The Office 365 Preservation Policy

Blog post: 3 minute read

For those who don’t know me, one of my areas of focus in the Office 365 Security and Compliance Center is Data Protection.

The Office 365 compliance feature I’ll discuss in this post is the Preservation Policy. A Preservation policy is a type of Retention policy and can be applied to standard Exchange mailboxes, SharePoint sites, OneDrive for Business sites as well as Office 365 Group mail and files.

What’s a use case for a Preservation policy? If an organization has a Legal Department,  for litigation and compliance reasons this feature could be deployed to preserve all activity from their site collection for 2 years after last modification. (Including all mailbox, SharePoint Online, Office 365 Group, and OneDrive for Business content)

DISCLAIMER: My walk-thru below covers only a SharePoint Online example.

I recommend downloading Microsoft’s recent white paper titled ‘Modernizing Enterprise Content Management with Microsoft Content Services’ to learn about Microsoft’s approach to what was traditionally referred to as Enterprise Content Management (ECM). ECM has undergone a drastic evolution in recent years to what will now be called Content Services. The four pillars of Content Services are: Harvest, Create, Coordinate and Protect.

Preservation Policies are part of the ‘Protect’ pillar.


#1 – Setting it up

Retention OptionPreservation policies are administered from the Security and Compliance Center in O365 via the Retention link under the Data governance section. A preservation policy is a type of retention policy.

Here is the official Microsoft link describing what a preservation policy is and when you might want to have one: Overview of preservation policies.

To comply with industry regulations or internal policies, organizations want to preserve content for a certain period of time. With a preservation policy in Office 365, you can preserve content in sites, mailboxes, and public folders indefinitely or for a specific duration.

Whether you’re applying the policy to a standard SharePoint Site Collection or a SharePoint Site Collection that is part of an O365 Group, the setup steps are the same. At a high level here are the steps:

  1. Navigate to your Security and Compliance Center. (https://protection.office.com)
  2. Under Data Governance … Retention … click New(+).
  3. Enter a policy name and description.
  4. Select how long you would like to retain the content and optionally if it should be deleted when the retention period has been reached. This can be based on when it was created or last modified.
  5. Optionally, you can choose to use advanced retention settings. This will allow you to configure some conditions to limit the preservation policy to specific content. As of the time of this writing, you can use sensitive information types or a keyword query to detect content containing specific words or phrases. Please refer to this post to do this – Keyword queries and search conditions for content search (KQL relies on the search index). Note: At the current time, you cannot use a SharePoint content type in the query however.
  6. Choose the locations you want the preservation to happen in: Exchange email mailboxes, Office 365 Groups, OneDrive and/or SharePoint documents.
  7. Include/exclude each mailbox and SharePoint site as required. Note: for SharePoint, you must provide the Site Collection URL and not a web URL.
  8. Optionally turn on preservation lock. This will make the policy locked preventing it from being turned off. This is what give O365 the SEC 1784 compliance certification!
  9. The policy will take up to 1 day to be deployed to all locations you have identified. Note: while the preservation policy is being deployed to all content sources, the status will be ‘Pending‘. Preservation will not start until the status is ‘On’.

Once preservation policies are added, you can view them in the Data governance section of the Security & Compliance Center within the Retention section. They will be listed in-line with retention policies created via a Retention label.

Important thing to know about a preservation policy is the end-user working with the content really has no idea the policy is in effect from a content editing perspective. They can continue to add/edit/delete content as they normally would, all the while the preservation policy is working silently in the background ensuring the content is being preserved in another location.

When I edit a document in a site with a preservation policy, it will allow me to edit the document, but adds an item into a special list created on the site called the Preservation Hold Library (/sites/yoursitename/PreservationHoldLibrary). It creates the list in the site (or subsite) you are making the change in and it only creates the list when it is required (I.e. the first time a change is made and an item needs to be inserted into the list, it will create the list if it doesn’t already exist). You must be a site collection administrator to see this list.

Here is the metadata on a Preservation Hold Library (I’ve highlighted the ones that are key to the preservation policy):

preservationholdlibrarycolumns


#2 – Policy is deployed… now what?

New Content

Any content added to the site after the preservation policy was put into effect will be preserved after deletion. Changes on new content aren’t copied to the Preservation Hold library the first time it’s edited, only when it’s deleted. (Unless you have versioning turned on)

For example, on my O365 group I uploaded a document (my resume in the screenshot below) after the policy was deployed. I made 2 separate edits (saved each time) and then deleted the document. Only after I deleted the document did these 3 items get added to the Preservation Hold library on the site.

itemsino365preservationlibrary


Existing Content

If an item exists at the time the policy was put into effect, the first time you make a change to the document it will insert an item into the Preservation Hold Library list. Subsequent edits on the document will not insert an additional item into the list, however if the document is ever deleted, all versions of the document will be inserted into the list as separate items.

For example, if this is the version history on a document at the time of deletion:

existingfileversionhistory

… when the document is first edited, a snapshot of the document and its metadata as it existed prior to the change is inserted as an item in the Preservation Hold Library list (the item identified as 12 minutes ago in the diagram below). Once the document is deleted, all previous versions are inserted as items into the Preservation Hold Library list:

preservationholdlibraryafterdeletion


#3 – Site Collection Lock

Once a preservation policy has been placed on a standard SharePoint site collection, you will see a lock icon next to the URL in the Site Collection list in the SharePoint Online Admin Center. This indicates the site cannot be deleted as it has a policy applied to it (shown below). For SharePoint sites provisioned with an Office 365 Group, you cannot see these sites listed below however the new SharePoint Admin Center (currently in preview) may show them – I will update this post once I test that out.

sitecollectionlockedediscovery


#4 – Removing a Preservation Hold

Content in the Preservation Hold Library list will be removed when one of three things happen:

  1. A policy administrator has changed the rules for what’s covered by the policy and the content no longer complies.
  2. The policy has been disabled.
  3. The policy end date has been reached and you have configured content to be deleted after it has. (Retaining for 2 years and 2 years has been reached)

If you’ve configured the policy to delete content after the preservation period, the retained content is not deleted immediately – this is done by a timer process.


#5 – Legacy features

If you had a legacy preservation policy defined, they will still continue to preserve the content in the Preservation Hold Library as described in an Office support article:

What happened to legacy preservation policies?

If you were using a preservation policy, that policy has been automatically converted to a retention policy that uses only the retain action – the policy won’t delete content. The preservation policy will continue to work and preserve your content without requiring any changes from you. You can find these policies on the Retention page in the Security & Compliance Center. You can edit a preservation policy to change the retention period, but you can’t make other changes, such as adding or removing locations.


SUMMARY

The preservation policy is part of the Protect pillar of Microsoft’s Content Services. It is clear Microsoft is serious about Data Governance across their entire suite of Office 365 services including Exchange, OneDrive for Business and SharePoint (including content in Group files and conversations) however the capabilities need to become more robust as the needs of organizations are wide and varied when it comes to compliance regulations.

Thanks for reading.

-JCK


Credit: Photo by Jon Moore on Unsplash

One comment

  1. This is EXCELLENT detailed information and VERY Timely for us at NGC. Thank you so much for drilling into this. We are looking hard at rolling out Teams (Groups) and it would be so wonderful and deeply appreciated if you did something just along these lines – but applied specifically to the GROUPS selection. We find the governance and preservation (and conversely deletion) of the Teams content in things like 1 to 1 chats, conversation channels and the like very confusing right now! I suspect others may have similar concerns too… Thanks for sharing and hoping to hear more from you!

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s