Digital collaboration is moving fast, and no one knows this better than Microsoft Teams. Launched in 2017 and currently sitting at 270 million users, Teams has quickly become the hub for workplace collaboration in thousands of enterprises. But as organizations increasingly meet, collaborate, and automate their work in Teams, the business requirement to properly control and secure data while it’s being accessed, changed, and shared broadly is getting more difficult.
So, we’ve got to ask: is your organization successfully implementing strong Teams governance?
Governance can help maximize the value and minimize the risk of not only your Teams data, but data spread across the entire Microsoft 365 environment, especially given its tight integrations with OneDrive, SharePoint, and other tools.
The modern data estate
Corporate data is often stored in multiple locations, including both virtually and geographically. A global research survey conducted by Splunk revealed that 55% of an organization’s data is dark, meaning it’s unused, unknown, and untapped. This makes it nearly impossible for organizations to protect that data, close exposure gaps, comply with regulatory requirements, or even manage access controls.
For data to fuel digital transformation, it must be:
- readily discoverable,
- of high quality, and
- used in compliance with corporate, regulatory, privacy, risk, and ethical standards.
This is why more organizations are beginning to wrangle in their data by establishing a data estate.
A data estate is the infrastructure to help companies systematically manage and utilize all of their corporate data, regardless of where it’s stored. It can be developed on-premises, in the cloud, or a combination of both. Data estates tend to be less costly and more efficient than data warehouses, which weren’t traditionally designed to incorporate the explosion of new unstructured data types (messages, tickets, collaboration content, transcripts, video, and more) at the rate and volume we’re seeing today.
Data in Microsoft Teams
Teams is most known for its chat capabilities, but the platform also offers online meetings, video conferencing, webinar hosting, phone calling, and seamless integrations with the rest of the Microsoft Suite, including popular apps like Excel, Outlook, and OneDrive. On top of all this, Teams also has the ability to connect to third-party apps for companies with a more diverse tech stack.
But while the platform’s functionality can be accessed from a single interface, its data is another story.
Where is Microsoft Teams data stored?
Teams is built on Microsoft’s cloud platform, Azure. Azure allows users to build, scale, and run applications on-premises, in the cloud, or across hybrid models. Teams uses Azure storage to create what’s called the “Teams substrate” — think of this as an underlying storage layer that captures all of the data that makes up Teams (i.e. chats, video, voice, etc.).
Here’s a visual representation of how Microsoft Teams data is stored within different Microsoft apps:
With data stored across the entire Microsoft ecosystem, managing risk, compliance, and governance of Teams data can be overwhelming, to say the least. And while knowing where Microsoft Teams data is stored is useful, this is just the first step. What comes next is finding out what data can be retained and for how long. The solution?
Enter: Microsoft Purview.
What is Microsoft Purview?
Formerly known as Microsoft 365 Compliance Center, Microsoft Purview is a data governance solution that helps manage and govern your on-premises, multi-cloud, and software-as-a-service (SaaS) data. It essentially combines the former Azure Purview and Microsoft 365 Compliance portfolio, giving users centralized access to data discovery and governance features.
With Microsoft Purview, you can:
- Create a unified data map across your entire data estate
- Make data easily findable by using a glossary with business and technical search terms to aid data discovery
- Gain actionable insights into your organization’s data estate, catalog usage, adoption, and processes
- Enjoy in-place data sharing and easy provisioning of data access
Aside from its governance solutions, Microsoft Purview also brings together compliance and risk management from Microsoft Security, so users can manage regulatory compliance and end-to-end data risks in one place.
Microsoft Purview for data discovery
Microsoft Purview offers three eDiscovery solutions to search for content across your M365 data sources:
1. Content search
Content search enables users to search for content across M365 apps. Once the content is surfaced, users can then export the search results to a local computer.
2. eDiscovery (standard)
The standard eDiscovery solution builds on the basic search and export functionality of Content search by enabling users to create eDiscovery cases, assign eDiscovery managers to specific cases, associate searches and exports with a case, and place an eDiscovery hold on relevant content locations.
3. eDiscovery (premium)
If your organization has an Office 365 E5 or Microsoft 365 E5 subscription (or related E5 add-on subscriptions), you can utilize Microsoft’s premium eDiscovery solution. This solution builds on the existing capabilities offered in eDiscovery (standard) but provides users with an end-to-end workflow to identify, preserve, collect, review, analyze, and export responsive content. Legal teams can also manage the entire legal hold notification workflow to communicate with custodians involved in a case.
Note: If you’d like to conduct a Microsoft Teams eDiscovery investigation using any of the tools above, follow these steps.
Governing Microsoft Teams data in Microsoft Purview
When it comes to improving governance of your Microsoft Teams data, Microsoft Purview is a good place to start. A crucial part of strong governance is configuring retention and deletion settings, and by now most of us know the golden rule of data retention is to retain data for only as long as necessary. What’s necessary, of course, will vary by both company and jurisdiction.
However, the default retention period in Microsoft Teams is indefinite. Assuming you don’t want to hang on to your Teams data forever, it might be a good idea to head into the Microsoft Purview compliance portal and configure some policies.
The tricky part? You can set more than one retention policy for the same content. If that happens, Microsoft applies the following retention principles:
Note: While Microsoft Purview offers multi-stage retention, Microsoft Teams does not support using retention labels that isolate data at the item level using keywords and other classifiers in other Microsoft apps.
What content is retained in Microsoft Teams?
Teams supports retention policies for chats, channel, and private channel messages. Additionally, you can retain the following metadata:
- Embedded images, tables, hypertext links, links to other Teams messages and files, and card content.
- Names of people in chat and private channel messages. Channel messages include the team name and message title (if provided).
Because Teams data is stored within different Microsoft apps, emails and files shared over a Teams chat or channel message aren’t included in retention policies. These items may have their own retention policy with a separate expiration date from the message. When this happens, the message and file preview may still show in Teams, but if you attempt to open the file, you’ll receive a “File not found” error message.
Note: Code snippets, recorded voice memos, thumbnails, announcement images, and reactions (emoji) from others are also not retained when you use retention policies for Teams.
What about retention for other M365 apps?
A disadvantage to governing your data in Microsoft Purview is its limited ability to streamline data retention across the Microsoft Suite. All Microsoft apps need their own retention configurations separate from Teams.
To learn how to set a retention policy for apps other than Teams, check out this article.
Microsoft Teams data retention best practices
Chat and channel messages in Teams are perhaps the most critical pieces of data. When preserved strategically, Teams chat and channel messages can provide the context needed to meet future discovery needs, offer insight into employee sentiment, and help with internal investigations.
The start of a retention period is always based on when a message is created. Retention policies for Teams can be applied to your entire organization or specific users and teams. Kick your Teams governance up a notch with these retention best practices for chat and channel messages.
- Assign different retention policies for channels vs. private chats
Think about the nature of channels versus private chats. While channels are generally home to standard project-management content, there tends to be greater liability risk with private chats as there’s an unknown element. Because of this, we recommend assigning different retention policies to specific users, teams, or channels.
- Control the availability of chat and channel messaging features
You can also set messaging policies in the Microsoft Teams admin center. Admins can use messaging policies to control which chat and channel messaging features are available to Teams users.
To view the full list of messaging policy settings you can configure, see here.
- We recommend turning the following settings on:
- Let owners delete messages that users send in the chat
- Let users delete messages they’ve already sent in the chat
- Let users edit messages they’ve already sent in the chat
- The ability to use Gifs and add a content rating of unrestricted, moderate restrictions, or strict adult content
- The ability to use memes
- The ability to use stickers
- The ability to create audio messages
What about legal holds?
Legal holds for discovery differ from data retention policies because they’re designed for a limited duration. Unlike retention policies, legal holds typically have a narrower scope and don’t automatically delete content when they expire. Legal holds in Teams allow you to preserve all data associated with an entire team or select users. When an entire team is placed on hold, all messages exchanged in those teams (including private and shared channels) can be discovered by the organization’s compliance managers or Teams admins.
Note: For M365 and Teams, legal holds always take precedence over data retention policies. When you place a hold on sites and mailboxes associated with Teams, your content will be kept until you delete the hold. (Keep in mind that it may take up to 24 hours for the hold to take effect.)
To place a Microsoft Teams user or team on legal hold, see here.
Where does Microsoft Purview fall short?
Between data discovery, retention, legal hold, archiving, and search, many elements go into successful Teams governance. Unfortunately, Purview’s functionality and Microsoft’s complex architecture simply don’t allow for optimum visibility into it all. Plus, without the ability to use retention labels in Teams, you could be missing out on capturing critical data.
Not to mention, unreliable indexing and search, fragmented retention policies, and a complex user experience are leading organizations to consider centralized solutions, like Onna, to manage and control not only their M365 data, but data from their other workplace applications, like Zendesk, Confluence, and Slack.