Real World Lesson On The Importance of Governance in Microsoft 365

Posted by: Allison Roney on August 28,2020

This is my face when I read about the KPMG error deleting user’s private chats in Microsoft Teams.  For those who aren't familiar with the KPMG story 145,000 of the global user personal Teams chats were deleted.

As a Microsoft 365 consultant, this is seriously my worst nightmare. I’m going through a new process for the first time, in this case trying to remove a retention policy from a single user account, and then suddenly I’ve deleted all our user conversations. Oh, and I don’t remember my locker combination AND I’m late for work. Yikes.

So, what happened, and how can we all learn from this mistake and not repeat it?

Well even IT people are human, and humans make mistakes, so no matter what we do this sort of thing COULD happen to anyone. That’s why it’s important to revisit our retention policies occasionally (often?) and cover our butts!

When creating any retention policy, it’s important to first understand where the data lives. In Microsoft Teams, personal chats are treated differently than the Team and meeting chats. The personal chat data is stored in a hidden folder in their Outlook mailboxes, like the Conversation History folder of yore. Therefore, the retention policies that apply to Teams personal chats are part of the Exchange Managed Folder Assistant (MFA). When The policy runs, it removes the chat data from the hidden Teams Chat folder, then syncs with the server and removes the data from the Teams client application.

These retention policies can apply to all users or specific users just depending on how you configure them. As we have learned from KPMG’s mistake, it can be really easy to accidentally apply a policy to all users instead of one, so let’s walk through this process just to make sure we’re all on the same page.

Here’s where we’re going: Admin center > Compliance > Policies > Retention.

We’re going to create a new Retention policy called “Teams Personal Chats.”

Picture1

Let’s say we want to delete ALL user chats after 1 month from the date it was sent. Except, maybe we want admins (or managers, or HR or whatever) to be exempt.

Picture2

We ONLY want this to apply to the personal chats in Teams, so we de-select everything else. We want it to include ALL users except Admins, so we update the “All” and “None” options to reflect that. By default, this policy will apply to all. I believe this is where KPMG probably stumbled.

Picture3

Picture4

When you set up a policy like this, you can either choose the employees it applies to, or the employees excluded from it.

Picture5

Just think of it this way: if this policy is applied to 31 out of 33 users, then the 2 users are excluded even though the excluded area is empty.

Picture6

Review the policy settings and create it. Notice that it will run upon completion and delete any data that meets the criteria. This data is GONE gone, as we learned, and will not be recoverable or discoverable moving forward.

Picture7

And there you have it, a policy that will delete the personal chats from the hidden Outlook folder and the Teams client for all users except the administrators specified.

May the odds be ever in your favor!

 

 

 

 

 

 

Topics: Governance, security, Microsoft Teams, Microsoft 365

Subscribe Today!

Recent Posts

Categories