Best Practices for securing Microsoft Teams data (both chat and files)?

%3CLINGO-SUB%20id%3D%22lingo-sub-1247077%22%20slang%3D%22en-US%22%3EBest%20Practices%20for%20securing%20Microsoft%20Teams%20data%20(both%20chat%20and%20files)%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1247077%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20are%20looking%20to%20implement%20Teams%2C%20but%20there%20are%20two%20key%20issues%20that%20we%20need%20to%20be%20sure%20of%20before%20rolling%20it%20out.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1.%26nbsp%3B%20How%20can%20we%20secure%20Teams%20chat%20so%20that%20no%20user%20can%20ever%20delete%20any%20chat%20history%20from%20a%20Team%2C%20nor%20delete%20any%20files%20that%20are%20uploaded%3F%26nbsp%3B%26nbsp%3B%20We%20require%20full%20SEC%20compliance%2C%20so%20the%20ability%20to%20have%20all%20historic%20data%20at%20the%20ready%20for%20export%2Finspection%20for%20all%20our%20Teams%20is%20critical.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E2.%26nbsp%3B%20What%20is%20the%20Best%20Practice%20for%20retaining%20all%20Teams%20data%2C%20even%20from%20employees%20who%20might%20be%20long%20gone%20from%20the%20company%20or%20for%20Teams%20that%20have%20been%20long%20since%20removed%20from%20active%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1247077%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EBest%20Practices%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EChat%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EFiles%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20Teams%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1247276%22%20slang%3D%22en-US%22%3ERe%3A%20Best%20Practices%20for%20securing%20Microsoft%20Teams%20data%20(both%20chat%20and%20files)%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1247276%22%20slang%3D%22en-US%22%3E%3CP%3EUsers%20can%20only%20delete%20the%20%22client-side%22%20data%2C%20the%20copies%20of%20their%20conversations%20that%20are%20stored%20within%20their%20mailbox%20remain%2C%20and%20they%20are%20what's%20used%20for%20eDiscovery%20purposes.%20Similarly%2C%20documents%20are%20stored%20in%20SPO%2FODFB%20and%20covered%20by%20whichever%20policies%20you've%20configured%20there.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETony%20has%20a%20series%20of%20articles%20that%20cover%20most%20aspects%20of%20this%2C%20and%20you%20can%20always%20refer%20to%20the%20official%20documentation%20as%20well%3A%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.petri.com%2Fteams-compliance-story%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.petri.com%2Fteams-compliance-story%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.petri.com%2Fteams-compliance-records-hybrid-exchange%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.petri.com%2Fteams-compliance-records-hybrid-exchange%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.petri.com%2Fproving-teams-retention-policies-work%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.petri.com%2Fproving-teams-retention-policies-work%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Frequent Contributor

We are looking to implement Teams, but there are two key issues that we need to be sure of before rolling it out.

 

1.  How can we secure Teams chat so that no user can ever delete any chat history from a Team, nor delete any files that are uploaded?   We require full SEC compliance, so the ability to have all historic data at the ready for export/inspection for all our Teams is critical.

 

2.  What is the Best Practice for retaining all Teams data, even from employees who might be long gone from the company or for Teams that have been long since removed from active?

1 Reply
Highlighted

Users can only delete the "client-side" data, the copies of their conversations that are stored within their mailbox remain, and they are what's used for eDiscovery purposes. Similarly, documents are stored in SPO/ODFB and covered by whichever policies you've configured there.

 

Tony has a series of articles that cover most aspects of this, and you can always refer to the official documentation as well:

https://www.petri.com/teams-compliance-story

https://www.petri.com/teams-compliance-records-hybrid-exchange

https://www.petri.com/proving-teams-retention-policies-work