Native Mode Yammer Networks Generate Office 365 Compliance Records

Slow Progress Towards Office 365 Compliance and Data Governance

For years, I have been mildly to harshly critical of Yammer’s inability to march in the same step as the rest of Office 365, particularly in data governance and compliance. Much has been promised, but the delivery has been slow, even in Microsoft’s self-proclaimed “Year of Yammer.”

In any case, Yammer networks migrated to Native Mode for Microsoft 365 generate compliance records using much the same approach as taken for Teams. Enabling eDiscovery fulfils one of the commitments made by Microsoft at the Ignite 2019 conference. Let’s explore how things happen.

Yammer Compliance Records and eDiscovery

The Microsoft 365 substrate is a common repository for information drawn from across Office 365. Among the data are compliance records created by the substrate when transactions occur in applications. Teams and now Yammer use the substrate for this purpose and store the compliance records created for their messages in folders in Exchange Online mailboxes.

Teams stores its compliance records in the Team Chat sub-folder of the Conversation History folder. It took a little while to discover where Yammer stored its compliance records in the group mailbox, but I eventually found a folder called Yammer (naturally) in the non-IPM part of user and group mailboxes. This example uses the Get-ExoMailboxFolderStatistics cmdlet to examine folders and report what it finds in the Yammer folder.

Get-ExoMailboxFolderStatistics -Identity 2436066f-6a96-47f0-8571-1cfe4f6bb655 -Folderscope NonIPMRoot -IncludeOldestAndNewestItems | ?{$_.Name -eq "Yammer"} | Format-Table Name, ItemsInFolder, NewestItemReceivedDate

Name   ItemsInFolder NewestItemReceivedDate
----   ------------- ----------------------
Yammer            20 1 Apr 2020 12:12:17

Note: From October 6, 2020, Microsoft changed the storage location for Teams compliance records. See this page for more information.

Creating Yammer Compliance Records

When someone posts a message to a Yammer community, the Microsoft 365 substrate copies the message and posts it into the Yammer folder in the group mailbox belonging to the community. Multiple compliance records are generated for each message in a conversation.

Apart from the compliance record stored in the group mailbox, another copy is created in the Yammer folder of the personal mailbox of everyone involved in the conversation. It’s like how Teams handles the capture of messages in personal chats combined with an additional capture into the group mailbox.

It’s probable that all the copies are captured to make sure that Yammer conversations can be discovered if searches are conducted against individual mailboxes or on a broader basis. In any cases, the compliance records in mailboxes are indexed and available to eDiscovery, which is what matters.

Yammer Private Messages

Compliance records are also captured for Yammer private messages. In this case, a copy of each message is created in the Yammer folder in each mailbox of the conversation participants.

Searching for Yammer Compliance Records

Let’s walk through an example of finding a Yammer compliance record with an Office 365 content search. Figure 1 shows a post to a Yammer community. You can see that the title contains the words “Confusing world.”

Image 1 Expand
Yammer post
Figure 1: A post to a Yammer community (image credit: Tony Redmond)

If we run an Office 365 content search and look for the same phrase, the search finds the item (in fact, several copies are found for the reasons explained above). Figure 2 shows the preview items unearthed by the content search. We can see from the subject that the item is probably the one that we want.

Image 2 Expand
Yammer Office 365 content search
Figure 2: An Office 365 content search finds a Yammer conversation (image credit: Tony Redmond)

Currently content search preview doesn’t support Yammer compliance records, so to make sure, we need to download the item and have a look.

Examining Yammer Compliance Items

Compliance records are stored in Exchange mailboxes as mail items, so when you download the item, the file an email message that can be opened by Outlook (Figure 3). Notice that the link in the message text is present both in the message and as an attachment. The wrapping in the message body is a little off, but that wouldn’t matter too much to an eDiscovery investigator.

Image 3 Expand
Yammer compliance item in Outlook
Figure 3: A copy of a Yammer compliance item open in Outlook (image credit: Tony Redmond)

If GIFs or embedded images are posted in Yammer conversations, the compliance records store links to the GIF or image (stored on Yammer.com) which can be downloaded if needed. Likes for conversations are not captured in compliance records. This is a problem shared with Teams that is probably connected to how the substrate copies compliance records to mailboxes. I suspect that the issue won’t be solved until Microsoft creates a cross-Office 365 approach for capturing compliance records from workloads.

Yammer Email Notifications Also Discoverable

Yammer sends users notifications by email about conversations they haven’t seen. These messages also turn up in content searches and can be used by investigators to detect information they’re looking for in eDiscovery cases.

The chance now that a Yammer conversation will be missed during an eDiscovery investigation is slight. If it happens, it’s probably because the investigators use a bad search query.