08-10-2018 06:52 AM
08-10-2018 06:52 AM
Trying to get my head round retention and protecting team sites created by users from being deleted and have been looking at Retention policies for sharepoint sites.
I am able to create a policy and choose select sites by searching for them using the full url however I can only find sites that I am a member of. As a Global Admin I was hoping to be able to apply retention to all sites whether I am a member/owner or not.
Is this expected behaviour or have I missed something? Any help appreciated.
08-10-2018 10:01 AM
08-10-2018 11:45 AM
You should be able to type in the URL of any site collection, including those belonging to Groups you are not a member of. If you are seeing something else, that's a bug and you should open a support case to have it investigated.
You can also just use PowerShell to create the policy/add locations.
08-13-2018 08:11 AM
I am trying to prevent owners from deleting Sites. Also wanting to retain any data from the sites. When you say permissions should be the way to prevent deletion totally, what is the preferred method to do this? e.g. as an admin we create a Groups connected site and only give them member access to that group?
I am indeed creating a retention policy from S&CC and I can only see the root sharepoint site for the tenant. However I am aware that you need to add the full URL for an individual site if you want to add these but on this occasion it seems I can (as a Global admin) only add sites that I am a member of or owner of. I'm not sure if I am missing something but the whole admin side of the new modern site management seems a bit shambolic.
One thing I noticed is that when a site is created by someone either via Teams/Outlook etc then the admin centre shows "Group Owners" as the primary admin. Makes no sense and as an admin we need to either add ourselves to the group as an owner or sift through the audit logs to see who created the site.
The overall goal here is to prevent normal users from creating the sites/groups themselves but at the moment I am struggling to see how best to manage these.
Thanks for replying.
08-13-2018 08:14 AM
I will open up a support case as it appears I can't do what you suggest.
I'd rather not use Powershell at the moment for this until I can address some of the other issues I am having.
08-20-2018 08:53 AM
o.k. I have opened a support request up to Microsoft and they have told me that I need to be an owner of every site I want to add to a retention policy. They have told me this is the only way to do this.
I have of course asked them to document this claim in an email, I shall await their email.
08-26-2018 10:26 PM
That sounds like a BS to me, retention policies are a tenant-wide feature and so creating them is not dependent on the site-level permissions.
08-27-2018 02:33 AM
The reply from Microsoft support appears to point out that as a Global Admin I should be automatically added as a site collection administrator to all created sites apart from ones that have been marked as private.
I don't think this is the case. It may be that roles have been amended over time by other GA's in our tenant but as a Global Admin I don't seem to have access to all site collections. I can however add myself as a site collection administrator to many sites if needed and then I can add the sites to the retention policies.