Data Retention, Compliance, and Litigation Holds
We recently revamped our data retention policies and now I need to set up everything in M365. In the past, we would enable litigation hold under the user's account. Since that only does email, that is not enough. We are now drastically shortening our retention policy and it's critical that all data for a user is accessible if they were brought into a litigation issue. So if we were subpoenaed, I would "freeze" the users data and then it would be possible to search if we were required 1/2/3 months down the road. Is the best way to do this by starting an eDiscovery search and placing everything on hold but not searching for anything? Then, if we were required to search the account, I would edit that eDiscovery hold to include specific queries? Or maybe I would create a "Litigation Hold" retention policy outside of the new default one that would hold their data indefinitely? That seems like a pain to exclude the user and then add them to the other and probably not efficient. Looking for advice from anyone who does this a lot as Microsoft gives a ton of options.. which is great, but it makes it difficult to know the best way when handling critical data.
Microsoft Data Retention and Destruction
Our compliance team has requested we shorten our retention policy on data. From the numerous sys admin jobs I have had, I have never had to deal with this because we typically had a 10+ year retention policy. So all of this new to me and I wanted to ask for some best practices and advice. We are to set up yearly purging of emails from the previous year and to wipe all Teams' chats past 30 days. We are setting up exclusions for certain people. To those who have experience, what is the best way to set this up in the Microsoft Environment? We are not an E3 or E5 customer so the Purview options I see are not an option. ThanksSharepoint / Azure Storage Best Practices
Hello - We are buying a company and beginning to look at bringing all resources in. 2 old systems they have will be replaced with what we are currently using, leaving around 5 TBs of data that will need to be queried every 3-6 months or so. We do have hardware on prem where we could just throw it on there and save on costs but Sharepoint or Azure may be best if the cost is not too high. Our current Sharepoint library has all company documents and we have 2 TBs free of 4 TB. So I guess that isn't the best option. Next would be Azure? Azure cold or archived? I am not too familiar with that. In the end, we want to have this data accessible whenever it would be needed (compliance or audits, for example) but do not want to spend a ton. If on prem is the best option, we are OK with that too.
10 Year Audit Log Policy Retention take 12 months to become effective
I was super excited to hear that the 10 year audit log was coming. We signed up and implemented it straight away. HOWEVER... we then found out that the 10 year audit log will only apply to event generated after the point the policy is generated. Meaning there is no way to retain any audit logs for 12 months AFTER the policy is created. To say that this is a terrible way to apply a retention policy would be an understatement. PLEASE PLEASE PLEASE allow us to apply retention policy to existing events in the current audit log and not force us to wait 12 months for the policy to take effect.Retention Policy Duration for Deleted Files
If we have a retention policy applied to a users mailbox that is configured to be based on modification date, (not retention) for 7 years. Does the act of deleting the email count as a modification? or if I modified an email 6 years ago and I then delete does it remove the email in 1 year (6+1)? or does it remove it 7 years after it was deleted?
