Retention policies for modern team sites

Iron Contributor

Trying to get my head round retention and protecting team sites created by users from being deleted and have been looking at Retention policies for sharepoint sites. 

 

I am able to create a policy and choose select sites by searching for them using the full url however I can only find sites that I am a member of. As a Global Admin I was hoping to be able to apply retention to all sites whether I am a member/owner or not.

 

Is this expected behaviour or have I missed something? Any help appreciated.

8 Replies
Are you trying to retain data even if a site is deleted, or truly prevent site deletion? Retention policies will help preserve data, but they won't prevent deletion completely; permissions should be your go to for that.

That being said, if you use the retention policies in the Security & Compliance center, you should be able to see all SharePoint sites as long as you are Global Admin. Is that where you're doing this from?

You should be able to type in the URL of any site collection, including those belonging to Groups you are not a member of. If you are seeing something else, that's a bug and you should open a support case to have it investigated.

 

You can also just use PowerShell to create the policy/add locations.

Hi Max, 

             I am trying to prevent owners from deleting Sites. Also wanting to retain any data from the sites. When you say permissions should be the way to prevent deletion totally, what is the preferred method to do this? e.g. as an admin we create a Groups connected site and only give them member access to that group?

 

I am indeed creating a retention policy from S&CC and I can only see the root sharepoint site for the tenant. However I am aware that you need to add the full URL for an individual site if you want to add these but on this occasion it seems I can (as a Global admin) only add sites that I am a member of or owner of. I'm not sure if I am missing something but the whole admin side of the new modern site management seems a bit shambolic. 

 

One thing I noticed is that when a site is created by someone either via Teams/Outlook etc then the admin centre shows "Group Owners" as the primary admin. Makes no sense and as an admin we need to either add ourselves to the group as an owner or sift through the audit logs to see who created the site.

 

The overall goal here is to prevent normal users from creating the sites/groups themselves but at the moment I am struggling to see how best to manage these.

 

 

Thanks for replying.

 

 

 

Thanks Vasil. 

 

I will open up a support case as it appears I can't do what you suggest.

 

I'd rather not use Powershell at the moment for this until I can address some of the other issues I am having.

o.k. I have opened a support request up to Microsoft and they have told me that I need to be an owner of every site I want to add to a retention policy. They have told me this is the only way to do this.

 

I have of course asked them to document this claim in an email, I shall await their email.

 

 

That sounds like a BS to me, retention policies are a tenant-wide feature and so creating them is not dependent on the site-level permissions.

The reply from Microsoft support appears to point out that as a Global Admin I should be automatically added as a site collection administrator to all created sites apart from ones that have been marked as private. 

I don't think this is the case. It may be that roles have been amended over time by other GA's in our tenant but as a Global Admin I don't seem to have access to all site collections. I can however add myself as a site collection administrator to many sites if needed and then I can add the sites to the retention policies.

 

@Scott Preston 

Configuration information for SharePoint sites and OneDrive accounts

When you choose the SharePoint sites location, the retention policy can retain and delete documents in SharePoint communication sites, team sites that aren't connected by Office 365 groups, and classic sites. Team sites connected by Office 365 groups aren't supported with this option and instead, use the Office 365 groups location that applies to content in the group's mailbox, site, and files.

 

More info: https://docs.microsoft.com/en-us/microsoft-365/compliance/create-retention-policies?view=o365-worldw...