Stream Doesn’t Support Office 365 Retention Policies
Usage of Microsoft Stream is very high at present, largely driven by storage of Teams meeting recordings and Teams Live Events. This is goodness, but the increased use is revealing some flaws in Stream, such as the lack of support for Office 365 retention policies. At their Microsoft Stream Under the hood session at the Ignite 2019 conference, the development group promised that Stream will support retention policies “in 2020.” The need to keep the service running at a time of high demand might have stopped progress in this space.
When a video owner deletes a video, it goes into the Stream recycle bin and remains there for 30 days. This period allows owners to recover videos deleted in error. After the period elapses, Stream removes the video and the content is irrecoverable.
Exploring the Stream Recycle Bin
Although Stream administrators can see videos deleted by anyone in the tenant in the Stream recycle bin (Figure 1), a danger exists that a video which should be kept might slip through the cracks and be deleted. People in the compliance world worry about this kind of thing because someone could try to remove evidence of a policy violation by deleting recordings of Teams meetings where misdoings were discussed.
While waiting for Microsoft to bring Stream into the full Office 365 compliance framework (spanning retention policies, labels, and holds among other features), it’s possible to build a review mechanism to have someone check videos in the recycle bin to figure out if they should be kept. It’s a form of manual disposition, to use Microsoft’s term for a manual review of an item before it is disposed of.
To achieve the goal, I looked in the Office 365 audit log for StreamDeleteVideo events, which are logged when an owner deletes a video. It doesn’t take much to search for these events over the last 30 days and extract the relevant data, such as the name of the video and who deleted it.
Generating an HTML Report
After processing the audit events, I create an HTML report file (Figure 2). To help identify videos that are approaching deletion, the days since deletion and days remaining are calculated by subtracting the timestamp of the audit event from the current date. Someone creative could take other approaches to highlight entries in the list, such as using different colors for videos approaching their final deletion.
Emailing the Report
Generating a report is one step, making sure that its content is reviewed and actioned is another. To help things along, the script emails a copy to someone selected to review videos and decide if any should be kept. Figure 3 shows the report as it appears in OWA.
Emailing reports is easy with the Send-MailMessage cmdlet. In this case, the HTML content is imported as the message body, we add message properties such as the recipients, sender, and subject, and send it off. Using Send-MailMessage in this way is a good example of the kind of script that will need to be updated when Microsoft removes basic authentication support for SMTP AUTH connections.
The script can be accessed in GitHub. Feel free to create your own version and let us know what improvements you make by posting a comment here.
The Office 365 for IT Pros eBook includes a full chapter about Stream. Like everything else in the book, the Stream content is reviewed and updated when changes happen.