Teams Private Channels Reengineered: Compliance & Data Security Actions Needed by Sept 20, 2025
You may have missed this critical update, as it was published only on the Microsoft Teams blog and flagged as a Teams change in the Message Center under MC1134737. However, it represents a complete reengineering of how private channel data is stored and managed, with direct implications for Microsoft Purview compliance policies, including eDiscovery, Legal Hold, Data Loss Prevention (DLP), and Retention. 🔗 Read the official blog post here New enhancements in Private Channels in Microsoft Teams unlock their full potential | Microsoft Community Hub What’s Changing? A Shift from User to Group Mailboxes Historically, private channel data was stored in individual user mailboxes, requiring compliance and security policies to be scoped at the user level. Starting September 20, 2025, Microsoft is reengineering this model: Private channels will now use dedicated group mailboxes tied to the team’s Microsoft 365 group. Compliance and security policies must be applied to the team’s Microsoft 365 group, not just individual users. Existing user-level policies will not govern new private channel data post-migration. This change aligns private channels with how shared channels are managed, streamlining policy enforcement but requiring manual updates to ensure coverage. Why This Matters for Data Security and Compliance Admins If your organization uses Microsoft Purview for: eDiscovery Legal Hold Data Loss Prevention (DLP) Retention Policies You must review and update your Purview eDiscovery and legal holds, DLP, and retention policies. Without action, new private channel data may fall outside existing policy coverage, especially if your current policies are not already scoped to the team’s group. This could lead to significant data security, governance and legal risks. Action Required by September 20, 2025 Before migration begins: Review all Purview policies related to private channels. Apply policies to the team’s Microsoft 365 group to ensure continuity. Update eDiscovery searches to include both user and group mailboxes. Modify DLP scopes to include the team’s group. Align retention policies with the team’s group settings. Migration will begin in late September and continue through December 2025. A PowerShell command will be released to help track migration progress per tenant. Migration Timeline Migration begins September 20, 2025, and continues through December 2025. Migration timing may vary by tenant. A PowerShell command will be released to help track migration status. I recommend keeping track of any additional announcements in the message center.
SharePoint Retention - How have you applied it?
Hi all, I'm starting to look at retention in SharePoint. Currently using SharePoint as a document management system (replaced our drives) and one of the benefits was to utilise retention to avoid hoarding documents going back 20 years! So it would be great to hear how you have applied it and experiences with it: do your organisations staff have to manually tag the document or have you automated the retention label based on content type? do you have just the standard - after x years delete. Or do you have a review, i.e. untouched documents after 18 months will be pinged to the owner to confirm whether it should remain (and then stay for the remaining retention period) or whether it's no longer needed and can be deleted? Looking forward to hearing others experiences!Retention Policies set to delete files not working in SharePoint on new E3 trial tenant
I spun up an O365 E3 trial to do testing for a customer. I have created a few Retention policies (not labels) - the one that should be the most simple is not working at all: Delete after 2 days, based on last modified date Published to a single site I tried first to retain for 2 days and then delete, when that didn't work, I tried to just delete if it reaches 2 days, no retention at all. I've triple checked that the policy is applied to the site I'm working in. I created and uploaded files to the Libraries both before and after applying the policy the site, as well as 24 hours after publishing the policy. A week later, nothing has been deleted. Any ideas?
