OneDrive and SharePoint Information Governance

Anonymous
2022-01-31T19:50:34.817+00:00

Hello everyone, we are just starting to kick tires on OneDrive and SharePoint libraries which sync with OneDrive. We're a HIPAA compliant organization and it is a requirement that our data be retained for 10 years. Currently we use a file server and a Barracuda backup solution which has this retention set. Done.

With the introduction of OneDrive, we can no longer rely on our on-premises backup solution, so I am turning to M365 for a solution. I've found the Microsoft 365 compliance page out of the admin center and "Information Governance" seems to contain "Retention Policies". So far so good.

These policies can be enabled for SharePoint and OneDrive..
169939-image.png

Moving along we get to this screen which is a bit confusing. 10 years is here, good. When items were last modified, good. Delete items automatically.. Hmm.. All items? I would expect the only items to be deleted were those that were deleted by the end user and then aged 10 years. Does this really mean that it will delete everything after 10 years? Whether the file is deleted or not?
169993-image.png

Furthermore, when an item is deleted by an end user, but hasn't reached the end of retention, how is an admin to locate this file?

This doesn't really seem like a replacement for a backup solution. I see that SharePoint has a recycle bin and files have "previous versions" by default. Any other options for backup or is this what you get built in?

Regards,
Adam Tyler

Not Monitored
Not Monitored
Tag not monitored by Microsoft.
25,277 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Vasil Michev 66,011 Reputation points MVP
    2022-02-01T08:40:13.01+00:00

    The option you have selected above will indeed delete all items after the 10y period has lapsed, as in the retention has ended and now you "dispose" (get rid of) the items. If you don't want items to be automatically deleted, select the "Do nothing" option. This way, only items that have been deleted (either deliberately or by mistake) will get disposed of after the 10y retention period ends. There is also an option to trigger a "disposition review" after the period lapses, so that no item is deleted unless a designated person within your organization confirms the deletion first.

    As to where to find such items, the answer is Preservation Hold Library. Read here for details: https://learn.microsoft.com/en-us/microsoft-365/compliance/retention-policies-sharepoint?view=o365-worldwide