Office 365 Security & Compliance Retention Policy and recovery times

%3CLINGO-SUB%20id%3D%22lingo-sub-160023%22%20slang%3D%22en-US%22%3EOffice%20365%20Security%20%26amp%3B%20Compliance%20Retention%20Policy%20and%20recovery%20times%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-160023%22%20slang%3D%22en-US%22%3E%3CP%3EImagine%20the%20scenario%20where%20company%20has%20an%20Office%20365%20Security%20%26amp%3B%20Compliance%20Retention%20Policy%20with%206%20months%20hold%20for%20all%20modified%20items%20and%20no%20deletion%20after%20the%20hold%20set%20to%20all%20O365%20workloads%20(Skype%2C%20Exchange%2C%20Sharepoint%2C%20OneDrive%E2%80%A6)%20organization-wide%20to%20all%20users.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ENow%2C%20while%20the%20policy%20is%20affecting%2C%20user%20%E2%80%9CJon%20Doe%E2%80%9D%20account%20is%20deleted%20from%20Azure%20AD%20by%20removing%20the%20AD%20user%20object%20from%20the%20AADConnect%20sync%20scope.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWhen%20will%20Jon%E2%80%99s%20Exchange%20Online%20mailbox%20data%20and%20OneDrive%20for%20Business%20data%20be%20completely%20deleted%20from%20the%20cloud%20to%20the%20point%20of%20no%20restore%20available%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-160609%22%20slang%3D%22en-US%22%3ERe%3A%20Office%20365%20Security%20%26amp%3B%20Compliance%20Retention%20Policy%20and%20recovery%20times%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-160609%22%20slang%3D%22en-US%22%3E%3CP%3EYour%20bing-fu%20yielded%20the%20correct%20results.%20Just%20to%20clarify%20on%20the%20Exchange%20scenario%20-%20the%2030%20days%20window%20is%20for%20the%20soft-deleted%20scenario.%20This%20is%20the%20recovery%20window%20for%20all%20mailboxes%2C%20regardless%20of%20hold%20status%20(Inactive%20mailbox%20or%20not).%20In%20your%20scenario%2C%20the%206%20months%20period%20already%20includes%20those%2030%20days.%20However%2C%20to%20still%20give%20you%20some%20time%20to%20recover%20data%20from%20the%20mailbox%20if%20needed%2C%20it%20will%20not%20be%20immediately%20deleted%20even%20if%20the%20hold%20expires.%20It's%20%22marked%22%20for%20permanent%20deletion%2C%20and%20will%20be%20deleted%20in%20the%20coming%20days%20(they%20haven't%20specified%20the%20exact%20period).%20The%20recover%2Frestore%20process%20is%20the%20same%20as%20for%20Inactive%20mailboxes%20though.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-160050%22%20slang%3D%22en-US%22%3ERe%3A%20Office%20365%20Security%20%26amp%3B%20Compliance%20Retention%20Policy%20and%20recovery%20times%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-160050%22%20slang%3D%22en-US%22%3E%3CP%3EMy%20own%20assumptions%20based%20on%20heavy%20googl...%20binging%3A%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EMailbox%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EMailbox%20will%20become%20Inactive%20Mailbox%20because%20of%20the%20Azure%20AD%20user%20account%20gets%20deleted%20and%20the%20mailbox%20is%20under%20org-wide%20retention%20policy.%20I%20assume%20the%20user%20removal%20is%20a%20change%20to%20mailbox%20and%20it%20will%20trigger%20the%20countdown%20of%206%20months%20as%20per%20org-wide%20retention%20policy.%20After%206%20months%20the%20hold%20no%20longer%20keep%20the%20Exchange%20Online%20from%20initiating%20the%20normal%20removal%20process%20of%20deleted%20mailboxes%20and%20the%20mailbox%20gets%20removed%20after%20the%20default%2030%20days%20mailbox%20retention%20period.%20So%20is%20it%20completely%20removed%20after%206%20%2B%201%20months...%20or%20is%20that%20default%20of%2030%20days%20included%20to%20the%206%20months%20already%3F%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3ESharePoint%20Online%2FOneDrive%20for%20Business%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EAfter%20the%20Azure%20AD%20user%20object%20get%20deleted%2C%20the%20OneDrive%20Clean%20Up%20Job%20runs%2C%20and%20the%20user%20profile%20is%20marked%20for%20deletion.%20The%20profile%20will%20be%20preserved%20in%20the%20database%20in%20a%20deleted%20state.%20The%20default%20retention%20period%20is%2030%20days%20but%20this%20value%20can%20be%20modified%20by%20using%20the%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%20class%3D%22uiterm%22%3E%3CSPAN%20class%3D%22text-base%22%3E-OrphanedPersonalSitesRetentionPeriod%3C%2FSPAN%3E%3C%2FSTRONG%3E%3CSPAN%3E%26nbsp%3Bparameter%20for%20the%20%3C%2FSPAN%3E%3CSTRONG%20class%3D%22uiterm%22%3ESet-SPOTenant%3C%2FSTRONG%3E%3CSPAN%3E%26nbsp%3Bcmdlet%20in%20the%20SharePoint%20Online%20Management%20Shell.%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EThe%20retention%20period%20for%20cleanup%20of%20OneDrive%20begins%20when%20a%20user%20account%20is%20deleted%20from%20Azure%20Active%20Directory.%20No%20other%20action%20will%20cause%20the%20cleanup%20process%20to%20occur%20including%20disablement%20of%20a%20user%20account%20or%20removal%20of%20a%20user%E2%80%99s%20license.%20The%20personal%20site%20(that%20is%2C%20the%20OneDrive%20for%20Business%20site)%20for%20the%20deleted%20account%20is%20sent%20to%20the%20site%20collection%20recycle%20bin.%20The%20site%20is%20deleted%20from%20the%20recycle%20bin%20according%20to%20the%20site%20collection%20recycle%20bin%20retention%20policy%2C%20which%20is%2090%20days.%20The%20site%20isn't%20listed%20in%20the%20site%20collection%20recycle%20bin%20user%20interface%20(UI).%20You%20can%20however%20confirm%20its%20presence%20by%20using%20the%26nbsp%3B%3CSTRONG%20class%3D%22uiterm%22%3EGet-SPODeletedSite%26nbsp%3B%3C%2FSTRONG%3Ecmdlet%20for%20the%20SharePoint%20Online%20Management%20shell.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3ESince%20the%20user%20is%20still%20under%20Retention%20Policy%20hold%20for%206%20moths%20the%20cleanup%20process%20can%20not%20proceed.%20Therefore%20the%20deletion%20will%20occur%20after%206%20months%20counted%20from%20the%20account%20deletion%20date.%20So%20I%20assume%20the%20answer%20would%20be%20either%206%20%2B%203%20months%20or%206%20months%20since%20the%2090%20days%20is%20included%20to%20that%20already.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E--%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EDoes%20%3CSPAN%3Esomeone%20know%20if%20the%20cleanup%20periods%20(in%20EXO%20and%20SPO)%20are%20initiated%20right%20after%20the%20retention%20hold%20ends%20(resulting%20extra%20retention%20of%201%20month%20for%20mailbox%20and%203%20months%20for%20OneDrive)%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3Eor%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3Ewill%20the%20default%20retention%20period%20happen%20while%20the%20data%20is%20on-hold%20and%20the%20complete%20removal%20will%20occur%20instantly%20after%20the%20retention%20hold%20ends%3F%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

Imagine the scenario where company has an Office 365 Security & Compliance Retention Policy with 6 months hold for all modified items and no deletion after the hold set to all O365 workloads (Skype, Exchange, Sharepoint, OneDrive…) organization-wide to all users. 

 

Now, while the policy is affecting, user “Jon Doe” account is deleted from Azure AD by removing the AD user object from the AADConnect sync scope. 

 

When will Jon’s Exchange Online mailbox data and OneDrive for Business data be completely deleted from the cloud to the point of no restore available?

2 Replies

My own assumptions based on heavy googl... binging:

Mailbox

Mailbox will become Inactive Mailbox because of the Azure AD user account gets deleted and the mailbox is under org-wide retention policy. I assume the user removal is a change to mailbox and it will trigger the countdown of 6 months as per org-wide retention policy. After 6 months the hold no longer keep the Exchange Online from initiating the normal removal process of deleted mailboxes and the mailbox gets removed after the default 30 days mailbox retention period. So is it completely removed after 6 + 1 months... or is that default of 30 days included to the 6 months already?

 

SharePoint Online/OneDrive for Business

After the Azure AD user object get deleted, the OneDrive Clean Up Job runs, and the user profile is marked for deletion. The profile will be preserved in the database in a deleted state. The default retention period is 30 days but this value can be modified by using the -OrphanedPersonalSitesRetentionPeriod parameter for the Set-SPOTenant cmdlet in the SharePoint Online Management Shell.

The retention period for cleanup of OneDrive begins when a user account is deleted from Azure Active Directory. No other action will cause the cleanup process to occur including disablement of a user account or removal of a user’s license. The personal site (that is, the OneDrive for Business site) for the deleted account is sent to the site collection recycle bin. The site is deleted from the recycle bin according to the site collection recycle bin retention policy, which is 90 days. The site isn't listed in the site collection recycle bin user interface (UI). You can however confirm its presence by using the Get-SPODeletedSite cmdlet for the SharePoint Online Management shell.

Since the user is still under Retention Policy hold for 6 moths the cleanup process can not proceed. Therefore the deletion will occur after 6 months counted from the account deletion date. So I assume the answer would be either 6 + 3 months or 6 months since the 90 days is included to that already.

 

--

Does someone know if the cleanup periods (in EXO and SPO) are initiated right after the retention hold ends (resulting extra retention of 1 month for mailbox and 3 months for OneDrive)

or

will the default retention period happen while the data is on-hold and the complete removal will occur instantly after the retention hold ends?

Your bing-fu yielded the correct results. Just to clarify on the Exchange scenario - the 30 days window is for the soft-deleted scenario. This is the recovery window for all mailboxes, regardless of hold status (Inactive mailbox or not). In your scenario, the 6 months period already includes those 30 days. However, to still give you some time to recover data from the mailbox if needed, it will not be immediately deleted even if the hold expires. It's "marked" for permanent deletion, and will be deleted in the coming days (they haven't specified the exact period). The recover/restore process is the same as for Inactive mailboxes though.