Microsoft Data Retention and Destruction

Copper Contributor

Our compliance team has requested we shorten our retention policy on data.  From the numerous sys admin jobs I have had, I have never had to deal with this because we typically had a 10+ year retention policy.  So all of this new to me and I wanted to ask for some best practices and advice.

 

We are to set up yearly purging of emails from the previous year and to wipe all Teams' chats past 30 days.  We are setting up exclusions for certain people.  To those who have experience, what is the best way to set this up in the Microsoft Environment?  We are not an E3 or E5 customer so the Purview options I see are not an option.

 

Thanks

2 Replies

@bmorebobbbbbyyyy 

 

Please refer to this, retention may also apply to other area such as Exchange as well

 

https://learn.microsoft.com/en-us/microsoftteams/retention-policies

 

 


While Purview options might be unavailable, you can still achieve yearly email purging and 30-day Teams chat deletion in your Microsoft environment without an E3 or E5 license. Here's how:

Email Purging:

Retention Policies: Utilize Exchange Online retention policies. These allow you to define rules for automatically deleting emails based on specific criteria like age, sender, recipient, or keywords.
Create a new retention policy with the following settings:
Retention period: Set it to "1 year" for emails from the previous year.
Apply to: Choose the mailboxes or groups where you want this policy applied.
Retention action: Select "Delete".
You can create separate policies with different retention periods for specific needs, like excluding certain individuals or departments.
Retention Tags: Alternatively, consider retention tags. These are pre-defined policies that can be applied to folders or individual messages.
Create a custom retention tag with a "1 year" retention period and apply it to relevant folders or emails.
Teams Chat Deletion:

Retention Policies: Unfortunately, native Teams chat retention policies aren't available without E3 or E5 licenses. However, you can leverage PowerShell cmdlets to achieve similar functionality.
Use the Remove-AzureADGroupChatMessage cmdlet to delete messages older than 30 days.
This method requires scripting knowledge and careful execution to avoid unintended data loss.
Manual Deletion: Encourage users to manually delete chats or channels exceeding the desired retention period.
Important Considerations:

Testing: Before implementing any deletion strategy, thoroughly test it in a non-production environment to ensure it functions as expected and doesn't affect crucial data.
Legal and Compliance Requirements: Ensure your data retention policies comply with relevant legal and regulatory requirements, as well as your organization's internal policies.
Backup and Recovery: Maintain proper backups of your data in case of accidental deletion or unforeseen issues.
Additional Resources:

Exchange Online retention policies: https://learn.microsoft.com/en-us/exchange/security-and-compliance/messaging-records-management/crea...
Retention tags: https://learn.microsoft.com/en-us/exchange/security-and-compliance/messaging-records-management/rete...
Remove-AzureADGroupChatMessage cmdlet: https://learn.microsoft.com/en-us/powershell/module/azuread/remove-azureadgroupmember?view=azureadps...
Remember, consulting with an IT professional familiar with your specific environment is recommended for setting up these configurations and ensuring data security and compliance.