How to Create Retention Policies for Microsoft Teams

I work with many legal and regulatory organizations that require no retention period for Microsoft Teams channels and their users’ chats. Other industries dictate that the information must be retained for 7 years while other customers don’t want to let go of any information and retain their chats indefinitely. This blog post will assist you with an overview, outline where the data is stored, considerations, pre-requisites, and how to implement retention periods within Microsoft Teams.

Overview

Microsoft Teams can utilize retention policies within Office 365 to define what data the user would like to retain and how long they would like to keep it for.  By default, these range from 5, 7, or 10 years.

Organizations often keep data for industry regulations or legal requirements to retain the data for a particular period. An example of this is Bill 198 in Canada or Sarbanes-Oxley in the United States that dictates particular data must be kept for a particular period of time; another example of this would be that tax returns must be kept for seven years.

Another example is around meeting GDPR requirements and organizations may want to reduce their risk in the event of litigation or security incidents by permanently deleting the data they are not required to retain.

Where is the data stored

Microsoft Teams chats and channel conversations are held in 1 of 3 places within Microsoft 365.  All information is stored within a Mailbox, however, these mailboxes have different RecipientTypeDetails attributes.

• GroupMailbox: This type of mailbox is used to store message data for Teams Channels
• MailUser: This type of mailbox stores message data for on-premises Teams users
• UserMailbox: This type of mailbox stores message data for cloud-based users

It’s worth noting that RoomMailbox, used for Teams conference rooms, is not currently supported for Teams retention policies.

Considerations

An increasing number of larger organizations are setting the policy to retain chat to 1 day and then delete the chat. One consideration is that setting private chat retention to a very low number is should force communication into the appropriate channels, however, the information sent via chat could be deleted before the messages are read. In addition, setting the retention period low could force users to leave Teams and its low retention policy settings as instant messages are not received, thus having an adverse effect required. Set the policy to something suitable to the impact of the exposure whist still ensuring that productivity is kept.

Another consideration is that when a user leaves the organization and their Microsoft 365 account is deleted, their chat messages are subject to the retention period and stored in an inactive mailbox. The chat messages remain subject to any of the rection policies set before the mailbox was made inactive. This means that the contents are available for an eDiscovery search.

There is also a limitation of using Outlook and Teams retention policies. Outlook can incorrectly display the default folder policy if a user were to view the properties of a mailbox folder within the Outlook desktop client.  This is incorrect and is a known issue.  Rather, the user should see the mailbox retention period policy that is applied to the folder – the Microsoft Teams retention policy is not set to the user’s mailbox.

Pre-Requisites

The global admin for the organization needs to create retention policies.  This role can create, edit, and ultimately delete the retention policies within the organizations.

How to Implement Retention Policies

1. Log into Office 365 Admin Portal
2. Visit the Microsoft 365 compliance center
3. Select Policies then Retention.