By: Brett Creasy & John Unice

Since the world’s shift to remote work, the use of workplace collaboration tools – which enable members of an organization to share information, work on documents, and communicate globally – has exploded. Microsoft Teams, an instant messaging and information sharing platform integrated into the Microsoft 365 (M365) suite of tools, is one such (very popular) platform.

While the commercial benefits of these tools can’t be questioned, the robust nature of teams also brings with it various risks: data volumes in teams can be voluminous; files of all types can be stored in the platform; and chats (by default) are stored indefinitely. These characteristics can have major implications whenever Teams data are needed for civil discovery or other legal demands. Fortunately, lawyers can add value to their clients/organizations by helping them proactively plan for teams’ inherent risks. Before an organization rolls out this tool, attorneys should consider working with the relevant stakeholders (usually IT or information security departments) to discuss the particulars of retention settings, data collection and user groups.

Retention Settings

By default, the messaging and attachment data in Teams chats are stored in the cloud indefinitely. this can increase the risk of potentially compromising or damaging information being stored beyond an organization’s retention policies that otherwise apply to corporate records, and of course can increase costs for data extraction, processing, review, and production. Automated deletion policies for Teams should be considered, in addition to policies across other platforms for the organization. Should automated deletion policies be implemented, the organization must also be mindful to consider the need to collect data relevant to legal holds or otherwise disable the autodelete feature, once a hold is issued. Even though Teams chats and channel messages (targeted messages using @) are stored in M365 Exchange, retention settings for these data sources can be configured separately from user or group mailboxes. Consider establishing corporate policies that treat such communication sources similar to, for example, Outlook email, where automated deletion cycles can be implemented for the inbox and folder environments. Special consideration must be given, however, to account for legal holds. If a custodian who is subject to, for example, a M365 litigation hold, departs the company and therefore has his/her account disabled, the user’s Teams data are converted into an inactive mailbox and retained indefinitely, unless the user is removed from the hold/retention policy before disabling the mailbox (in which case the user’s Teams data is deleted upon the account’s deactivation). So, care must be given to monitor legal hold responses and attorneys should work with IT/HR departments to enable notifications when custodians subject to a legal hold change roles or depart the organization. Finally, consideration should be given to the various forms of “holds” available within M365. The standard “litigation hold” prevents a custodian from deleting any content, whatsoever, including documents clearly not relevant to the subject hold. This will lead to over preservation and, ultimately, increased e-discovery costs. Other retention policies in M365 permit the user to delete data clearly not subject to one’s hold obligations.


Since Microsoft Teams is part of the M365 suite of tools, the data is stored in the same format as data in M365 email (sender, recipient, date and time, subject (which is left blank) and contents of the message). eDiscovery searching is performed in an eDiscovery portal that can be set up to search for all of the communications for a user or group. Date range, keywords and other data culling filters can be administered while searching within M365. However, when searching for key terms to respond to discovery or other legal demands, it is advisable to collect the subject user’s entire M365 account. And, while date filtering can be applied within M365 when collecting custodial data, it can often be more efficient, cost effective, and defensible to search using parameters in tools outside of M365, particularly where key terms may be modified as the investigation or litigation unfolds.

Teams Groups

Teams Groups can be created by any M365 user. Using M365’s administrative console, all groups to which a user belongs can be identified and the entire group’s data can be searched in the same manner that an individual user’s account is searched. Private groups are not discoverable to regular non-admin users; however, M365 eDiscovery Administrators can search across private groups. Consider establishing permission parameters around who can (and cannot) create groups.

Key Takeaways

  1. Consider implementing automated deletion policies for Teams, in addition to policies across other platforms for the organization. Also explore setting size quotas within a user’s Teams environment, to the extent permitted by the organization’s M365 license.
  2. If auto-delete settings are enabled, organizations must also be mindful to consider the need to collect data relevant to legal holds or otherwise disable to the autodelete feature, once a hold is issued.
  3. Consider implementation of corporate policies that categorize Teams communications as ephemeral/ temporary (similar to Outlook email).
  4. IT, legal, HR and business unit personnel should coordinate to monitor scenarios where custodians under legal hold change jobs or leave the organization.
  5. Aside from date-term restrictions, consider conducting key term searching for Teams content outside of the Microsoft environment.
  6. Consider the different retention settings available within M365 (litigation hold vs. retention policies), rather than solely defaulting to the litigation hold option.