Microsoft Teams retention policies are now available in Office 365 security and compliance center
Today, we're proud to announce that we are starting the roll out of retention policies for Microsoft Teams. The roll out is expected to complete within the next few weeks. With this launch, Teams admins can use the Office 365 security and compliance center to set retention policies for Teams and decide proactively whether to retain content or delete content – for the entire organization, specific locations or user or specific teams.
This is a key milestone in our efforts to provide IT admins with even more security and compliance functionality in Teams and part of our roadmap to bring the Skype for Business Online capabilities into Teams.
What are retention policies for Teams?
For most organizations, the volume and complexity of their data is increasing daily – email, documents, Teams messages, and more. To manage or govern this information is important for admins need to:
Comply proactively with industry regulations and internal policies that require organizations to retain content for a minimum period – for example, the Sarbanes-Oxley Act might require you to retain certain types of content for seven years.
Reduce their risk in the event of litigation or a security breach by permanently deleting old content that organizations are no longer required to keep.
Help organizations share knowledge effectively and be more agile by ensuring that their users work only with content that’s current and relevant to them.
With a Teams retention policy, you can:
Decide proactively whether to retain content, delete content, or both – retain and then delete the content based on time.
Use the SCC Policy creation user experience or Teams Retention PowerShell cmdlets
Set different retention durations for Teams Chats v/s Teams Channel Messages.
Target the entire organization with these location rows and target specific users (for Teams chat retention) and specific Teams (For Teams channel message retention)
Use retention policies with the SharePoint & OneDrive location rows to address the Files in Teams.
Note: Remember that in Teams, file shared in private chats are stored in the sender’s OneDrive for Business account and files uploaded in a channel conversation are stored in the team’s SharePoint site
How does it work?
For Teams chat and channel messages, a copy (that the Teams clients work off of) is stored in the Azure powered chat service and a separate copy is stored (archived) in Exchange online mailboxes (both user and group). We covered this in detail in one of our previous posts on Teams information protection features.
A chat message or IM in a 1x1 chat or a group chat is ingested into a hidden folder (TeamChat) into the EXO mailbox of each user who is a participant in the 1xN chat (n= 1,2,3 … )
A channel message in a Team\channel is ingested into a hidden folder (TeamChat) into the EXO mailbox of the Office 365 Group representing the Team.
Now, retention policies are setup by admins in the SCC and the Exchange Lifecycle assistant looks inside the mailboxes at Teams items and their age (based on created date) and acts on them (either preserves or deletes them based on all the policies that exist in the tenant). Then, this information is cascaded back to Teams and Chat service and these items get removed from all storage locations:
Mailboxes (so they are no longer available in eDiscovery or compliance content search)
Chat service back end
Teams Clients (which eventually get in sync with the chat service)
Where can I find more details and documentation?
For more information, how-to, known issues and faqs, please see:
As the roll out gets completed (by mid of April), we encourage you to login to your tenant, setup the appropriate permissions to create retention policies and try creating a retention policy for Teams conversations after having a discussion with your legal/governance organization.
So, what’s next on the roadmap?
We are currently working on releasing eDiscovery for calls and meetings in Teams soon. The next big ticket item on the roadmap would be Data Loss Prevention (DLP) for conversations and files. At the same time, we are also focused on addressing customer feedback on existing key features like eDiscovery of Teams data, Teams audit logs, etc.
Thanks, and stay tuned for more updates. Please feel free to post questions and/or feedback about Teams Security and Compliance features through other available channels. We are listening.