Data retention in Microsoft 365 isn't just about ticking a few compliance boxes. It's a strategic lever that can help avoid costly mistakes and drive significant business value, if understood and managed correctly.
Microsoft 365's retention policies are a labyrinth of options and controls, each with its own implications for data security, operational efficiency, and cost management. Navigating this mess can be daunting, but it's essential for businesses to avoid regulatory pitfalls, safeguard their data, and streamline their operations.
This article will serve as your map, guiding you through the twists and turns of data retention in Microsoft 365. We'll dissect the retention policies of different applications and introduce you to tools that can automate the process. We will also share some advanced tips and tricks to help you manage your Microsoft 365 configurations and data, so let's dive in!
This article covers:
When you're using Microsoft 365, you're creating and storing a lot of data and configurations - emails, documents, spreadsheets, users, groups, policies, and more. But what happens when you delete something, or when your subscription ends? That's where data retention policies come into play.
Think of these policies as a safety net. If you accidentally delete a file or a setting, or if you need to retrieve data after a subscription ends, these policies determine how long that data remains in the system.
Microsoft takes a two-pronged approach to data retention: retention policies and retention labels. Together, they provide a granular but user-friendly way of managing your configurations and data across Office 365, Azure AD, Intune, OneDrive, SharePoint, Teams, Exchange Online, and more. Here's how that works:
Retention policies in Microsoft 365 work with content in place, saving the additional overheads of creating and configuring additional storage when you need to retain content for compliance reasons. In addition, you don't need to implement customized processes to copy and synchronize this data. However, there are limitations to the time period for which the data and configurations can be retained. Here's an overview of Microsoft's retention policies by application or service:
Azure Active Directory (Azure AD) retains activity logs for 30 days. This includes sign-in activities and audit logs. However, for organizations that need to keep logs for a longer period, Azure Monitor can be used. Azure Monitor can store these logs for up to 2 years, providing a more extended data retention option for compliance and auditing needs.
Microsoft Intune, a cloud-based service in the enterprise mobility management (EMM) space, retains data until the user's license is removed. After license removal, data is kept for an additional 90 days before it's deleted. This policy allows organizations to recover data for a user if the license removal was accidental or if the user is reinstated.
Microsoft Azure's data retention policies can vary based on the specific service. For instance, Azure Monitor Log Analytics, a tool that collects and analyzes log data from Azure resources, retains data for 31 days by default. However, organizations can configure this setting to retain data for up to 730 days, depending on their specific needs and compliance requirements.
OneDrive retains deleted files in the Recycle Bin for 93 days, allowing users to recover files if they were deleted by mistake. For active users, OneDrive retains versions of files for 30 days. When a retention policy is applied, if users edit or delete content that's included in the retention policy, a copy of the content is automatically retained in the Preservation Hold library.
SharePoint retains deleted items in the Recycle Bin for 93 days. Versioning settings can be configured by the administrator, allowing organizations to keep track of and restore previous versions of documents. Similar to OneDrive, when a retention policy is applied to SharePoint sites, a copy of the content is retained in the Preservation Hold library if users edit or delete content that's included in the retention policy.
Exchange Online, Microsoft's cloud-based email and calendaring service, retains deleted items in the Recoverable Items folder. This folder is a component of Exchange mailbox that is designed to allow users to recover items they have deleted. When a retention policy is applied, a copy of the content is automatically retained in the Recoverable Items folder.
Teams chat and channel messages are retained indefinitely by default, unless a retention policy is created to delete them after a specified period. When a retention policy is applied, a copy of the content is retained in a hidden folder named SubstrateHolds, which is a subfolder in the Exchange Recoverable Items folder. This policy ensures that even if users delete their Teams messages, a copy is kept for compliance and eDiscovery purposes.
Microsoft 365 offers built-in data retention mechanisms across its services, but these may not fully meet the needs of larger enterprises, particularly when it comes to backing up settings and configurations. The default policies are designed to cater to a broad range of users and may not align with the specific regulatory requirements, business needs, or risk management strategies of every organization.
Moreover, the built-in retention policies are primarily focused on user data such as emails, documents, and chat messages. They do not extend to system and configuration data, which are crucial for maintaining the operational continuity of an enterprise. If a configuration error occurs or if a setting is inadvertently modified, it can have a significant impact on productivity and business operations.
This is where custom data retention policies come into play. IT teams need to develop and enforce their own data retention policies that align with their specific business needs and regulatory landscape. These policies should not only cover user data but also system settings, configurations, and other operational data.
There are a number of ways to do this, including unofficial workarounds and third-party tools. For example, you can use PowerShell DSC to write custom scripts that integrate with Microsoft Graph API to pull configuration policies directly from Microsoft applications.
Then again, these workarounds are archaic, tough to implement, and often require significant overhead to maintain. A better way to implement a comprehensive data retention policy across Microsoft 365 is to use a no-code automation platform, such as CoreView.
CoreView is a powerful tool that can help enterprises implement a foolproof Microsoft 365 retention policy using configuration-as-code technology. This technology allows IT teams to manage and control their Microsoft 365 configurations using a no-code UI, making it easier to automate, track, and replicate configurations across different environments.
Here's how CoreView can assist:
CoreView provides a comprehensive solution for managing Microsoft 365 data retention policies for both enterprises and MSPs. Want to know more? Sign up for a free demo with our sales team!