If you’re just starting your journey in Microsoft 365, or if you’ve never set it up, retention policies are very important. These policies are important to preserve data should it be deleted. Without a retention policy in-place, data will be unrecoverable after it’s removed from a user’s recycling bin or trash.
One important difference in the way that M365 handles retention versus some other cloud providers is that retention policies still apply after an account has been deleted. That means that data retained by a retention policy will stay after the owner’s account is removed.
As of this writing, organizations with M365 E5/A5 and E3/A3 licenses are licensed to use retention policies. See Microsoft 365 licensing guidance for security & compliance – Service Descriptions | Microsoft Docs for more details.
Create Retention Policies
To cover all M365 services, you will need to create two retention policies. The two policies are pretty much broken down into Teams and everything else. If your organization does not use Teams, you can disregard that section.
- Launch the Microsoft 365 Compliance Center by going to https://compliance.microsoft.com.
- Select Show All from the left navigation bar and select Information governance.
- Click Retention.
- Click New retention policy.
- Give your policy a Name, optional Description and click Next.
- Configure the retain and delete setting per your organization’s requirements. For a simple “keep things for 10 years” policy, just change the middle field to 10. Once configured, click Next.
NOTE: The “Retain content based on” box is important, especially when considering OneDrive and SharePoint. The policy can retain data based on file creation date, or last modified. Pay attention to this setting when creating the policy.
- Select the locations you wish to retain with this policy. I recommend enabling everything except Skype for Business (see SfB section at end of this post) and the last options for Teams (since Teams has to be configured separately). This will retain all data held within M365. Once your locations are configured, click Next.
- Click Create this policy to create the policy. Microsoft documents that it will take about 24 hours for the policy to be completely in effect.
Teams Retention Policy
To configure the retention policy for Teams, perform steps 1-8 from above. On step 7, disable all default options and enable the two Teams options.
Skype for Business
I recommend not enabling retention on SfB unless it’s absolutely necessary. There is a technical challenge in that you cannot select all users. So, in order to enable retention, you will have to manually enable it for all accounts either through the GUI or via PowerShell. You will also have to remember to enable it every time a new user account is created. This is impractical for an organization of any size. SfB is also going away in favor of Teams.
Disclaimer
All content provided on this blog is for information purposes only. Windows Management Experts, Inc makes no representation as to accuracy or completeness of any information on this site. Windows Management Experts, Inc will not be liable for any errors or omission in this information nor for the availability of this information. It is highly recommended that you consult one of our technical consultants, should you need any further assistance.
