SOLVED

Groups, Sharepoint Data & Retention/Compliance Req's - Watch Out Before You Delete

Deleted
Not applicable

Attending SPTechCon Austin, and it's been great thus far.  Many good session.  Happily, there's been quite a few sessions on Teams/Groups and I've learned a LOT.

 

The local SP/O365 User Group hosted a panel tonight that included SharePoint Senior Product Manager Mark Kashman.  He mentioned a couple of things that raised a flag for me, and I was able to pose the question directly to the panel:

 

He said that when an O365 Group is deleted it kicks off a cascading process, which deletes everything associated with the group.  Among other things is the Sharepoint Site Collection (NOT Team Site, as I thought it was) and any data contained therein.

 

I know and am happy about the 30-day recovery capability for all group components via PS.

 

However:  Mark indicated that any SP retention/compliance policies are not currently respected by these Group-Related O365 Site Collections.  This to me a a BIG red flag for my and other companies with financial/medical data retention/discovery requirements. 

 

If Teams/Groups is being pushed 'the new way to work with everything', we can't presume that users won't work with sensitive data in it.  If I can't demonstrate that the data is subject to audit, retention and eDiscovery, I can't roll Groups/Teams/Whatever out across my company.        

 

4 Replies
best response
Solution

John, perfect timing!

Following today's announcement: Announcing the release of Threat Intelligence and Advanced Data Governance, plus significant updates...

You can now easily set a retention or deletion policy for an entire group (which will apply to the SP content): Overview of retention policies

Screenshot below:

GroupsRetention.JPG

 

When the cascading delete happens the term "Team Site" and "Site Collection" mean the same thing.  Both of those refer to the SharePoint site colleciton that is connected to the Group.  So when a Group is deleted the connected SharePoint site is deleted. 

Thanks @Drew Madelung and Christophe Fiessinger for your replies.   I've learned this week that O365 Groups is an 'Embrace it or get run over it' feature, and will do my best to integrate it into my company.  

I fully understand that the 'Way People Work' has changed and Groups is an apt response to it.  Nevertheless, retention/discovery is still an issue for me and once I get my arms fully wrapped around it I'll need to schedule meetings with my C-levels and legal dept to explain this to them.

 

SPTechCon Austin was very good, and I had a lot of good takeaways.  Kudos to all the speakers.