Register for Semperis' Hybrid Identity Protection (HIP) Conference - June 30 - July 1 Register for Semperis' Hybrid Identity Protection (HIP) Conference - June 30 - July 1
Office|Office 365

Teams Adds to the Office 365 Compliance Story

Microsoft.com

Better Than Expected Compliance in Teams

I have criticized the support for compliance functionality in Teams and Planner in the past. Now, it seems that Microsoft is doing the right thing for Teams. However, Planner appears to be left behind, which seems to be its normal status.

In a recent blog post, Microsoft laid out the compliance features supported by Teams today and what their immediate plans are in this area. There is much to like here, including support for the new Office 365 data governance framework.

Chats and Conversations

People communicate in Teams through “chats”, or threaded conversations. Teams stores chats in a Teams data store hosted by Azure. Because the data store lies outside Office 365, the information is unavailable to the data governance framework.

The solution is to capture contributions into users’ Exchange Online mailboxes. As people contribute to chats, a process running in the “Office 365 substrate” (think of a mailbox assistant type process) logs contributions to conversations as mailbox items. In some respects, this is a similar approach to what happens when Exchange captures mailbox audit events in a hidden folder in user mailboxes.

Chats are captured as follows:

  • Group and 1:1 chats are captured in the mailboxes of the participating users. For example, if John and Pat have a 1:1 chat, copies of the chat are recorded in both their mailboxes.
  • Contributions made to a chat in a channel are recorded in the group mailbox belonging to the team.

In all cases, the mailbox items are created in a special hidden folder called Conversation History\Team Chat. This is a sub-folder of the Conversation History folder used to store copies of IM conversations for Skype for Business calls. Because the folder is intended to hold data for compliance purposes, clients like OWA and Outlook desktop do not expose the Team Chat folder to users.

Depending on load, the mailbox item is available soon after a user contributes to a conversation. In my tests, the time to create the mailbox items varied from a few seconds to a few minutes. Once captured in a mailbox, the chat is automatically indexed and discoverable by content searches.

To see how many items are in a user or group mailbox for team chats, use a command like this:

[PS] C:\> Get-MailboxFolderStatistics -Identity "Tony Redmond"| ? {$_.Name -eq “Team Chat”} | Format-Table Name, ItemsInFolder

Identity                                    ItemsInFolder
--------                                    -------------
Tony Redmond\Conversation History\Team Chat            29

The name of the hidden folder holding chat items varies with language. For instance, you would use “Discussion d’equipe” to check a folder for someone whose mailbox is configured to use French.

Note: From October 6, 2020, Microsoft changed the storage location for Teams compliance records. See this page for more information.

Searching Chats

You do not have to do anything special to include Team chats in content searches as they are scanned automatically when mailboxes are added as search locations. The same is true for the folders in the group document library holding Team Files, which are included in searches when the team site is a location. Figure 1 shows how Teams items show up in the preview for a content search.

Teams Chat Search
Figure 1: A contribution to a team chat shows up in a content search (image credit: Tony Redmond)

In this case, the search has found a contribution to a conversation in a channel. We know this because the item subject has the name of the team and the channel (Engineering Testers and Complaints) followed by a unique number. If the item belonged to a 1:1 or group chat, it would have an “IM” prefix for the subject. In both cases, the item type is IM rather than the normal “Email” for mailbox items.

Any in-place holds or litigation holds applied to the mailboxes holding team conversations apply to those items. In short, Exchange Online treats items captured for Teams conversations just like any other mailbox item.

Some Issues

Microsoft acknowledges that its compliance story for Teams is still imperfect. Among the known bugs are failure to capture chats with Bots, items created by Office 365 connectors to bring content into channels, and email sent to channels. Microsoft expects to fix these bugs soon.

Auditing Teams

In addition to capturing individual conversations, Teams records audit events such as the creation and deletion of channels, changing channel settings, and users signing into Teams. To see these events, go to the Search & Investigation section of the Security and Compliance Center, then select Audit log search, and then select which Teams events you want to view (Figure 2).

Teams Audit Events
Figure 2: Teams events show up in the Office 365 Audit Log (image credit: Tony Redmond)

Teams Get Better All the Time

In line with the fast pace they have generally used in developing the application, Microsoft has done a decent job to equip Teams for compliance. You might complain that no capture is possible to ensure compliance for voice and video conversations, but that is the same for Skype for Business too. As always, there is more work to do, but the good news is that Microsoft’s compliance story around Teams is solid. Now what about Planner?

Follow Tony on Twitter @12Knocksinna.

Want to know more about how to manage Office 365? Find what you need to know in “Office 365 for IT Pros”, the most comprehensive eBook covering all aspects of Office 365. Available in PDF and EPUB formats (suitable for iBooks) or for Amazon Kindle

Related Topics:

BECOME A PETRI MEMBER:

Don't have a login but want to join the conversation? Sign up for a Petri Account

Register
Comments (1)

One response to “Teams Adds to the Office 365 Compliance Story”

  1. Maciej Z.

    Hi Tony

    When we have scenario like this:

    1. There are no additional retention policies configured in EXO / O365

    2. Message in chat/channel is deleted.


    How long it will be possible to find this message is content search?

    Does it depend on "RetainDeletedItemsFor" parameter of mailbox?


    I am asking because I really cannot find this information anywhere.


    Thanks in advance

    Maciej

Leave a Reply

Tony Redmond has written thousands of articles about Microsoft technology since 1996. He covers Office 365 and associated technologies for Petri.com and is also the lead author for the Office 365 for IT Pros eBook, updated monthly to keep pace with change in the cloud.

Register for the Hybrid Identity Protection (HIP) Europe Conference!

Hybrid Identity Protection (HIP) Europe 2021 - Virtual Conference

Mobile workforces, cloud applications, and digitalization are changing every aspect of the modern enterprise. And with radical transformation come new business risks. Hybrid Identity Protection (HIP) is the premier educational forum for identity-centric practitioners. At the inaugural HIP Europe, join your local IAM experts and Microsoft MVPs to learn all the latest from the Hybrid Identity world.