INTEGRATIONS

DLP/Threat
Prevention

Task
Management

Recording

MDM/UEM

Microsoft Teams retention policies: capabilities and limitations

The volume and complexity of data that companies generate in communication platforms such as MS Teams and store in the cloud are increasing every day. In this article, we will cover all about taking the critical step of creating retention policies and protocols to delete unnecessary content and avoid problems.

Table of contents:

1- What are retention Policies and why do you need to implement them?

2- How to set retention policies in MS Teams

3- The need for data retention and the special case of contact centers

4- Microsoft’s retention policy's limitations

5- AGAT’s solution 

1- What are retention Policies and why do you need to implement them?

Today, organizations use communication platforms to share and manage vast amounts of data, with ever-increasing volumes of messages and attachments containing information about customers, employees, transactions, strategies, and more.

An approach of “keeping everything” is outdated and virtually impossible given the constant growth of records, the costs related to storing, and the risks of having sensitive information exposed. The best thing to do is to take a proactive approach: identify and label the information that must be deleted, and set retention policies in place.

A retention policy is a key part of the data lifecycle, it describes how long a business needs to keep a piece of information (chats, documents, statements, invoices), where it’s stored, and how to dispose of records when it's time.

Having control over your content is important to:

  • Comply with regulations and internal policies that require you to retain content for a minimum period of time.
  • Delete content as required by contracts with third-party collaborators.
  • Reduce legal exposure by deleting old content that could become a liability or put you at risk of security breaches.
  • Help your business productivity with an uncluttered platform, keeping only content that’s current and relevant for employees.
  • Avoid exceeding storage limits and reduce storage costs.

2- How to set retention policies in MS Teams

MS Teams supports retention policies for chat and channel messages so that admins can decide whether to retain data and prevent permanent deletion, delete it, or retain it for a specific period of time and then delete it. By default, MS Teams chat, channel, and data will be retained indefinitely.

The place where you can set data retention policies for MS Teams is the Microsoft Purview Compliance Portal. There, you have to choose “Data lifecycle management” from the menu, then “Retention policies”. Next, choose “New retention policy”, select your scope, complete your desired configuration and save your settings.

jJGxVCgL4kOYCUsEYsntbMFsMwrfCwMrU7xSCPtsdDg nmkSOksh3 sY3UwVSog0aS3pwhYhgxSN19Wjqn qqxl8Kvb2KjJl8oq6eZ4ququYpkRv 3icKSRn96Frk73O

Retention policies can be set up for all Teams messages. It is also possible to configure separate retention policies for private chats and messages from standard or private channels. They can also be applied only to specific users or teams in the organization. 

The start of the retention period will always be based on when a message was created. Keep in mind that if you use retention policies to delete data in Microsoft Teams, messages will be permanently and irreversibly deleted from all storage locations on the Teams service and in the backup folders on Exchange.

3- The need for data retention and the special case of contact centres

Setting retention policies to manage the span and life cycles of enterprise data is one of the most important steps any company can take if it seeks to address enhanced consumer privacy, compliance, data protection requirements, and more.

Regulatory authorities have an eye on how businesses manage data stored in the cloud, and their directives, specified in compliance regulations such as GDPR, HIPAA, PCI DSS, and more can easily become too much to handle. 

As organizations classify information, they must ensure data retention policies align with compliance and legal restrictions. Also, they must consider pre-existing contractual needs that will shape data retention schedules.

Contact Centers, no matter how big or small, are complex businesses that need to take their strategy for data lifecycle management very seriously. This is because they generate lots of sensitive data about customers every minute that could, if not managed correctly, become a liability. 

Also, call centres usually work as third-party providers, so they get the responsibility of managing data that isn’t their own. In this case, a single contact centre that provides services to many businesses faces the challenge of having to set up different retention policies to meet each client’s specific needs as defined in every contract they engage in. 

For example, one contractor may state that messages between employees and customers must get deleted within a short period of time, like three months, or immediately upon customer request to comply with regulations. 

But that is just a start, real-life retention policies are even more complex, with different periods of time depending on the kind of communication. This is what they can look like:

p4VTaTkRk 5mJr5hjsiKM3c0xpmudX89rEEUqWEkwJKqSTVtcDNRr

4- Microsoft’s retention policy's limitations 

To address such scenarios, retention periods in MS teams could be used and set to be as short as 24 hours for both chat and channel messages. However, users have found that depending on server load it can take from 72 hours to seven days in some cases before chat and channel messages get deleted, a very serious compliance issue.

Failing to properly delete content not only puts the safety of customers’ most sensitive information at risk but can also make businesses face sizable fines and damage their reputations.

5- AGAT’s solution 

With AGAT’s SphereShield messages can be deleted immediately, and they won't be viewable even to the sender. Also, messages can be automatically deleted based on customizable parameters such as date, groups of users, keywords, and more. 

z0kwqZlfFMP dYGDvWFzxE3kBFh98oW L3ttRFBomn1nZt7knCcfbSIshgw5qxNexDwYZLdJRNu8DKI4iRSWLTEo3qqUUNcz VbB1FPumqzdmxy77szW5XUTvXNwRttGBeDf4e2zAIIYMaM1TSUSxJ8vX n3u MV RbhnPZN 0aXFcTMPUE68ftQ

AGAT offers configuration capabilities to classify data precisely, make better protocols of deletion and avoid compliance missteps; all this within an interface easy to operate by any user.

Contact us today to learn more. One of our experts will get back to you as soon as possible.

Subscribe


Category Post

Categories

Latest Posts

INFORMATION BARRIERS AND EXTERNAL MEETINGS 

In this article, we’ll talk a bit about how our Information Barriers can help your company during external meetings to avoid information leaks.

Read More
The Importance of Audio DLP for Microsoft Teams and Webex

Businesses are gradually discovering the value of being able to track audio discussions as workplace collaboration environments get more complicated. Regulators have also raised their expectations for governance and compliance standards in DLP discovery for Microsoft Teams and Webex.

Read More

Get a Free Trial

Sign-up for a free trial and demo with a SphereShield expert

For support please login to our support portal.

GET IN TOUCH

Har-Hotzvim Hi-Tech Park, Jerusalem, Israel
+972-2-579-9123

AGAT

ABOUT US

AGAT is an innovative software provider specializing in security and compliance solutions. AGAT’s award-winning flagship product - SphereShield, is a leading solution providing control of data and activities for Unified Communication (UC) & Collaboration services.
SphereShield AI RegTech capabilities analyze messages, files, audio and video for policy enforcement required by regulations such as FINRA, GDPR, HIPAA & MiFID II. It enables real-time content inspection addressing Data Leak Prevention (DLP), Ethical Wall as well as Anti Malware and eDiscovery requirements. SphereShield’s  conditional access capabilities and AI-based risk engine features add significant security improvements to on-prem or cloud UC service.

© 2013-2022 AGAT ALL RIGHTS RESERVED

NEWSLETTER  SINGUP


linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram