Teams Private Channels Reengineered: Compliance & Data Security Actions Needed by Sept 20, 2025
You may have missed this critical update, as it was published only on the Microsoft Teams blog and flagged as a Teams change in the Message Center under MC1134737. However, it represents a complete reengineering of how private channel data is stored and managed, with direct implications for Microsoft Purview compliance policies, including eDiscovery, Legal Hold, Data Loss Prevention (DLP), and Retention. 🔗 Read the official blog post here New enhancements in Private Channels in Microsoft Teams unlock their full potential | Microsoft Community Hub What’s Changing? A Shift from User to Group Mailboxes Historically, private channel data was stored in individual user mailboxes, requiring compliance and security policies to be scoped at the user level. Starting September 20, 2025, Microsoft is reengineering this model: Private channels will now use dedicated group mailboxes tied to the team’s Microsoft 365 group. Compliance and security policies must be applied to the team’s Microsoft 365 group, not just individual users. Existing user-level policies will not govern new private channel data post-migration. This change aligns private channels with how shared channels are managed, streamlining policy enforcement but requiring manual updates to ensure coverage. Why This Matters for Data Security and Compliance Admins If your organization uses Microsoft Purview for: eDiscovery Legal Hold Data Loss Prevention (DLP) Retention Policies You must review and update your Purview eDiscovery and legal holds, DLP, and retention policies. Without action, new private channel data may fall outside existing policy coverage, especially if your current policies are not already scoped to the team’s group. This could lead to significant data security, governance and legal risks. Action Required by September 20, 2025 Before migration begins: Review all Purview policies related to private channels. Apply policies to the team’s Microsoft 365 group to ensure continuity. Update eDiscovery searches to include both user and group mailboxes. Modify DLP scopes to include the team’s group. Align retention policies with the team’s group settings. Migration will begin in late September and continue through December 2025. A PowerShell command will be released to help track migration progress per tenant. Migration Timeline Migration begins September 20, 2025, and continues through December 2025. Migration timing may vary by tenant. A PowerShell command will be released to help track migration status. I recommend keeping track of any additional announcements in the message center.
Data Lifecycle Management for Documents outside M365 environment
Hi everyone, Is there a way that purview can be used to manage Data lifecycle management for documents that are stored on-prem and not in the M365 scope ? I remember that Lifecycle management including retention labels are only valid when they are applied withing the 365 environment. If not directly with purview, what can be other methods withing M365 to achieve this ? Thanks
Deleted Users
Hi all, We have E5 Compliance licenses. I've been asked to set a retention policy of five years just for current employees. If I use a Static scope of all users for the retention policy, what happens when a user leaves. So after the deleted user is soft deleted then hard deleted, are their associated retained emails also deleted. I know we can use inactive mailboxes and legal holds if we want to keep the email, but just wondering about what happens if we don't.what happens to data that has a retain-only retention policy in an expired group?
We are looking into deploying group expiration. If we apply a retain-only retention policy (say, for 5 years) to data, and the group in which that data resides becomes dormant and expires prior to the 5 year mark, is the data retained, then deleted at the five-year mark?Calling all experts in retention labels!!!!
Hello experts, For those who are guns with retention policies and labels I have a challenge for you! In all scenarios I have encountered I can clear a retention label from a document, then delete. This is a problem - in my environment a document always needs a retention label. Context: I operate in a heavily regulated environment, all documents created/uploaded in SharePoint Online are considered records, and require a retention label to be applied (a 'record' requires disposition, thus requiring the retention label). There are different types of records; so there are multiple retention labels published to a location (two are published through a retention label policy, and the default label is done through an auto-apply retention label policy). If I clear the retention label from a document then delete, the document sits in the preservation hold library with no retention label (the auto-apply policy does not 're-label' the document in that location later) - this is a problem. If I create a document, then delete it before the auto-label policy labels the document (up to 7 days), the document sits in the preservation hold library with no retention label (the auto-apply policy does not label the document in that location) - this is a problem. I've tried using a published label as the default label for the document library (via library settings > Apply label to items in this list or library) - I can still clear the label (the option is available when more than one label is available - see below). How can I ensure a retention label is always applied to a document (AND have multiple retention labels available for selection)???? Any insights appreciated.
Best way to auto apply retention labels to all files in a M365 group
What I want to achive. Teams are created thrue a script/power auomate. The Teams generated follow a name standard and always start with XA-"Random numbers" I want to apply retention labels to all the Teams that start with XA-. Should I incorporate this in the Teams creation script, so when the Team is created I apply the labels using PowerShell? Is there any other way to achive this in a good way? I want to retain the team and all the files in it from x amount of years to protect from deletion.
