Security & Compliance – Microsoft Teams Retention & eDiscovery - Part 1 - Netwoven

Security & Compliance – Microsoft Teams Retention & eDiscovery – Part 1

By Steve Andrews  |  Published on October 6, 2020

Security & Compliance – Microsoft Teams Retention & eDiscovery

Microsoft Teams has an astonishingly steep take-up/adoption curve with the current remote workers situation. Teams is referred to a “The Hub of Office 365” by Microsoft – bringing many different services, content, repositories, and applications into one single modern application.

Security Assessment and Solutioning with Microsoft 365 Security and Compliance Center

Teams fits neatly into the Office 365 ecosystem and enables a rich, powerful, collaboration experience – both inside your organization and outside with vendors and other organizations – as you can see below:

Security Assessment and Solutioning with Microsoft 365 Security and Compliance Center

So, what happens when you get served a Subpoena which includes a Document Request? Lawyers are getting savvy. It used to be a Document Request for emails. We have such a rich diverse range of collaboration tools at our fingertips, these Document Requests demand ALL content that John Doe has access to or worked on/with across your whole organization.

Teams Data

This can cause anxiety for CSO’s and Legal departments. If our fictious John Doe was a Microsoft Teams user, what do we need to retain and hold his data? Where is that data? How long do we need to keep it for? How do we keep it and how do we retrieve it?

Let us look at where the data is stored for the various systems that feed into Teams:

SharePoint SiteOneDrive for Business siteExchange Group mailboxExchange User mailboxExchange Phantom Group mailboxAzure Chat service
Files Stored across all Teams libraries

Files shared in Group conversations

Wiki and OneNote
Files shared in a 1:1 or Group chatTeams channel conversationsTeams 1:1 and Group chats

Call participation summary

Meeting participation summary
Team 1:1 and Group chats between guest usersTeams 1:1 and Group chats

As you can see above, if our fictitious colleague John Doe used Teams, how do we get a grasp around the data and what sort of policies do we need to create at a minimum to retain it?

You may also like: Learn how to proactively identify and protect your sensitive information

Retention Policies

Firstly, let us do a little background on “Retention Policies” – there are two kinds:

Retain data: Use a retention policy to ensure that your data is retained for a specified period, regardless of what happens in the user application. Data is retained for compliance reasons and is available for eDiscovery until the retention period expires, after which your policy indicates whether to do nothing or delete the data.

Delete data: Use a retention policy to delete data to ensure that it is not a liability for your organization. With a Teams retention policy, when you delete data, it is permanently deleted from all storage locations on the Teams service.

So legal requests aside for a moment, having Retention Policies in place at any organization has a lot of excellent side effects, such as:

Comply with industry regulations and internal policies that require you to retain content for a minimum period of time—for example, the Sarbanes-Oxley Act might require you to retain certain types of content for seven years.

Mitigate risk in the event of litigation or a security breach by permanently deleting old content that you are no longer required to keep.

Help your organization to share knowledge effectively and be more agile by ensuring that your users work only with content that is current and relevant to them.

Once you have determined the longest amount of time a governing body requires you to keep data, we can start to plan which policies are needed in which environment and also what (if anything) do we want to happen after the policy expires – keep or delete?

Security Assessment and Solutioning with Microsoft 365 Security and Compliance Center

Teams requires a retention policy that is separate from other workloads – you must create specific retention policies for Teams chats and/or channel messages. For this reason, you cannot include Teams in org-wide retention policies.

Security Assessment and Solutioning with Microsoft 365 Security and Compliance Center

As you can see above, as well as creating Retention Policies for Teams, we also need to for Exchange, SharePoint, and OneDrive for Business and soon Yammer (in preview).

Let us put together a full list of the policies that we’d need to Retain John Does data:

Retention Policy for SharePoint

Needed to cover:

  • Files in Teams

Retention Policy for OneDrive for Business

Needed to cover:

  • Chat files

Retention Policy for Teams

Needed to cover:

⦁ Teams Chats
⦁ Channel Messages

Download the Datasheet to learn more about Netwoven’s Information Protection and Compliance service.

Download the Solution Brief to learn how Netwoven’s solution proactively identifies and protects your sensitive data.

In Part 2, we will go through the creation and deployment of these policies together.

By Steve Andrews

Steve has more than 25 years of experience specializing in Microsoft Cloud, Infrastructure, & Security. He recently joins us from AdaptiveEdge where he was the Director of Cloud Platforms and help build the practice with 11 practitioners in the Southern California. He also has worked at other Microsoft Solution providers - Prosum as the Microsoft Practice Director and Perficient Inc. as the Consulting Manager & Sr. Technical Architect. Steve has developed go to market strategies as well as architected many Microsoft Cloud Security solutions, managed global Intune deployments, Teams deployments & migrations, Azure Site Recovery (ASR) and data center migrations to Azure.

Leave a comment

Your email address will not be published. Required fields are marked *

Unravel The Complex
Stay Connected

Subscribe and receive the latest insights

Netwoven Inc. - Microsoft Solutions Partner

Get involved by tagging Netwoven experiences using our official hashtag #UnravelTheComplex