“You gotta know when to hold ‘em, and know when to fold ‘em.”
These famous lyrics don’t just offer sound advice for card players. They give advice that you, as a legal or IT professional managing eDiscovery, should also heed. You need to know when to preserve data, and when to let it go—especially in Microsoft Teams.
If you kept every channel message, chat message, meeting recording, and file shared in the Teams platform, you’d run up your storage costs quickly, not to mention make it painful to find the data you need when you need it for litigation and compliance.
So, let’s take a deeper dive into why you need Microsoft Teams data retention policies. Then we’ll consider how you can set yourself up for a winning hand when it comes to Microsoft Teams eDiscovery as well as Teams governance best practices.
The golden rule of data retention is to retain data for only so long as necessary. But what’s necessary, of course, varies by both company and jurisdiction.
Problematically, the default data retention period in Microsoft Teams is indefinite.
You probably don’t want to keep all of your Microsoft Teams data forever. But, even if you do, Microsoft Teams data retention becomes a complex endeavor. Not only does Microsoft Teams cross over with other Microsoft services, such as SharePoint and OneDrive, but the platform also connects with a host of third-party apps.
It can be overwhelming to keep tabs on all the information you need to monitor, retain, and purge. But you must, or you’ll run into headaches when you need to find data in the future. Here are three important reasons that your organization must understand and control your Microsoft Teams data:
Now that you know why you need to set proper Microsoft Teams data retention periods, let’s talk about how you can go about preserving your data.
If you have an Office 365 E3 license, you’ll have access to retention policies that you can apply to Teams data. The default retention periods are five, seven, and 10 years. But, given the volume of chat messages alone in Microsoft Teams, it’s likely that you won’t want to adhere to these defaults. (Also note that global Office 365 policies won’t cover Teams. Microsoft Teams data retention policies apply to Teams data alone.)
The place to start setting Microsoft Teams data retention policies is the Microsoft 365 Compliance Center. There, you’ll be able to choose “Policies” from the menu, then click “Retention.” Next, choose “Retention policies” and click the plus sign for a “New retention policy.”
Then you’ll name and describe your policy and choose the locations where your new policy will apply. You can toggle the switches next to each location to turn the policy on or off. Next, you can choose the retention period for this collection of data.
You can keep things forever, retain items until they reach a certain age, or set a retention period anywhere from many years down to one day. You can also apply retention policies to specific users or teams in your organization. (Note that Microsoft Teams does not permit the use of retention labels that isolate data at the item level using keywords and other classifiers in other Microsoft applications.)
Where it gets complicated is that Teams will allow you to set multiple retention policies that apply to the same data. If that happens, Microsoft applies the rules following this hierarchy of data retention principles:
To put this into action, let’s say your organization has a policy that deletes all Teams channel messages after one day. But there’s another policy that says your organization will retain these messages for a month. Given the hierarchy above, the messages will stick around for two months before they are deleted.
Once established, you can disable a retention policy or turn certain retention locations on and off. If your organization must comply with strict preservation rules, such as those established by the Securities Exchange Commission with Rule 17a-4, which prevents you from turning off a retention policy or making it less restrictive once enacted, you can apply Preservation Lock. This feature prevents anyone in your organization, including administrators, from turning off or changing your retention policy.
Legal holds for Discovery differ from data retention policies, because they’re designed for a limited duration. And, unlike data retention policies, they typically have a narrower scope and don’t automatically delete content when they expire.
For Microsoft 365 and Teams, eDiscovery holds always take precedence over data retention policies. When you place a hold on sites and mailboxes associated with Teams, your content will be kept until you delete the hold. (Keep in mind that it may take up to 24 hours for the hold to take effect.)
You have two options for creating a hold in Microsoft 365: an infinite hold that puts all content in specific locations on hold or a query-based hold that covers only the content that matches your search. The Compliance Center is where you can set up the hold, under the eDiscovery and “Core” pages. From there, you can create a hold for specific locations or a query.
To create a location-based hold for Microsoft Teams, you first need to be aware of where your Teams content is stored. Here’s a brief summary:
There are a couple of reasons why you may want to think twice before relying on Microsoft Teams to meet your preservation and eDiscovery needs.
First, if you don’t have an Office 365 E3 or E5 license, you might have to upgrade to get the functionality described above. But if you’re a smaller organization or one that doesn’t use a lot of Microsoft apps, an upgrade can be a huge expense. In that case, it might be better to look for an add-on on a third-party eDiscovery solution that can manage data retention for you.
Second, you need to assess your appetite for risk. Though you have a lot of options for setting up retention policies in Teams, as you can see, these policies tend to be piecemeal. And because Teams stores documents in a variety of locations, it can be easy to miss a location and lose critical information that you might need for a matter. Plus, without the ability to use retention labels in Teams, important data may never make it into an eDiscovery hold.
In short, Compliance Center just doesn’t offer visibility into everything you need for a defensible approach to eDiscovery and data preservation. If you’ve optimized your policies and processes, you should also have a solution that maximizes your ability to preserve the data you need and strengthen your Microsoft Teams governance for the long haul.
Ready to level up your Microsoft Teams data retention? Check out all you can accomplish with our Teams connector today.