Data Retention For ex365 Employees 2024

Published 7 months ago5 min readOffice 365 Backup Solutions...

Data Retention for ex Office 365 employees will be the subject of today's article. There are a number of ways to handle backup retention and they certainly beat the bad old days of having to export a PST and store it on a local NAS device as part of the employees offboarding tasks.

I will discuss the various long-term data management options as well as the built in O365 retention settings in the compliance center of O365. I will also touch on how the built in Microsoft retention features fit into a long term Office 365 third party backup solution and if it's actually required.

As a secondary focus, I will also discuss how documentation can help IT consulting services manage and maintain data retention effectively as it specifically relates to this topic.

IT Documentation is also an essential aspect of the service provider industry whether it be data retention topics discussed here or the steps involved on how to restore an antiquated tape backup system you are still required to run so that others can easily recover data even if your tech staff do not have direct experience with tape based systems.

We have years of experience in working with service providers to document their processes and procedures and there is no area more important to a service provider than how their clients' backup and disaster recovery systems are documented.

Data Retention O365 - Export PST

I say it is the old way but there is nothing to stop you from incorporating this method as part of a total data retention process. Perhaps it is just having experienced that point in time where we exported PST files as part of the offboarding process that makes doing this feel like a warm security blanket, I am not sure. I just feel so much better seeing a folder of ex employees PST files sitting on a network attached storage device.

It boils down to having so much trust in the result as I have never in all the years ever had a backup PST file let me down. The downside of course is that not too long ago, the idea that employees would be bumping the 25GB storage limit that used to be in place was fanciful.

I bet these days, that's probably not even considered a large mailbox. The issue is that even with the improvement in storage technology, 25GB is still a large chunk to throw around and so I am not sure it is a practical step to take given the ease with which Microsoft offers built-in archiving for ex-employees mail files.

It is important to note that this on its own is a terrible solution and PST backup files are horrendously inefficient as far as any form of sharing over a network is concerned. They should be only used as a store and forget and not used on a regular basis. Even Microsoft recommends not using PST files for long term storage.

I think most of you would understand sharing a backed up PST file is a dreadful idea and about as smart as using the deleted items as a storage repository.

Data Retention O365 - Shared Mailbox

Another related data retention strategy and one that overcomes the need to move large mailboxes about is to convert it to a shared mailbox.

I used to do both, export to PST and create a shared user mailbox which is likely overkill but it was just so damn hard to wean myself off having that local copy within your own control even though it was probably more psychological than anything else. It also helped that we had a powershell script that automated this part.

Converting to a shared mailbox means that it no longer requires a license although there are a couple caveats with this:

The mailbox does not use more than 50GB of space.
The mailbox does not use in-place archiving.
The mailbox is not placed in litigation hold.

The benefit of creating a shared mailbox is that you can then apply active directory permissions as appropriate. You can also convert it back to an individual mailbox at a future point in time (requires an available license)

You must not delete the AD user account related to the original mailbox, just set it to disabled.

Strict Retention Policies

If your clients organization needs to adhere to a specific retention policy and a simple mail archive procedure or shared group mailbox is not permitted due to possibility of manipulation then there is a way.

Prior to deleting the Azure AD user:

Add the user to the relevant retention policy.
Specify the duration.
Delete the user's Azure AD account.
User is then converted to an inactive mailbox.
Users OneDrive is converted to inactive.

The ex employees Office 365 mailbox and OneDrive will be kept under the relevant O365 retention policy and their license will be returned to the license pool. By default, the in place policy will delete this information after 7 years.

Is Data Retention Necessary?

I was in I.T in the 90s and back then there were no formalized federal or state regulatory bodies dictating to various industries what they needed to hold onto.

That has all changed and data retention is an absolute necessity these days. If you are providing managed services to clients then you need to be on top of data retention as far as you need to ensure you engage with IT vendors that have it baked into their cloud backup application.

You still need to understand the basics and set up the appropriate retention rules but if you get that wrong and the client is required to produce information that has been deleted due to a setup that you handled then it could end up being an expensive legal issue.

If you select products such as Office 365 that have built in administrative controls that handle data retention then you only need to setup the parameters such as:

Regulatory Compliance
E-Discovery
Litigation Hold
Client Storage Requirements
Client Data Deletion Schedule

Are Backups And Data Retention The Same?

Yes and no, at its simplest definition, backups refer to the information that your client can recover at agreed upon points in time.

Data retention at its most simple is how long the service provider retains that information.

The more complex answer is no they should not be treated as the same because when it comes to information retention, it has a lot to do with the data staying immutable over time. That is a fancy way of saying that the information cannot be modified or manipulated.

The primary differences are more to do with the way each data set is used. Backups are used by the client in case they need to recover their information in a time sensitive fashion.

Information Retention or data retention is used to adhere to very specific regulations governing the industry your client belongs to. It has more to do with legal action and ensuring the client is able to produce immutable information when requested.

It also governs data destruction schedules to ensure your clients do not retain data for longer than the regulation allows. For that reason it is important to do both and ideally have multiple avenues to both recover information as well as adhere to retention of data.

Conclusion

Data retention is quite a complex area however there are products such as Office 365 as well as backup solutions like afi.ai that offer solutions that make up part of their application.

My recommendation is to evaluate backup products that make implementing the correct level of data retention and legal hold strategies an easier process than starting from scratch.

We have a number of other client based backup articles listed below that will provide you with more detailed information on a number of related topics:

https://optimizeddocs.com/blogs/backups/backups-client-index

Our team specializes in strategies for technical helpdesk organizations that assist in improving profit margins through standardization and consistent record keeping strategies, so you can be confident that our content is tailored to your needs.

Please feel free to explore our other articles and click on any that interest you. If you have any questions or would like to learn more about how we can help you with your documentation needs, please click the "Get In Touch" button to the left and we will be happy to assist you. Thank you for choosing us as your trusted source for technology documentation.