Teams Tailors Compliance Records for eDiscovery

The Myth of Teams Chat Data Stored in Exchange Online

Office 365 Notification MC230096 posted on 16 December is titled Change to properties added to Teams chat messages saved in Exchange Online. It’s a bad and misleading title. Teams chat messages are never saved in Exchange Online. Teams compliance records are, and there’s a big difference between the two types of object.

Unfortunately, some believe the myth that Teams compliance records are complete and perfect copies of chat messages. They’re not and several important pieces of information are missing from the items stored in Exchange Online, like reactions, code snippets, and voice memos. Some backup vendors seek to perpetuate the notion that copying the Exchange items creates a good backup for Teams, which isn’t true, unless you consider a total inability to restore the items into Teams a backup feature.

Old and Expensive Attributes Being Removed

Coming back to MC230096, the news is that Teams will no longer create fully-populated MAPI mail items in Exchange Online. Instead, the properties of the compliance records for Teams chat messages will be tailored to meet the needs of eDiscovery. In addition to eDiscovery, Teams creates compliance records in Exchange Online to make the data available for services like Microsoft Search and features like communications compliance policies. In October 2020, Microsoft moved the storage location of the compliance records to the non-IPM section of user and group mailboxes.

The change being made drops a bunch of Exchange attributes which are not used by eDiscovery, such as LegacyExchangeDN (a throwback to the x.500 roots of the Exchange directory store used to map Active Directory addresses back to the addresses used by Exchange 5.5). The change is being rolled out now and is due for completion by the end of January 2021 and compliance records after this point won’t populate the unnecessary attributes. The compliance records for old chat messages are unaffected.

No one would ever conduct an eDiscovery search looking for messages addressed to a legacy distinguished name or recipient type, SID, GUID, or the other properties being dropped from Teams compliance records. People do use display names (like Jane Doe) or SMTP addresses (like John.Smith@office365itpros.com): these attributes are being kept along with the other searchable properties.

Burning Up Service Resources

Microsoft says that they’re making the change because populating the records with the unwanted data consumes a lot of resources as Teams makes Graph calls against Azure AD to retrieve the information. Given the growth in Teams usage over the last year and the number of personal and group chats and the consequent number of compliance records created in Exchange Online, this is a good and logical change. There’s no point in consuming vast quantities of CPU cycles to fetch directory attributes that no one will ever use.

In fact, looking at the MAPI properties of a Teams compliance item (Figure 1), there’s probably some more rationalization which can be done to remove some more duplicated or unnecessary attributes.

Some duplicated information stored in a Teams compliance record
Figure 1: Some duplicated information stored in a Teams compliance record

Change Won’t Impact Many

Tenants are unlikely to notice the change as the processing to capture Teams compliance records occurs in the background. If an organization exports the compliance records to a third-party archiving or eDiscovery, some testing will be needed to ensure that the new record format doesn’t affect how that solution works.


Keep a close eye on what’s happening inside Teams and the other Office 365 applications by subscribing to the Office 365 for IT Pros eBook. Our monthly updates make sure you know about changes when you need to.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.