Blog Viewer

IG Considerations for M365 and Teams: Chat Retention and Archiving

By Brian Donato posted 14 days ago

  

As many organizations move to MS Teams in a constantly evolving M365 ecosystem, there are many IG concerns that need to be considered. You need to make sure the guardrails are in place before, and after, opening the doors. This entry in our blog series, specifically explores MS Teams chat retention and archiving.  Some people may think of chat retention and destruction as “Mission: Impossible”.  Read on to find out if those people are right or just a bit off base.

What is Chat in Microsoft Teams

Many of you reading this article already know that Teams support a private chat and  channels.  In Microsoft Teams, teams are groups of people brought together for work, projects, or common interests. Teams are made up of two types of channels — standard (available and visible to everyone) and private (focused, private conversations with a specific audience). Each channel is built around a topic like Litigation Strategy or Discovery.[1] Private chat, on the other hand is used for 1 to 1 or 1 to many conversations.  Like a channel, a private chat can contain a file repository, which will host files that have been attached to chat messages.

Most organizations agree that channel messages should be retained for some period because they have business value and could be part of the record.  However, there is some debate on how to treat chat messages.

How Do You Position Chat?

There are two schools of thought on how treat chat messages.  In one school, let’s call it the Torcher school, chats are spurious messages, akin to speech that, ideally, should disappear rapidly after the words are formed.  Students in this school would suggest that nothing substantive should be discussed over a chat and would typically advocate for no archiving and quick deletion.  Torchers love the “this tape will self-destruct in 5 seconds” approach.

For those students in the other school, let call it the Sorter School, chat is another communication medium which appeals to certain generations, and/or personality types.  In this school, the medium is not the message.  That is to say, the content of a given message or group of messages is what determines if that message is worthy of retention and/or archiving, not the simple fact that it is a chat. In this way, it is similar to email.  Sorters would rather save some chat messages, and delete others.

You must decide which school your firm is in, or if it is somewhere in between Torchers and Sorters.  Unfortunately, native Microsoft 365 retention policies and the chat mechanism itself may present obstacles. For example, while a technology consumer can “save” a chat in a way that, in essence, bookmarks it, it can’t be moved to a different container to preserve it. Such a function that would be very useful if your firm wanted to allow substantive chats to end up in a sanctioned repository, like your Document Management System.  Microsoft 365 has powerful capabilities to apply tags to content and then apply retention based on those tags.  Unfortunately, as of this writing, tags cannot be applied to Teams content (and I do mean “as of this writing” – Teams is changing constantly.)

Where do Chat messages end up?

As covered in previous blogs, Microsoft Teams stores content all over Microsoft 365.  For example, behind the scenes, Exchange mailboxes are used to store data copied from chat messages. Data from Teams chats is stored in a hidden folder in the mailbox of each user included in the chat[2]. Files, which may be attached to a chat message, are stored in the poster’s OneDrive for Business and are shared with people in the conversation.[3]

What are your retention options?

In Microsoft 365, retention policies are set up via the compliance center.  From the compliance center, you can navigate to policies and select Retention.  A retention policy can be set up to act against a variety of Microsoft 365 repositories, but if you set up a policy for Teams, that policy will only be applied to Teams.

A Teams retention policy will allow you to retain content, delete content or both.  Microsoft offers some powerful options to retain chats, or have them available for litigation hold purposes.  The following items can be retained for compliance reasons: Embedded images, tables, hypertext links, links to other Teams messages and files, and card content. Chat messages include all the names of the people in the chat, and channel messages include the team name and the message title (if supplied)[4].

The policy can be set to only retain items, to retain items then delete them at the end of the retention period, or to only delete items at the end of the retention period[5].  Note that the retention options retain a chat even if the technology consumer modifies or deletes it.  This article has a nice diagram that explains how this function works.  If you choose to set up a policy to retain chat items, you control how long an item is retained, and whether to start the retention period based on creation date or modified date of the chat item. 

When a policy is set up, it can be applied to the all chats across the Teams instance, or only to specific user accounts.  Additionally, Microsoft 365 will automatically suspend deletion for content that is covered by a litigation hold.

As you can see, Microsoft has powerful tools to support the Torcher School of thought, allowing chats to be deleted at soon as 1 day after they are created.  Unfortunately, Microsoft does not yet provide the more nuanced tools for teams that would support the Sorter’s school of thought.

Considerations for external users.

Firms that decide to allow external users to participate in chats have additional retention/destruction considerations.  If the external user joins by using a guest account in your firm’s tenant, their chats will respect the retention and destruction policies you set up and apply.  However,  If an external user joins by using an account from another Microsoft 365 organization, your retention and destruction policies can't delete messages for this user because they are stored in that user's mailbox in another tenant[6].

Conclusion?

Chat in Microsoft Teams is often one of the most widely utilized features.  Conversations during meetings, outside of meeting, and perhaps even with people outside of the firm happen on a regular basis.  You must wrestle with how valuable or substantive that chat content is, understand (or set) expectations for how long a chat message will live, and construct retention/destruction policies and procedures to enact your firm’s position on chat.  Microsoft provides excellent tools to enact the Torcher school of thought, but firms that lean more towards the Sorter school of thought will find obstacles, and may have to rely on some manual procedures.

Good luck, Jim [7]

 

[1] Overview of teams and channels - Office Support (microsoft.com)

[2] Learn about retention for Teams - Microsoft 365 Compliance | Microsoft Docs

[3] File storage in Teams - Office Support (microsoft.com)

[4] Learn about retention for Teams - Microsoft 365 Compliance | Microsoft Docs

[5] Create and configure retention policies to automatically retain or delete content - Microsoft 365 Compliance | Microsoft Docs

[6] Learn about retention for Teams - Microsoft 365 Compliance | Microsoft Docs

[7] For those that only, know about Mission Impossible from the Tom Cruise movies, check out Mission: Impossible (1966 TV series) - Wikipedia


#SecurityProfessionals
#Security
#ServerOperationsandSecurity
#InformationGovernanceorCompliance
1 comment
35 views

Permalink