Microsoft 365 Data Retention: A Guide to Retaining Configuration Settings in Office 365

Microsoft 365 Data Retention: A Guide to Retaining Configuration Settings in Office 365

By
November 27, 2023

Data retention in Microsoft 365 isn't just about ticking a few compliance boxes. It's a strategic lever that can help avoid costly mistakes and drive significant business value, if understood and managed correctly.

Microsoft 365's retention policies are a labyrinth of options and controls, each with its own implications for data security, operational efficiency, and cost management. Navigating this mess can be daunting, but it's essential for businesses to avoid regulatory pitfalls, safeguard their data, and streamline their operations.

This article will serve as your map, guiding you through the twists and turns of data retention in Microsoft 365. We'll dissect the retention policies of different applications and introduce you to tools that can automate the process. We will also share some advanced tips and tricks to help you manage your Microsoft 365 configurations and data, so let's dive in!

How Microsoft 365 Handles Data Retention

When you're using Microsoft 365, you're creating and storing a lot of data and configurations - emails, documents, spreadsheets, users, groups, policies, and more. But what happens when you delete something, or when your subscription ends? That's where data retention policies come into play.

Think of these policies as a safety net. If you accidentally delete a file or a setting, or if you need to retrieve data after a subscription ends, these policies determine how long that data remains in the system.

Microsoft takes a two-pronged approach to data retention: retention policies and retention labels. Together, they provide a granular but user-friendly way of managing your configurations and data across Office 365, Azure AD, Intune, OneDrive, SharePoint, Teams, Exchange Online, and more. Here's how that works:

  • Retention policies can be applied at a site or mailbox level, allowing for broad application of retention settings. These policies can be set to retain content forever, delete content after a specified period, or retain content for a certain period before deleting it. This flexibility allows organizations to meet their unique data management needs and regulatory requirements.
  • Retention labels offer a more granular level of control. They can be applied at the item level (folder, document, email), allowing different retention settings for different types of content. For example, one document in a SharePoint site might need to be retained for 5 years, while another might need to be retained for 10. Retention labels can handle this level of specificity.

Microsoft Data Retention Policy by Application

Retention policies in Microsoft 365 work with content in place, saving the additional overheads of creating and configuring additional storage when you need to retain content for compliance reasons. In addition, you don't need to implement customized processes to copy and synchronize this data. However, there are limitations to the time period for which the data and configurations can be retained. Here's an overview of Microsoft's retention policies by application or service:

Azure AD

Azure Active Directory (Azure AD) retains activity logs for 30 days. This includes sign-in activities and audit logs. However, for organizations that need to keep logs for a longer period, Azure Monitor can be used. Azure Monitor can store these logs for up to 2 years, providing a more extended data retention option for compliance and auditing needs.

Intune

Microsoft Intune, a cloud-based service in the enterprise mobility management (EMM) space, retains data until the user's license is removed. After license removal, data is kept for an additional 90 days before it's deleted. This policy allows organizations to recover data for a user if the license removal was accidental or if the user is reinstated.

Azure

Microsoft Azure's data retention policies can vary based on the specific service. For instance, Azure Monitor Log Analytics, a tool that collects and analyzes log data from Azure resources, retains data for 31 days by default. However, organizations can configure this setting to retain data for up to 730 days, depending on their specific needs and compliance requirements.

OneDrive

OneDrive retains deleted files in the Recycle Bin for 93 days, allowing users to recover files if they were deleted by mistake. For active users, OneDrive retains versions of files for 30 days. When a retention policy is applied, if users edit or delete content that's included in the retention policy, a copy of the content is automatically retained in the Preservation Hold library.

SharePoint

SharePoint retains deleted items in the Recycle Bin for 93 days. Versioning settings can be configured by the administrator, allowing organizations to keep track of and restore previous versions of documents. Similar to OneDrive, when a retention policy is applied to SharePoint sites, a copy of the content is retained in the Preservation Hold library if users edit or delete content that's included in the retention policy.

Exchange Online

Exchange Online, Microsoft's cloud-based email and calendaring service, retains deleted items in the Recoverable Items folder. This folder is a component of Exchange mailbox that is designed to allow users to recover items they have deleted. When a retention policy is applied, a copy of the content is automatically retained in the Recoverable Items folder.

Teams

Teams chat and channel messages are retained indefinitely by default, unless a retention policy is created to delete them after a specified period. When a retention policy is applied, a copy of the content is retained in a hidden folder named SubstrateHolds, which is a subfolder in the Exchange Recoverable Items folder. This policy ensures that even if users delete their Teams messages, a copy is kept for compliance and eDiscovery purposes.

Implementing Better Data Retention for Microsoft 365

Microsoft 365 offers built-in data retention mechanisms across its services, but these may not fully meet the needs of larger enterprises, particularly when it comes to backing up settings and configurations. The default policies are designed to cater to a broad range of users and may not align with the specific regulatory requirements, business needs, or risk management strategies of every organization.

Moreover, the built-in retention policies are primarily focused on user data such as emails, documents, and chat messages. They do not extend to system and configuration data, which are crucial for maintaining the operational continuity of an enterprise. If a configuration error occurs or if a setting is inadvertently modified, it can have a significant impact on productivity and business operations.

This is where custom data retention policies come into play. IT teams need to develop and enforce their own data retention policies that align with their specific business needs and regulatory landscape. These policies should not only cover user data but also system settings, configurations, and other operational data.

There are a number of ways to do this, including unofficial workarounds and third-party tools. For example, you can use PowerShell DSC to write custom scripts that integrate with Microsoft Graph API to pull configuration policies directly from Microsoft applications.

Then again, these workarounds are archaic, tough to implement, and often require significant overhead to maintain. A better way to implement a comprehensive data retention policy across Microsoft 365 is to use a no-code automation platform, such as Simeon Cloud.

Use Simeon Cloud to Automate Your Microsoft 365 Retention Policy

Simeon Cloud is a powerful tool that can help enterprises implement a foolproof Microsoft 365 retention policy using configuration-as-code technology. This technology allows IT teams to manage and control their Microsoft 365 configurations using a no-code UI, making it easier to automate, track, and replicate configurations across different environments.

Here's how Simeon Cloud can assist:

  • Audit & Backup: Simeon Cloud provides detailed audit trails of your Microsoft 365 environments, all viewable from a single pane of glass. This feature allows you to track changes, identify potential issues, and restore configurations to a desired state if necessary. This is particularly useful for implementing and managing data retention policies, as it provides a clear record of what changes have been made and when.
  • Baselines & Compliance: With Simeon Cloud, you can establish baselines for best practices, track drift, and align configurations to the desired state. This helps ensure that your data retention policies are consistently applied and maintained across your Microsoft 365 environment.
  • Monitoring & Reporting: Simeon Cloud enables holistic reporting on your Microsoft 365 environments and alerts you to changes before they become problems. This proactive approach can help you stay on top of your data retention policies and address any issues promptly.
  • Dev & Test Environments: Simeon Cloud allows you to sync configurations across your non-production and production environments, promoting lifecycle changes with advanced approval workflows. This ensures that your data retention policies are consistently applied across all environments.
  • Multi-Tenant Management: If you're managing multiple tenants, Simeon Cloud allows you to apply a single set of policies across all tenants for improved scale and standardization. This means your data retention policies can be uniformly applied, regardless of the number of tenants you're managing.
  • Application Packaging: Simeon Cloud allows you to reuse, edit, and deploy app packages between tenants and to multiple tenants in bulk. This can save countless hours of manual work and ensure that your data retention policies are correctly implemented across all applications.
  • Automated Provisioning: With Simeon Cloud, you can deploy Microsoft 365 environments from customizable templates with a single click. This improves scale, automation, and consistency, ensuring that your data retention policies are correctly and consistently implemented from the start.

Simeon Cloud provides a comprehensive solution for managing Microsoft 365 data retention policies for both enterprises and MSPs. Want to know more? Sign up for a free demo with our sales team!