As an Office 365 admin, there may come a time where you need to preserve message data. It is common for companies to have a requirement to keep all messages for a specific duration. It’s also possible that you are in a legal situation where you need to ensure data is available for legal reasons. Office 365 provides several methods to accomplish this task, each providing certain benefits.
A Preservation policy is one way to accomplish this task. The Preservation policy in Office 365 was designed to allow you to keep certain information in your tenant for a specified time period. A Preservation policy differs from eDiscovery in that it is a very general hold that is designed to hold the data for longer periods of time. eDiscovery is meant to hold messages for a specific purpose like a lawsuit and the data is generally purged once the need for it has passed. A Preservation policy is built using several settings to get the desired function.
The available locations for the policy are Mailboxes (email and Skype for Business conversations), SharePoint Online and OneDrive for Business sites, and All Public Folders. If either Mailboxes or SharePoint Online and OneDrive for Business sites are selected, we then have the options to select specifically which mailboxes or sites are included in the Policy. It is important to note that there is no way to include all mailboxes. You will have to manually add any mailboxes and sites you want included in the policy.
You can use a query to target specific data by using keywords and dates. To configure the policy to preserve all mailbox data, you can leave the query blank.
A Preservation policy allows us to define a specific duration to hold the data for. The policy has default options of Indefinitely, 10 years, 7 years, 1 year, 6 months, or a custom setting. All these settings are converted to days so 1 year is 365 days.
Finally, there is a Preservation Lock option. You should be very careful with this setting. Turning on the Preservation Lock will keep you from modifying or removing the policy. The only options that are available to a locked policy are to add users or extend the duration of the data preservation. Most people won’t need this functionality and it can be left off unless you know you need to utilize the lock to satisfy some requirements. For example, SEC 17-A4 places requirements on a messaging environment to hold messages for a specific duration, but it also states that data can’t be altered or deleted by anyone, even an administrator.
The policy can definitely be created and applied using PowerShell, but I think the GUI method easier so it’s my recommend approach. The policy can be created using the Security & Compliance Admin Center. Browse to Data Governance and then Retention to create a new Preservation Policy.
Name the policy and optionally provide a description of the policy.
Select the Office 365 locations that you want included in the policy.
If you selected Mailboxes or SharePoint sites, you need to include the specific mailboxes and/or sites you want the policy to apply to.
If you want to use keywords or a specific date range in the policy, they can be configured here.
Select the duration of the data preservation.
Ensure Preservation Lock is turned off.
Turn the Policy ON.
We are given the chance to review the policy to ensure everything looks correct before finalizing the new Preservation policy.
It can take a while for the policy to turn on completely. You can monitor it’s status from the Security & Compliance Retention page. Once the policy has been successfully put in place and turned on, the policy status will be listed as ON. At this point all message data that falls within the policy will be retained. Users can delete messages and purge them from the deleted items folder and the messages will still be available to an administrator for the duration specified in the policy.