Microsoft 365 retention policy bug that looked like it led to data loss


11/2 Update: Per the post below this turned out to be a GUI bug only so no mailbox data seemed to be affected. So in this case, it was just a display error and the policy didn’t actually apply to mailbox data, which would have lead to expected data loss. This is a similar example of where native in-place retention holds are not meant to be a backup of data, like in the KPMG example where 145K users chat data was lost due to an admin error where the retention hold was released by mistake.

More info here: https://petri.com/teams-retention-bug-caused-heartburn

Original post:
I had a call with a very large client this AM and they noticed their Teams Retention policies were all changed to include “Exchange email”.

They are seeing this across multiple 365G tenants that they have and have been able to reproduce it. It’s also been relayed that Microsoft is seeing this at other organizations too, so this isn’t a one off issue. At this client, they had the polices set to “Teams channel message” and “Team chats” only, which were set to DELETE messages after 1 day.

Note: This client had a 1 day Teams message deletion policy, this is not a default in 365. There are no default message or item deletion policies in 365, so if you don’t have any deletion policies the impact of this issue is probably minimal if at all.

These polices are now showing “Exchange email” also included and the slider to disable it is grayed out, so the 1 day delete seems to be applying to all mailbox items. They aren’t seeing messages disappear yet but are fearful (rightly so) that they might soon.

They have reproduced this issue, after creating a Teams messages only policy and applying it to recipients. When they go back in, it has “Exchange email” selected. I haven’t been able to reproduce yet. I don’t have a 365G tenant access so this might be limited to GCC tenants, but have a MVP friend who does and he wasn’t able to reproduce it so there is probably some other factors at play here.

As of 10/29/2020 1:45 PM MT, Microsoft seems to have frozen Teams related retention policy edits and hopefully deletion polices from being applied incorrectly.

There are two notifications, one for Teams and the other for Exchange:
Related incident notifications in M365 Admin Center: https://admin.microsoft.com/adminportal/home#/servicehealth?message=TM225382&shdlinksource=IncidentMail

This is yet another example of the need for 3rd party data protection for your data in Office 365, covered in this blog post: Using Commvault for Exchange & Exchange Online for Items/. Commvault can protect data in Exchange, SharePoint, OneDrive, and Teams*. (* Team support is limited to data stored in the other application currently, which covers all files and a compliance copy of chat messages). For another example, this one: KPMG lost 145K user’s chat data due to retention policy change mistake.

Text of these notifications:

TM225382: Admins are unable to modify or add Microsoft Teams retention policies in the Microsoft Teams admin center, Microsoft Teams
Start time: October 29, 2020 1:45 PM

User Impact: Admins are unable to modify or add Microsoft Teams retention policies within the Microsoft Teams admin center.

More Info: Impact is limited to Microsoft Teams admins who are attempting to create a new retention policy or makes an edit to a previously applied policy. Existing established retention policies aren’t impacted.

Current status: We’ve identified an issue preventing admins from creating or editing Microsoft Teams retention policies in the Microsoft Teams admin center. We’re investigating our next troubleshooting steps for remediating impact.

Scope of impact: This issue may potentially affect any of your admins attempting to modify or add Microsoft Teams retention policies in the Microsoft Teams admin center.

EX225368: Admins may see Microsoft Teams retention policies unexpectedly update to Exchange Online policies, Exchange Online
Start time: October 29, 2020 10:49 AM

User Impact: Admins may experience Microsoft Teams retention policies unexpectedly updating to Exchange Online policies.

More info: Impact is limited to Exchange Online admins who are attempting to create a new retention policy or makes an edit to a previously applied policy. Existing established retention policies aren’t impacted.

Current status: We’re developing a fix which is designed to correct a code issue that was introduced by the recent service update.

Scope of impact: This issue may potentially affect any of your admins that manage Microsoft Teams retention policies.

Root cause: A code issue that was introduced by a recent service update is causing Microsoft Teams retention policies to unexpectedly update to Exchange Online policies.

This entry was posted in Exchange, MS Teams, O365, Technical and tagged , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s