SOLVED
Home

Retention Policies and SharePoint sites

Highlighted
Jakob Rohde
Contributor

We have five year retention policies covering almost everything, including Teams. When a site is deleted, e.g. by deleting a team, all files contained in the site are retained. But what about the site (including lists etc.)?

 

If a user wants to recover a site (after 30 days in the recycle bin has passed), is it only the files that can be recovered? If so, is it possible to identify which files were stored in the site? 

25 Replies
If you set the sharepoint retention for a certain point of time on the site (team) afaik the site or lists with content can’t be deleted

Also see the following post:

https://techcommunity.microsoft.com/t5/Office-365/Remove-a-Sharepoint-Site-on-Preservation-Hold/td-p...

Adam

Thanks, Adam.

 

I can see that sites belonging to teams that I have deleted are still present in the SPO Adminstration portal and it is marked with"This site has a compliance policy set to block deletion". But when I try to access such a site, I am denied access both a the owner and as admin (Global Administrator). So how do I gain access? 

Thanks again.

 

One final question: If I am given the right permissions in the Security & Compliance Center and I need to restore a SharePoint site, will I have to do that vie eDiscovery or can I simply access the site using the url?

Hmm! I’m a little confused here! Is the corresponding office 365 group still present? If the site is not deleted you should be able to access it! The retention just controls deletion

My point exactly!

 

Yes, the associated group is still present in Exchange Admin Center (marked as "Deleted"). 

 

The SharePoint site is still present in the SharePoint Admin Center in the Active sites list. It is not moved to the Deleted sites list (in the new Admin Center).

My guess here is to recover the group

I think you are right. 

 

The workspace I have been testing with was deleted 9 days ago and that is the reason it is still present in the EXO Admin Portal. After 30 days the group will be removed. So where do I go to recover groups that were deleted more than 30 days ago? eDiscovery?

Groups with retention includes the site, docs and mailbox! AFAIK when a group is deleted there’s no way to restore it after 30 days!

@Tony Redmond!

Now in even more confused! What is the pupose of allowing me to add Office 365 groups to a retention policy, if it is deleted after 30 days anyway?

I’m not really sure about this but the conent around the group gets under the retention aka NOT deleted! Site , mail , docs..if you delete the team, the 365 group gets deleted per default! It seems true here as well under retention but the above locations don’t get deleted!
T
In your case the group got deleted but all the content is saved and still there?

Since the group was deleted less than 30 days ago, it's still in the recycle bin. When the 30 days have passed, the groups will disappear from the recycle bins, but they must be available somewhere, because otherwise the retention policy is pointless.

Ok I though the group was deleted more than 30 days ago in this case!

Recover group:

https://docs.microsoft.com/sv-se/office365/admin/create-groups/restore-deleted-group?view=o365-world...

Regarding retention on groups IM still not really sure how it works but my guess is that by ensbling retention on a office 365 group would make sure that grouP mailbox , spbsite and files will remain! It would seem that the group itself would be undeletable but this doesn’t seem to be the case!
I’m reaching out for help here!

Adam
Yeah. The group can be deleted it’s the content retained. So the mailbox and sp site will still be around after the group recycle out.
But how does the permissions behave here? If the group gets deleted?

Sorry, if I'm being clear enough. The group I mentioned was just an example. What I'm trying to do is to understand how retention works so I can define our governance policies and also decide if we need a 3rd party backup solution or not.

 

Let me rephrase: As an example: A user comes to me for help recovering the content that were on a SharePoint site (with a group) that were deleted a year ago or more. I have a 5 year retention policy covering Teams, Groups, SharePoint and Exchange. Can I recover the group along with the site and team? If not, can I at least (relatively easy) recover all the files that were stored in the site?

Solution

The reason why you put Office 365 Groups on retention is to ensure that the content in all the resources owned by the group is kept for a certain period.

 

When a group passes 30 days post-deletion, the Azure Active Directory object that represents the group is removed. This effectively breaks the link that ties all the group resources together. At the same time, instructions go to the associated workloads (like SharePoint and Exchange) to say that the group no longer exists. The workloads then check whether any retention holds exist. If they do, the content is held until the hold elapses. If not, the content is removed using the workload's normal processing (for instance, the mailbox is cleaned up by the Exchange Mailbox Folder Assistant).

 

Content under retention can always be accessed by a content search and export.

About retention : https://docs.microsoft.com/en-us/office365/securitycompliance/retention-policies

Retention makes sure that it dont get deleted! Once its deleted, there is no way Of recovering it!
If the group is deleted, the corresponding site will remain
Thanks for clarifying!!

@Tony Redmondthat's a very clear explanation, worthy of being upgraded to an docs article, kudo's. Could you explain the following scenario:

  1. I created a 'Teams' Team falling under 2 retention policies retaining content forever (SharePoint, O365 Group and Team Channel messages are all covered)
  2. played around with the Team for a month or so, all resources (Groups Mailbox, SharePoint site, Channel messages) are touched and created
  3. now I want to really, really delete the Team and all associated resources, leaving no trace what so ever

What to do?

 

What I did was:

  1. delete the Azure group (Remove-AzureADGroup)
  2. permanently delete the Azure Group (Remove-AzureADMSDeletedDirectoryObject)
  3. set an exclusion in the SharePoint site retention policy (Set-CCRetentionCompliancePolicy)

The Teams and Group resources seem to be gone entirely, but the SharePoint site will complain 'This site has a compliance policy set to block deletion' even though it also says 'We couldn't find the Office 365 group connected to this site.'. How to delete the SPO site, in this situation? Should I have started with adding exclusions for the Office 365 Group, Team and SPO site to the retention policies? Should I switch the policies off (won't this impact other sites covered with the policy?

 

Hope you can help me

@SjoerdV Sorry for the delay in replying. I've been away.

 

I believe that you might have "broken" the links that connect the Office 365 group and its associated resources by deleting the Azure AD group using PowerShell. It might have been better to:

 

1. Remove the site from the retention policy.

2. Wait for SPO to process the command from the SCC to remove the policy from the site.

3. Remove the team (this forces a notification to all workloads).

4. Accelerate the 30-day removal process by hard-deleting the soft-deleted group after waiting for about a day to ensure that all workloads have been informed about the deletion.

 

 

@SjoerdV 

Sorry for the delay in replying. I've been away.

 

I believe that you might have "broken" the links that connect the Office 365 group and its associated resources by deleting the Azure AD group using PowerShell. It might have been better to:

 

1. Remove the site from the retention policy.

2. Wait for SPO to process the command from the SCC to remove the policy from the site.

3. Remove the team (this forces a notification to all workloads).

4. Accelerate the 30-day removal process by hard-deleting the soft-deleted group after waiting for about a day to ensure that all workloads have been informed about the deletion.

 

 

Thanks for the heads-up, I'll adjust procedures to align with you suggestion. It kind of worries me that
A) you can get in an undisirable state this easily, which will also not resolve itself (what to do with that sharepoint site that won't go anywhere?)
B) the amount of time that is needed between steps severly hinders routine maintenance

The whole retention architecture feels kind of flaky or an afterthought at best. Seems like it should be an entirely seperate architectural layer (both application and storage) but it isn't. I'll try to cope with it anyway :-)

@SjoerdV It's more like these are loosely-coupled workloads where synchronization must happen to keep everything aligned. With that in mind, it makes sense to take account of the need for synchronization before doing anything to remove data.