAPsync process.

  • Preserved automatically when a user account is disabled or deleted in the IdP in case of SCIM deployment.

❗ Important

  • Auto-deletion of preserved users managed using AD or LDAP is handled by the AD/LDAP auto-synchronization job, which is part of the auto-synchronization feature. For more information, see Synchronize users with your AD/LDAP.

  • Auto-deletion of preserved users, which are manually managed or managed using SCIM, is handled by the auto-deletion job.

Both jobs may run at different times. Hence, administrators might observe that the preserved users that are supposed to be deleted on a particular day are deleted at different schedules when these jobs are run by inSync.

By default, there is a limitation to the number of users that you can mark as preserved. The number of users that you can preserve is dependent on the number of preserved user licenses purchased by your organization. For more information on how to preserve a user, see Preserve Users.

As a Cloud administrator, using the auto-delete preserved users feature, you can control the number of preserved users in inSync by automatically deleting preserved users after a certain duration specified in the number of days.

When enabled, in sync automatically deletes users who are marked as preserved.

📝 Note

  • Once the user is auto-deleted, the data of that user is also deleted from inSync. You cannot recover this deleted data again.

  • User data is retained or deleted based on the backup retention policy you have defined through profiles.

  • If a preserved user is under Legal Hold, such a user will not be deleted.

  • If a preserved user has shared data with guest users and has guest user accounts having access to the data, such a user will not be deleted.

  • If a preserved user has an active Shared/Resource Mailbox that is getting backed up, such user will not be deleted.

Procedure

To auto delete preserved users:

  1. From the Endpoints/Microsoft 365/Google Workspace console select Profiles.

  2. Select the specific profile for which you wish to enable the automatic deletion of preserved users.

  3. Click the Edit button and select General option from Dropdown. The Edit Profile window opens.

  4. Under the Data Preservation & Alerts section, select the Enable the Auto-delete preserved users option.

  5. Specify the number of days after which the system (inSync/Druva) should automatically delete the preserved users and their data. Click Save to apply the configuration.


    The inSync profile is updated with the changes. The system will now automatically delete preserved users within this profile based on the specified duration, ensuring compliance and data hygiene, provided the user is not subject to a Legal Hold.

📝 Notes

  • The users to be auto-deleted must be in Preserved state for a minimum of 30 days and maximum 7305 days (~20 years).

  • If a user has been in Preserved state for 30 days and the number of days mentioned in the Delete preserved users after box is also 30, then, this user will be deleted during the next deletion job. Auto deletion is triggered everyday at UTC 9:00:00.

  • Before deleting user accounts which are managed using AD or LDAP, inSync checks the status of the inSync Connector mapped with Druva (independent of whether an AD mapping exists or not). inSync deletes the preserved user only if a connection between the inSync Connector and Druva exists. Preserved users are deleted irrespective of whether their accounts exist in the AD or LDAP or not.

  • inSync provides you information on the Preserved users in inSync through Preserved Users report.

  • inSync sends alerts to administrators if user preservation fails in inSync, because of insufficient Preserved Users license. For more information, see Alerts.

  • When a user is disabled or deleted in M365, post the sync, Druva preserves the user. User can stay as preserved and retain the data for life in Druva, however in a condition where preserved user is added to a profile where 'Auto-Delete Preserve User' option is enabled and 'Auto-Delete after “x” days' is set then in such scenario preserved user will get deleted as per the due date. Reference article - Preserve, enable, and delete use

  • This behavior of the user being preserved and Exchange Online backing up successfully only occurs if the user mailbox is converted to a Shared Mailbox. Such preserved users will use the Shared/Resource license in Druva and will not get deleted even in the 'Auto-Delete Preserved User' scenario. We can delete such users from Druva either manually from the Druva admin console or delete the Shared Mailbox from O365.

  • The Data Lock feature takes precedence over the settings for the Auto Delete Preserved Users and Auto Delete Inactive Devices fields. Once Data Lock is enabled for a profile, deleting devices, users, or snapshots associated with that profile is not possible.

Related Articles
Microsoft 365 Deleted Device Report for Gov Cloud
Synchronize inSync users and user details with your AD/LDAP
Endpoints Deleted Device Report for Gov Cloud
Auto delete fails to delete preserved users
Troubleshoot - 'Auto-Preserve Unmapped Users' is not working in inSync Cloud
Did this answer your question?