15th May 2022 saw the start of my first IRMS Conference.  Having attended many Information Technology (IT) conferences in the past, I was excited to experience my first conference in the Information Governance (IG) space.  I was also looking forward to presenting my session “Governing Teams Data – It’s not a game of Cluedo”.

This article serves two purposes:

  • Share my impressions and thoughts from the event with reference to Information Governance and Microsoft 365
  • Tell the story of my session

Conference Reflections

Fortunately for me, my session was scheduled on the final day of the conference. This allowed me to attend other technology themes sessions and get a feel for the prevailing knowledge of and appetite for Microsoft 365 among the conference delegates.  As you would expect, the delegates and speakers represented organisations across the whole range of the adoption journey, with some just about to start their journey and others with many years behind them since the roll out of Microsoft 365.  The appetite for information on Microsoft 365 was huge and most sessions were filled to overflowing.

What struck me the most was how varied the awareness was of the Information Governance features available in Microsoft 365 natively including organisations looking to third parties for solutions available natively within Microsoft 365.  It was also apparent that in many organisations there was a distinct separation between the IT and IG functions, especially in the organisations still searching for the solutions to their IG requirements.

There were also some fantastic examples of Microsoft 365 adoption.  One that stood out for me was James Powell’s session on the project to implement records management across Microsoft 365 at the Office for National Statistics.  The co-operation and shared responsibility for configuration, adoption and management between IT and IG in that project clearly led to a successful adoption of the toolset with records management and other IG features baked in form the start.

In Microsoft the Microsoft 365 compliance team are part of the Microsoft 365 security team and these features work hand in hand.  Both areas being subject to huge investment by Microsoft in recent years and going forward.  As a result IT professionals are becoming more aware of the IG requirements as well as the security needs of their organisation.

I left the conference with the conviction that closer integration between IT and IG is what is missing to help many organisations succeed with their Microsoft 365 adoption in a safe, secure and compliant way.

Session Recap

With my session, Governing Teams Data – It’s not a game of Cluedo, I wanted to make the governance of the data generated by Microsoft Teams into less of a challenge.

At Leadership Through Data, our Microsoft 365 courses use Cluedo-themed exercises to give delegates hands on experience with the products and this was the inspiration for my session.

With Microsoft Teams, the IG challenge is that features such as records policies do not offer an option of covering all Teams data in one go, they have to be configured to cover the location the data is stored in. The session set out to present the clues to where the data is stored and once that mystery is solved the IG features can be configured to govern the data where it is stored.

Here’s the session (in text and pictures).

Some of the features of each module are included in Microsoft 365 licenses, except Viva Topics. You can license the modules separately or (announced at Ignite on 2nd November 2021) via a suite license.

One thing that is missing is the Viva Topics App in Teams, which keeps showing up in many marketing images, hopefully that will come when Teams supports showing topics cards from messaging content.

Another key announcement from Ignite which was trailed when the deal to purchase Ally.io was signed is that Ally will be the 5th Viva module.

Ally is a Targets and Goal management tool to help align organisation objectives & mission with individuals targets and key performance indicators. See announcement of purchase for more info on the tool.


With the rise of remote and hybrid work, Microsoft Teams has become a core tool for modern businesses.  When it comes to meeting our compliance needs Teams presents challenges as it hides the data in many places. Finding, securing, protecting and managing your organisations Teams data doesn’t have to be like a game of Cluedo or even hide and seek.

This session will look at the challenges presented by Microsoft Teams and what your organisation can do to move forward post pandemic in a resilient and compliant way whilst embracing the renewed energy and recovery potential of hybrid working.

First let’s look at the conundrum, or the mystery to be solved. The game of Cluedo involves starting with a few clue cards and then deducing the rest of the mystery as the game progresses, with Teams we start with challenges rather than clues.

Microsoft Teams presents us with 3 main challenges when it comes to information governance.

  1. Where? – Teams is built on Office 365 and stores in data in multiple locations, so configuration of the ‘safety net’ tools need to take in those different locations
  2. Whom? – When investigating user activity the protections in place mean we have to use administrative tools to access the data to carry out our investigations.
  3. Tool? With hybrid working users have multiple devices and mechanisms to connect to Teams, giving us a shifting landscape of devices to manage

In this session, we will solve the data locations issue and shed light on the tools available to help with device management as well as user investigations.

Let’s also consider the theme of this conference – Resilience, Recovery and Renewal.  Microsoft Teams has been instrumental in allowing many organisations to survive since COVID hit.  But for many of us, it was deployed using, what we call the ‘COVID’ methodology – switch it on and hope for the best.  We are now considering the need to control the beast we unleashed.  So, we need to first solve the mystery of where Teams data is stored.


Every good murder mystery needs a backstory.  Teams has it’s own backstory!

Office 365 was launched in April 2011 with an aim of providing hosted email (Exchange) functionality for organisations.  Office 365 also provided hosted SharePoint as well the Office applications.

It quickly became apparent that most organisations were regularly creating 3 things together, as new sections of the business moved into the tool or new projects were started.  The three things are:

  • Shared Mailbox
  • SharePoint Site
  • Security group to manage access to the mailbox & site

So in September 2014 Microsoft 365 Groups were launched.  A Microsoft 365 Group creates all 3 of these things in one tidy easy to manage package.

With the introduction of Microsoft Teams in March 2017, we had a new interface to work with the Microsoft 365 Group – The Microsoft Teams Team!  Yes, a Team is a Microsoft 365 Group.

The backstory of Teams has given us a big clue as to where the data is stored.  Microsoft Teams does not have, nor need dedicated storage, as the Microsoft 365 groups it is built on have messaging and file storage built in, using Exchange and SharePoint.  Or as the image says Teams is Azure AD (the pyramid) plus Exchange and SharePoint.

Azure AD is the tool used to manage all access to Microsoft 365 tools and services.

Let’s take that BIG clue and start solving the mystery.  Starting with messages sent via Microsoft Teams.

We know Exchange is the email server.  It deals with messaging.  So, knowing that logic would dictate that messaging in Teams uses Exchange server to store the data.

And you’d be correct!  All Microsoft Teams messages are stored in Exchange.  The folders were the messages are stored is not visible to users via Outlook, but rather in Teams. When looking for user messages to govern the data or investigate we use the compliance toolset against the appropriate mailboxes.

Next let’s consider files.

SharePoint powers all file experiences in Microsoft 365, so the logical conclusion is that is where our files in Teams would go to SharePoint.

And that would be correct!

It’s important to note that when sending “attachments” via Microsoft Teams, what is actually sent a link to the file, also known as a ‘Modern Attachment’.  In order to send a link and share the file, it need to be first stored in a Microsoft 365 location.  When using the paperclip to attach a file to a message in Teams, you have the option to upload.

If sending a message in chat, the upload goes into your OneDrive Teams Chat Files folder.





When sending a message in a Team the upload goes into the files for the channel the message is sent in.

Each Team has it’s own SharePoint site and the channel is a folder in the default Documents library within that site.  Whilst a Private channel does not use the Team SharePoint site, but it’s own SharePoint site with the files being stored in that site’s default document library.  The same is true for the newer Shared Channels.  For more detailed information on this integration see Teams and SharePoint integration – SharePoint in Microsoft 365 | Microsoft Docs

Next let’s consider meetings & calls.

Meetings & calls are a combination of communication & collaboration experience, and therefore Teams uses both Exchange and SharePoint.

A log of calls made and meetings attended is stored in the mailbox of each participant.  That doesn’t mean the details of the meeting or content of the call, just a log of the call/meeting including join & leave time(s).

Recordings are stored in the OneDrive of the user who starts the recording with participants having access to the recording automatically.  If the user who records the call is not the meeting organiser, then the meeting organiser has full control of the recording file, as well as the person who started the recording.  For meetings in a Teams channel, the recording is stored in the channel files with team members having the same access to the recording as other files, regardless of meeting attendance.  For more details on permissions on meeting and call recordings see Microsoft Docs.

In summary then:


The Compliance Features in Microsoft 365 give a safety net of features that allow us to govern and protect our data.  We weave them together into a web that allows users the freedom to use the tools, but in the knowledge that the compliance tools safety net will block inappropriate sharing (Data Loss Prevention), preserve and delete data (Records Labels/Data Lifecycle Management), secure sensitive data (Sensitivity Labels) as well as provide investigation tools for IT/IG (eDiscovery).

When configuring these features we choose the locations they apply to.  Having solved all our clues and knowing where the Microsoft Teams data is stored, we now know where to position our safety nets, or in other words what locations to apply our protection features to.

So now we have solved the clues, we know:

  • Teams Data is stored across OneDrive, SharePoint & Exchange
  • We know to configure the compliance features to protect those locations to govern our Teams data
  • However, you need to be careful how you configure the governance tools. Those nets need the right size holes to let through some fish but still catch the fish we want. The features need to be configured to allow legitimate work to take place, whilst still ensuring/enforcing compliance.  Other data is stored in those locations and we need to think about that as well as thinking about Teams data when configuring the compliance and information governance features.
  • The theme of the conference is Resilience, recovery & renewal. For Microsoft Teams to support our organisations in remaining resilient, continuing to grow and thrive, the environment needs these governance tools configured or you might as well be living in the wild west!