Retention policies for Microsoft Teams
Published Mar 30 2018 03:33 PM 111K Views
Microsoft

Microsoft Teams retention policies are now available in Office 365 security and compliance center

 

Today, we're proud to announce that we are starting the roll out of retention policies for Microsoft Teams. The roll out is expected to complete within the next few weeks. With this launch, Teams admins can use the Office 365 security and compliance center to set retention policies for Teams and decide proactively whether to retain content or delete content – for the entire organization, specific locations or user or specific teams.

 

This is a key milestone  in our efforts to provide IT admins with even more  security and compliance functionality in Teams  and part of our roadmap to bring the Skype for Business Online capabilities into  Teams.

 

retention pic.png

 

What are retention policies for Teams?

For most organizations, the volume and complexity of their data is increasing daily – email, documents, Teams messages, and more. To manage or govern this information is important for admins need to:

 

  • Comply proactively with industry regulations and internal policies that require organizations to retain content for a minimum period – for example, the Sarbanes-Oxley Act might require you to retain certain types of content for seven years.
  • Reduce their risk in the event of litigation or a security breach by permanently deleting old content that organizations are no longer required to keep.
  • Help organizations share knowledge effectively and be more agile by ensuring that their users work only with content that’s current and relevant to them.

With a Teams retention policy, you can:

  • Decide proactively whether to retain content, delete content, or both – retain and then delete the content based on time.
  • Use the SCC Policy creation user experience or Teams Retention PowerShell cmdlets
  • Set different retention durations for Teams Chats v/s Teams Channel Messages.
  • Target the entire organization with these location rows and target specific users (for Teams chat retention) and specific Teams (For Teams channel message retention)
  • Use retention policies with the SharePoint & OneDrive location rows to address the Files in Teams.

Note: Remember that in Teams, file shared in private chats are stored in the sender’s OneDrive for Business account and files uploaded in a channel conversation are stored in the team’s SharePoint site

 

How does it work?

 

info prot arch.png

For Teams chat and channel messages, a copy (that the Teams clients work off of) is stored in the Azure powered chat service and a separate copy is stored (archived) in Exchange online mailboxes (both user and group). We covered this in detail in one of our previous posts on Teams information protection features.

 

  • A chat message or IM in a 1x1 chat or a group chat is ingested into a hidden folder (TeamChat) into the EXO mailbox of each user who is a participant in the 1xN chat (n= 1,2,3 … )
  • A channel message in a Team\channel is ingested into a hidden folder (TeamChat) into the EXO mailbox of the Office 365 Group representing the Team.
  • Now, retention policies are setup by admins in the SCC and the Exchange Lifecycle assistant looks inside the mailboxes at Teams items and their age (based on created date) and acts on them (either preserves or deletes them based on all the policies that exist in the tenant). Then, this information is cascaded back to Teams and Chat service and these items get removed from all storage locations:
    • Mailboxes (so they are no longer available in eDiscovery or compliance content search)
    • Chat service back end
    • Teams Clients (which eventually get in sync with the chat service)

 

Where can I find more details and documentation?

For more information, how-to, known issues and faqs, please see: 

As the roll out gets completed (by mid of April), we encourage you to login to your tenant, setup the appropriate permissions to create retention policies and try creating a retention policy for Teams conversations after having a discussion with your legal/governance organization.

 

So, what’s next on the roadmap?

We are currently working on releasing eDiscovery for calls and meetings in Teams soon. The next big ticket item on the roadmap would be Data Loss Prevention (DLP) for conversations and files. At the same time, we are also focused on addressing customer feedback on existing key features like eDiscovery of Teams data, Teams audit logs, etc.

 

Thanks, and stay tuned for more updates. Please feel free to post questions and/or feedback about Teams Security and Compliance features through other available channels. We are listening. 

 

Cheers,

Ansuman

 

 

33 Comments

Sorry but can you please provide more details on that Azure Chat service we keep hearing about? Things such as where is the data stored (region and actual "container" information), who can access it, how long is it kept for (with or without retention policies in play), can it be searched, can it be exported, etc, etc. So far, for us customers this has been just a "black box" we know exists, and not much else.

 

Also, is there any news around handling messages from Guest accounts, users without ExO mailbox, bots, connectors, etc?

Microsoft
I think you will find the ignite architecture session useful if you want to understand chat service. https://channel9.msdn.com/Events/Ignite/Microsoft-Ignite-Orlando-2017/BRK3071 
 
It covers
  • Architecture of Teams and its clients
  • Chat service and other underlying services
  • Storage locations, Data residency.
 
Silver Contributor

@Ansuman Acharya thanks for the link to the presentation, but that is not sufficient, We need written technical documentation that we can read and reference. Where can we find this?

Deleted
Not applicable

Thanks for the info, and I was initially very interested in this.  However, since Teams has so much of a presence in SPOL & EOL I was under the impression that it inherited the settings of the 'Unified Retention Policies' as defined in the SCC.  My org wants to retain everything and I pitched it to them with what I knew about Groups/Teams and our current 'retain everything' Unified Retention Policy. 

 

Needless to say I was certainly surprised to see a distinct O365 Groups setting that magically popped up in the Retention area a week or so ago.  I dutifully created another policy with the duplicate settings for the O365 Groups offering, but now it appears I need to do it again for Teams?

 

What in the Teams settings/policy is NOT covered by the O365 Groups, SPO, and EOL policies?

 

Are the Persistent Chats also covered by and part of some upcoming S4BOnline retention policy?

 

Thx

Microsoft

The Office 365  Group setting has been around for a while John. To do retention for Teams you need to think of Files and Conversations.

 

For Files in Teams:

- use SPO location

- use OD4B location

 

For Conversations - Use the Team Chat and Channel rows. Office Group mailbox does not cover Teams data fully. It will not fully remove teams data from all storage locations. Same for EOL mailboxes.

Copper Contributor

Good luck getting deep documentation.  Microsoft has all but given up on this.


@Ansuman Acharya wrote:

Microsoft Teams retention policies are now available in Office 365 security and compliance center

 

Today, we're proud to announce that we are starting the roll out of retention policies for Microsoft Teams. The roll out is expected to complete within the next few weeks. With this launch, Teams admins can use the Office 365 security and compliance center to set retention policies for Teams and decide proactively whether to retain content or delete content – for the entire organization, specific locations or user or specific teams.

 

This is a key milestone  in our efforts to provide IT admins with even more  security and compliance functionality in Teams  and part of our roadmap to bring the Skype for Business Online capabilities into  Teams.

 

retention pic.png

 

What are retention policies for Teams?

For most organizations, the volume and complexity of their data is increasing daily – email, documents, Teams messages, and more. To manage or govern this information is important for admins need to:

 

  • Comply proactively with industry regulations and internal policies that require organizations to retain content for a minimum period – for example, the Sarbanes-Oxley Act might require you to retain certain types of content for seven years.
  • Reduce their risk in the event of litigation or a security breach by permanently deleting old content that organizations are no longer required to keep.
  • Help organizations share knowledge effectively and be more agile by ensuring that their users work only with content that’s current and relevant to them.

With a Teams retention policy, you can:

  • Decide proactively whether to retain content, delete content, or both – retain and then delete the content based on time.
  • Use the SCC Policy creation user experience or Teams Retention PowerShell cmdlets
  • Set different retention durations for Teams Chats v/s Teams Channel Messages.
  • Target the entire organization with these location rows and target specific users (for Teams chat retention) and specific Teams (For Teams channel message retention)
  • Use retention policies with the SharePoint & OneDrive location rows to address the Files in Teams.

Note: Remember that in Teams, file shared in private chats are stored in the sender’s OneDrive for Business account and files uploaded in a channel conversation are stored in the team’s SharePoint site

 

How does it work?

 

info prot arch.png

For Teams chat and channel messages, a copy (that the Teams clients work off of) is stored in the Azure powered chat service and a separate copy is stored (archived) in Exchange online mailboxes (both user and group). We covered this in detail in one of our previous posts on Teams information protection features.

 

  • A chat message or IM in a 1x1 chat or a group chat is ingested into a hidden folder (TeamChat) into the EXO mailbox of each user who is a participant in the 1xN chat (n= 1,2,3 … )
  • A channel message in a Team\channel is ingested into a hidden folder (TeamChat) into the EXO mailbox of the Office 365 Group representing the Team.
  • Now, retention policies are setup by admins in the SCC and the Exchange Lifecycle assistant looks inside the mailboxes at Teams items and their age (based on created date) and acts on them (either preserves or deletes them based on all the policies that exist in the tenant). Then, this information is cascaded back to Teams and Chat service and these items get removed from all storage locations:
    • Mailboxes (so they are no longer available in eDiscovery or compliance content search)
    • Chat service back end
    • Teams Clients (which eventually get in sync with the chat service)

 

Where can I find more details and documentation?

For more information, how-to, known issues and faqs, please see: 

As the roll out gets completed (by mid of April), we encourage you to login to your tenant, setup the appropriate permissions to create retention policies and try creating a retention policy for Teams conversations after having a discussion with your legal/governance organization.

 

So, what’s next on the roadmap?

We are currently working on releasing eDiscovery for calls and meetings in Teams soon. The next big ticket item on the roadmap would be Data Loss Prevention (DLP) for conversations and files. At the same time, we are also focused on addressing customer feedback on existing key features like eDiscovery of Teams data, Teams audit logs, etc.

 

Thanks, and stay tuned for more updates. Please feel free to post questions and/or feedback about Teams Security and Compliance features through other available channels. We are listening. 

 

Cheers,

Ansuman

 

 


 

Deleted
Not applicable

 @Ansuman Acharya:  You say that 'The Office 365  Group setting has been around for a while," but most of us know how gradually new features are rolled out.  How long is 'awhile?'  As I said, it was new to me a few weeks ago, and our tenant isn't on 1st release so isn't it perhaps possible that the feature just hadn't shown up for us yet?

 

Some kind of Infographic would be helpful on what services are covered by which retention policies.  If we get caught from a legal standpoint on this, I sure am grateful we can count on MS to step in and help us via our Enterprise Business Partner Agreement...

Brass Contributor

Looks like a good first step.  However, we still use Exchange on-premise.  Currently using SPO, OneDrive, and TEAMS in O365.  We were really waiting for the ability to apply policies against the hidden chat store mentioned above for Pchats for those users who have on-Prem mailboxes, and are not using EOL.  Will this provide access to that data so we can at least apply a retention policy against that data?

 

Being a financial service firm with stringent compliance requirements, we are still waiting for the ability to journal both Pchat and channel messages completely.  Any idea when that might come if ever?

 

 

Iron Contributor

Hi All,

 

Recently I did a presentation on the Retention Policy for Microsoft Teams, I collected some information around retention policy in PowerPoint slide, downloadable as follow.

 

Retention Policy for Microsoft Teams

 

Hope at least some would find it instructive. 

 

 

Brass Contributor

These policies are helpful when you have everything online. For an organization, where mailboxes must stay on on-premises environment, Teams eDiscovery/Compliance policies are not valid.

 

Is there any plan to add eDiscovery / Compliance for Team's private chat for on-premises mailboxes with SharePoint Online, OneDrive and Teams? As per eDiscovery testing for an on-premise mailbox, I didn't find anything for Team's private chat on both on-premise and online. That's because  Teams chat and channels are stored in Exchange Online mailbox and Azure Power Chat service with no access to use any eDiscovery. 

 

Any update on this feature would be helpful. 

 

Cheers,

H.

 

Microsoft

Good question @Hemat Maheshwari. First of all, we need to solve for bringing compliance features to Exchange on Prem users for Teams. This is a complex feature involving work from multiple teams in the Office organization. We are working on that currently, I cannot promise you a timeline. but when that works, eDiscovery will work and then retention will work. The idea is to take Teams conversations data and put them into the cloud equivalent of on-prem mailboxes if the identities are dir-sync'd.

 

Stay tuned on more updates. 

Iron Contributor

We need to be able to journal Teams messages just like we can journal Exchange messages now. We are using Exchange 2013 on-premises. When would we be able to archive Teams communication?

Copper Contributor

I see Teams has a minimum retention of 30 days 

 

1) When will retention policies for less than 30 days Teams be supported?

2) Any comment on why it not supported already?   Why can I set my retention policy Teams to 31 days but not 29?

 

30 day rentention not supported.JPG

 

 

Deleted
Not applicable

Looking for information on when will retention policies for less than 30 days Teams be supported? not sure why this wasn't supported out the gate with the retention policy roll out. 

Copper Contributor

So I am trying to find out what the exact details are with these policies now being implemented. There seems to be a few different scenarios as far as whether this is enabled and working based on your configuration.

 

  1. It does not appear to work if you are hybrid. Which I'm assuming is Exchange Hybrid.
  2. In other articles, it appears that it can take up to 30 days to actually implement and process the retention policy.
  3. Does Skype on Premise matter? It looks like that is not part of this consideration.

Our environment is Exchange 2016 hybrid. SFB is housed on premise, but we are configured for hybrid with SFBO. I am able to configure a Teams channel and chat policy, but it does not appear to be working.

 

Can someone just let me know if this should work in our scenario?

Are we just out of luck?

Is it the 30 day implementation and I'm just too quick to wait for it to apply?

 

-Thanks.

Iron Contributor

Retention policy applies and is applicable to users whose mailboxes are on Exchange ONLINE.

1. Retention doesn't work/cannot be applied on Hybrid mailbox(es)

2. It shouldn't take 30 days as it mentioned -- it takes only 1 day in my case.

3. Same as point no.1 -- Retention Policy doesn't work/cannot be applied on a user whose mailbox is NOT Exchange Online. 

 

Iron Contributor
When will retention start working on Hybrid mailboxes?
Copper Contributor

Retention policy (and deletion) applied on team sites of Sharepoint will be applied for Sharepoint's sites created through channels on Microsoft Teams? If not, how can retention and deletion policies can be applied on Microsoft Teams?

Silver Contributor

@PATRICIA PEREIRA DE SOUZA, just to clarify, when a channel is added to a Team, a new folder gets added to an existing document library in an existing SharePoint site (each Team has a SPO Site, the default document library gets a General folder and additional folders are added to that library)

Iron Contributor
If we are still using Hybrid mode with Exchange On-Premises, how do we archive Teams communications?
Iron Contributor

@Michael Gorn  Please follow this guideline below:

https://techcommunity.microsoft.com/t5/Microsoft-Teams-Blog/Microsoft-Teams-supports-eDiscovery-for-...

 

You must write a request to Microsoft in order to get it done. 

Deleted
Not applicable

MS Teams retention seems to only allow deletion of chats after a minimum of 30 days. This does not meet my organization's retention policy which is 7 days for personal chat given that chats are transitory in nature and should not be kept longer than 1 week. It is a risk to the organization to keep such unstructured and unmonitored information for 30 days. Will MS be making a change to allow users to adjust their retention as they wish, i.e. any time frame and not a minimum of 30 days?

 

Silver Contributor

If you need a change like that, the best way to request it is to do so on the User Voice site at https://microsoftteams.uservoice.com/forums/555103-public

Copper Contributor

 @Deleted I don't want to knock, but I would not hold your breath. We have been holding out for a better retention policy for a long time. We also do not keep chat history at an organization level in SkypeFB. When Office 365 Groups became a thing we got a lot of push back from the lack of retention being available. Kind of sad that there's a product released that doesn't have similar policy or retention to it's current interpretation, in this case Exchange. We are also Hybrid which creates more chaos. In a recent ticket we opened, Teams retention even at 30 days will not currently filter out Bot based messages, or any messages containing attached data, Images and the like.

 

I would almost suggest trying to find a third party tool if there is one. I've even looked at clearing out chat messages via Microsoft Graph, but there is not currently a way to single out messages. At least from what I can tell. This was the work around we used for clearing 365 group messages and still continue to use. 

Copper Contributor

2 major issues. One being the already commented on limitation that you cannot set a policy for less than 30 days. Another, and even larger issue, which I only find mention here: https://docs.microsoft.com/en-us/microsoftteams/retention-policies-faq

 

Can we include Teams in org-wide policies?

No, not currently. You must create specific policies for Teams chat and channel messages using the Teams location row or these Teams cmdlets: New-TeamsRetentionCompliancePolicy & New-TeamsComplianceRetentionRule. These cmdlets have get and set versions as well.

 

So, you cannot create a default org-wide policy and have it actually do anything. I have created one for our organization, waited the 30 days, and then some, no deletion... This is a BIG issue for something that is OOTB supposed to allow users to just create Groups/Teams on the fly as often as they want. If you are not in control of groups being created, and you cannot manage them on an organization-wide level, what good is this option to setup a policy?

 

This detail was only brought to light after opening a ticket with Microsoft Support who directed me to the following articles to "make sure the policy is configured correctly."

https://docs.microsoft.com/en-us/microsoftteams/retention-policies

https://docs.microsoft.com/en-us/microsoftteams/retention-policies-faq

https://techcommunity.microsoft.com/t5/Microsoft-Teams-Blog/Retention-policies-for-Microsoft-Teams/b...

https://docs.microsoft.com/en-us/office365/securitycompliance/retention-policies

https://docs.microsoft.com/en-us/microsoftteams/retention-policies-known-issues

Brass Contributor

Can someone provide some help?

 

1.) We need absolute clarity about how, when and where private chat histories are stored:

Attached is a screenshot of MFCMAPI exploring the hidden mailbox folder for "Conversation History\Team Chat". As you can see, there is ZERO chat history stored in this location. Yet when Teams is launched for the user, chat history is available. 

 

2.) We need control over whether chat history is enabled (at all). Meaning that if an organization desires to use private chats, but does not wish to archive any data, they should be able to do so. The use of a deletion policy is not a viable workaround. The data must not be captured AT ALL if desired.

 

3.) End users should also be given the ability to delete certain private chat messages (if the organization allows it).

 

4.) Finally, can someone address the thread related to this over on Uservoice?  The most recent response from Microsoft basically waived everyone off and as you can see, everyone is extremely frustrated.:
https://microsoftteams.uservoice.com/forums/555103-public/suggestions/33535006-delete-private-chat-t...

 

Screenshot.png

Copper Contributor

Any ideas on when retention for Private Channels will be released? 

Copper Contributor

@Victoria Hughes  - this

 

 

Copper Contributor

@Stuart Mcbain , you misunderstand my question. I'm aware that Private Channels are available. I'm asking when retention will be available for Private Channels. Per the documentation, current retention policies on Teams Channels do not support Private Channels. https://docs.microsoft.com/en-us/microsoftteams/retention-policies - It's the first purple note on the page: 

 

We don’t yet support configuration for retention of private channel messages. Retention of files shared in private channels is supported.

Thankfully Private Channels rolled out in a disabled state to our tenant - maybe this was intentional by Microsoft. Where a tenant has retention policies applied to Team Channels, the Private Channels feature was deployed in a disabled state. 

 

Until retention policies support Private Channels, we're stuck and I'm trying to find an ETA on this functionality. The roadmap has no mention of it, sadly, and I'm not finding anything anywhere else. A support ticket only reiterated the documentation available and they couldn't say whether it was ever going to be available.

Copper Contributor

Are conversations recorded as they are typed?  If someone edits their comment does the original content get retained?  Just for instance, if a password is typed into the chat, and then after the recipient receives it and the conversation is edited, will the password still be kept in a record and be accessible?  Just for conversations sake, lets say that the password is typed and then edited 5 minutes later.

Copper Contributor

As a financial services broker-dealer, we need the ability to have all activity in Microsoft Teams to be archived in Erado or Smarsh's compliance portals that flag for potential activities based on specific criteria.

One way to do this would be to export (daily) all activity within these systems (including chat) to an email address we have set up to archive with Erado/Smarsh.

Would this be possible?

Steel Contributor

I would like to add here that customers are unable to exclude individual users from Teams Channel Messages retention policies.  You might first think "Obviously, you would include/exclude Teams, not users".  But you can see how this is actually a problem if you try to migrate a mailbox from Exchange Online back to on-premises (in a Hybrid deployment), to an Exchange 2010 database.  2013 and newer databases are OK, because O365 retention policies can work with those.

 

MS Support is aware of this problem but there is no ETA on a resolution.  The problem will be safe for them to ignore within a few months when Exchange 2010 goes out of support.  Reference Premier Support case #: 18176866.

 

The solution available for this particular problem today is to open a support ticket and MS Support will have some back-end team do some magic which adds a new policy exclusion to the user.  The Security & Compliance Center PowerShell command that was being tried during the support is 

Set-RetentionCompliancePolicy -Identity <ID> -AddTeamsChannelLocationException <User's mailbox's ID>

But that won't work, that command wants a Team ID, not a mailbox's ID.  Trying it with the mailbox's ID will throw an error because it sees mailboxes as MailUsers (reference issue for that: https://github.com/MicrosoftDocs/office-docs-powershell/issues/4788).

 

I get that Exchange 2010 is going away, so that's a non-issue for a decent percentage of the world.  But I wonder how some of these unpopular issues are going to play out in other areas, or down the road when somebody actually offboards from Office 365 / EXO.

 

 

Copper Contributor

Now that Teams recordings are stored in SPO and OneDrive, Is there any guidance available for applying retention policies to Teams recordings? 

Version history
Last update:
‎Jan 26 2021 02:12 PM
Updated by: