Image: Data retention policies enabling user freedom without risk graphic

Data retention policies in Microsoft Office 365 are now available for Teams locations

Managing data is important in scenarios such as complying with regulations or ensuring users have relevant content available to them.  To support this, data retention policies have been available in Office 365 for some time. This allows organisations to perform actions such as retaining content for a defined retention period. And permanently deleting content once it has passed its retention period.

Until recently, data retention policies in Office 365 could only be applied to the following locations:

  • Exchange mailboxes
  • SharePoint sites
  • OneDrive accounts
  • Office 365 Groups
  • Skype for Business users
  • Exchange public folders

Noticeably absent from the list of locations shown above is Microsoft Teams.  Fortunately, Microsoft has recently released an update that allows for the selection of Microsoft Teams locations.

 

Image: Data retention policies in Office 365 Screen

How can I apply data retention policies to my Microsoft Teams chats and channel messages?

One of the first things to notice above is the separation between Microsoft Teams chats and channel messages.  Copies of chats and channel messages are stored in an Azure-powered chat service, used by the Microsoft Teams clients.  However, additional copies of chats and channel messages are also stored in Exchange Online mailboxes.  Chats are stored in the mailboxes of the chat participants. However, channel messages are stored in the mailbox belonging to the team’s Office 365 Group.  This setup permits Office 365 tools and services such as content search, retention and eDiscovery to be able to access the chats and channel messages in these Exchange Online mailboxes.

This setup also raises an interesting consideration when creating data retention policies that may apply to locations including Exchange mailboxes and/or Office 365 Groups.  Given what we have highlighted in the previous paragraph, you might expect that a retention policy that applies to Exchange Online mailboxes and Office 365 Groups will also apply to Microsoft Teams chats and channel messages.  However, Microsoft makes it clear in its documentation that Teams chats and channel messages are only affected by retention policies using the Microsoft Teams locations. So bear this in mind when creating data retention policies.

How about retaining the files that are stored in Microsoft Teams?

Microsoft Teams isn’t just about chats and channel messages of course.  One of the core features of Microsoft Teams is the ability for users to collaborate on files stored within the team.  As we’ve seen above, copies of chats and channel messages are stored in different mailboxes hosted in Exchange Online.  In a similar manner, files within Microsoft Teams are stored in different locations depending on the scenario in which the files are used.

For example, any files that are uploaded into a team are stored in the SharePoint site belonging to the team’s Office 365 Group.  Therefore, to apply a retention policy for this scenario, the policy must apply to the relevant SharePoint site.  If users are engaged in a chat and one user shares a file with the others via that chat, the file is stored in the sending user’s OneDrive for Business account.  Therefore, to apply a retention policy for this scenario, the policy must apply to the relevant OneDrive for Business account.

Are there other considerations?

When selecting either of the Microsoft Teams locations when creating a new retention policy, the administrator will notice that all other locations (e.g. Exchange, SharePoint, OneDrive, Office 365 Groups, Skype for Business and Exchange public folders) are disabled as shown below.  This occurs because a separate retention policy is required to select Microsoft Teams locations.

Image: Data retention policies screen 2 Teams selections

Also of note is the current lack of support for the advanced retention settings when using Microsoft Teams location in data retention policies.  When creating a retention policy, it’s sometimes possible to select the Use advanced retention settings option to create a policy that can detect content based on specific words or phrases, or content containing sensitive information.  This selection is shown below.

Image: Data retention policies decision window

However, if you select the advanced retention settings option, the Microsoft Teams locations (as well as the Skype for Business and Exchange public folders locations) will not be available to you when you get to the screen used to specify the target locations of the data retention policy.

Be aware of timing considerations when using retention policies for Microsoft Teams locations.  At the time of writing this article, Microsoft states that it may take up to 30 days for the Teams clients to clean up content.  This means that content may still be visible in the Teams clients even though it won’t be visible in an eDiscovery search, for example.   Finally, Microsoft currently states in its topic titled Overview of retention policies that, to delete Microsoft Teams content via a retention policy, the content must be at least 30 days old.  If a value of less than 30 days is entered, a warning message is displayed.

Image: Data retention policies Action window error message

How Can Silversands Help?

Understanding Office 365’s security and compliance features together with their benefits, applicability and requirements can be a daunting experience.  We have extensive experience with Office 365 and Azure Active Directory, and can assist you in making sense of the options available to you.  Use the attached form and someone will be in contact with you very soon.

We run regular workshops and webinars where you can get the latest updates and expert advice about Teams, plus we also post regular blogs about Office 365, so please do follow us.

Icon: LinkedInIcon: twitter bird

Contact us

  • This field is for validation purposes and should be left unchanged.