Archiving Skype Online

One of the most common requirements I hear companies ask for regarding Skype for Business Online is a realistic way of archiving, preserving, and inspecting conversation history across the environment.  With email, this was always easy to do with both Exchange Server on-premises as well as Exchange Online.  Even Skype for Business on-premises makes this easy, but Skype for Business Online was a challenge.  Up until recently, there was no good solution for archiving Skype conversations in the cloud, but new updates have made this much easier, though not perfect.

Skype On-Premises vs. Online

Skype for Business on-premises has a dedicated archiving role as part of the topology which made archiving conversation history easy to do.  This stores conversation history in a SQL database that is part of the Skype environment.

Skype for Business Online though does not expose this capability.  Microsoft’s solution for this in the cloud was to leverage Exchange Online mailboxes for the users.  Conversation History can be saved in a dedicated folder within a user mailbox.  Microsoft’s solution was to use this folder and place the user mailbox on litigation hold.  There are several flaws in this approach:

  1. The Conversation History folder is dependent on client integration with Outlook.  Desktop Skype for Business clients could be enforced via Group Policy to enable the Conversation History saving of Skype conversations, otherwise users could disable this setting within the Skype client.  In addition, this didn’t apply to mobile app clients, which conflicted with the “anywhere, anytime, any device” marketing for Microsoft’s cloud services.  Therefore, even though you could enforce desktop clients to use the Conversation History saving of conversations, this would not guarantee all conversations would be captured, therefore failing most compliance requirements.
  2. Retention (including preservation) required the mailbox to be placed on litigation hold.  By doing so, any mailbox retention policies become pointless as litigation hold would override any retention policy expiration periods, therefore retaining all email (and only captured conversations from the Skype desktop client) until the litigation hold was removed.  This would fail to meet any compliance requirements.

Because of these flaws, I have never encountered an organization that actually implemented this as a viable Skype for Business Online archiving and retention solution.  In fact, most third-party solutions that could tie into Skype for Business Online required these same configurations, also rendering them useless.  Fortunately, this approach has changed from Microsoft.

 

Office 365 Updates

Up until recently, Office 365 Retention Policies did not actually provide a true compliance archive.  This was because Office 365 Retention Policies only defined when to delete content, but would not prevent users from deleting content on their own.  A true compliance archive does not only delete content automatically after a period of time, but also enforces how long that content should be kept regardless of user attempts to delete.  This brought around the concept of Preservation Policies in Office 365.  But, for most of us, when we think of retention, we consider that to mean both “how long to keep” and “when to delete”.  Recent updates to Office 365 have merged these capabilities into one Retention Policy configuration that can provide a true compliance archive.

If your tenant has not been updated yet, your admin console (under Security & Compliance > Data Governance > Retention) will look like the one below.

Old_RetentionPolicy

As can be seen, Preservation Policies are defined as their own policies outside of Retention Policies.  Preservation policies introduced the ability to select Skype for Business Online as a service target for the policy, which enabled actual archiving of Skype conversations without the limitations previously described (more on this later in the post).  Updated tenants have a single Retention Policy configuration which merges the previous Retention Policies with Preservation Policy capabilities.

New_RetentionPolicy

The new single policy configuration now uses the term “retain” to mean “preserve”, as you can see in the screen shot below.  You now first define how long you want to retain content and then you can decide whether to automatically delete content after this period expires.  This aligns with what most of us would have originally considered a Retention Policy to do in the first place.

RetentionPolicy_01

As mentioned previously, you can now select service locations for the new Retention Policy to apply to, which includes Skype for Business.

RetentionPolicy_02

Even though this update makes archiving Skype for Business conversations in Office 365 possible and easy to implement, it still has its flaws.  Most notable is the scoping of the policy for the Skype for Business Online users.  You would assume based on the other services, such as Exchange Online or SharePoint Online, you could select a group here as a scope for Skype for Business users to include in the policy, but that assumption is incorrect.  At this time, you can only select individual users when enabling the policy to include the Skype for Business service.  This makes managing the policy a very frustrating practice as it would need to be included in every user’s on-boarding and off-boarding process when enabling them for Skype for Business in Office 365.  This can be integrated with existing processes using PowerShell scripting, but this is still not ideal.

 

How Skype Archiving Works

As mentioned above, previous Skype for Business archiving in Office 365 required an Exchange Online mailbox to be enabled for litigation hold and would only capture messages that were written to that folder in Outlook when using the desktop clients.  Fortunately, this is not how the new archiving capabilities work.  Rather than being client-side driven, the new capability is server-side driven within the Skype for Business service itself, but this still does rely on Exchange Online.

If we look at how Skype for Business works for on-premises environments, recent updates have enabled improved integrations between Skype for Business and Exchange Server 2013 and 2016.  This new integration enables Skype for Business to write conversation history content directly to the user mailbox into the Purges folder, which is hidden from the user.  This does not entirely replace the SQL based archiving within Skype for Business Server itself but because Office 365 is built upon Exchange Server and Skype for Business Server, this provides an alternative archiving capability for the cloud.

In an Exchange mailbox (on-premises and online), a hidden folder is used for Recoverable Items, which enables users to recover deleted items for a period of time.  The Purges folder is a sub-folder within the Recoverable Items folder hierarchy.

Recoverable Items folder

The benefit of Skype for Business storing conversation history here is that the Recoverable Items folder is indexed by the Exchange Search engine so that content is able to be discovered in eDiscovery.  In addition, the Recoverable Items folder has its own storage quotas within Exchange Online, so contents do not impact the general user mailbox size limits (if defined).  The Retention Policy uses the In-Place Hold capabilities in Exchange Online to prevent the archived Skype conversations from being purged from this folder until the defined period in the Retention Policy expires.  This enables the Skype conversations to be preserved without impacting the entire user mailbox that the previous method using litigation hold would do.

So what gets archived?  Currently, the following are able to be archived using Retention Policies in Office 365:

  • Peer-to-peer messages
  • Multi-party messages
  • Content upload activities in meetings

The following items are not archived with the current Retention Policies in Office 365:

  • Peer-to-peer file transfers
  • Audio and video conferences
  • Conference meeting messages
  • Application sharing content
  • Conferencing annotations

In addition, Skye for Business archiving in Office 365 cannot use sensitive information types to filter content to archive as this is not supported.

Other limitations for Skype for Business archiving in Office 365 include the “per-user” application in the policy.  Each user must be defined individually, but this results in each user being considered an “inclusion” to the policy.  Retention Policies only support up to 1,000 inclusions.  Therefore, in companies with more than 1,000 employees, multiple Retention Policies must be define as well as manually managed.

Another limitation is how In-Place Holds are processed.  In-Place Holds that use keyword queries are applied cumulatively.  This means that if a user has multiple policies applied to them that use keyword queries, the keywords from each policy are combined into a single query of all keywords from all applied policies.  This results in a single query being processed for all keywords that apply to the user, but this query is limited to a maximum of 500 keywords.  If multiple policies being applied result in more than 500 keywords combined, the query is ignored and ALL content is considered in-scope for the In-Place Hold.

 

It should be reiterated that despite still having limitations, this new archiving capability within Office 365 does provide the ability of a true compliance archive for not just email, but Skype conversations as well.  This does not rely on the Conversation History folder or the Skype client being used as the archiving process is now server-side driving with the Skype for Business service writing the conversation content directly to the Exchange Online mailbox.

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s