This article is also available in German, Spanish or French, you can choose your preferred language by selecting it from the drop-down menu above.
Existing Policy Translations
At the beginning of Q2 2025, all of the existing compliance policies will be automatically converted to the new format based on your current policy settings. With updates to functionality in certain sections, some settings will require adjustments to fit the new policies. Site settings and Teams policy settings are required to have a value defined. If found disabled, these will be set to the most restrictive setting.
Therefore, it is advisable to go through the different settings in the existing policy and understand how they will be translated.
In the side menu, go to 'Compliance Policies' to get a list of all your existing policies. For each policy, click the button to review the settings and if changes are made, press [Save].
What you need to action
SETTINGS FOR SITES
To ensure the optimal outcome when the new policies are enforced, it's best for you to enable the site settings in the current policies and set your desired values now.
For all settings mentioned below, if they remain disabled, the most restrictive settings will apply.
Example scenarios below:
Example 1 - Site settings currently Disabled - After conversion, Enabled to most restrictive setting
Example 2 - Site settings currently Enabled - After conversion, Enabled to same values
-
Monitor for the maximum external sharing level allowed
if enabled, the same setting will be used in the new policy (irrespective of auto-fix/enforce setting)
if disabled, it will be set to "Only people in your organization"
-
Monitor for the default sharing level for new links
if enabled, the same setting will be used in the new policy (irrespective of auto-fix/enforce setting)
if disabled, it will be set to "Specific People"
-
Monitor for the default permission level for new links
if enabled, the same setting will be used in the new policy (irrespective of auto-fix/enforce setting)
if disabled, it will be set to "Can View"
-
Monitor for guest access expiration setting higher than
if enabled, the same setting and value will be used in the new policy
if disabled, it will be set to "1 day"
-
Monitor for anyone links expiration setting higher than
if enabled, the same setting and value will be used in the new policy
if disabled, it will be set to "1 day"
MICROSOFT TEAMS SHARING POLICY DEFINITION
When files are shared in Microsoft Teams private chats, a copy of the file is created in the sender’s OneDrive with a sharing link to it. With this update, sharing links to these files will be automatically removed if the file is unused for the period defined in the policy. The minimum allowed period is 1 day and the maximum is 730 days. Additionally, the admin may choose to also have the Teams copy of the file deleted (moved to Recycle bin).
Is Deletion of the Teams copy of the file desired?
If deletion of the Teams copy of the file is desired, ensure that the settings “Monitor for items shared via Teams“ and “Automatically delete items shared via Teams (move to recycle bin) if no action is taken by the user during the grace period” are Enabled.
In this case, the auto-remediation period for files and links will be the addition of the existing settings:
-
- Monitor for items shared via Teams [2 days]
- Automatically delete items shared via Teams (move to recycle bin) if no action is taken by the user during the grace period [3 days]
- Set a grace period for users and site-owners to remediate [7 days]
Therefore in the above example, both the links and the Teams copy of the file will be auto-remediated after 12 days.
If deletion of the Teams copy of the file is NOT desired, ensure that the setting “Automatically delete items shared via Teams (move to recycle bin) if no action is taken by the user during the grace period” is Disabled. In this case, auto-remediation period for links will depend on which of the other settings are set. The below scenarios are possible:
- Both “Monitor for links to items shared via Teams“ and “AutoRemediate violations if no action is taken by the user during the grace period“ are enabled
In this case, the auto-remediation period for links will be the addition of the existing settings:- Monitor for links to items shared via Teams [1 day]
- AutoRemediate violations if no action is taken by the user during the grace period [4 days]
- Set a grace period for users and site-owners to remediate [7 days]
Therefore in the above example, the links will be auto-remediated after 12 days.
-
“Monitor for links to items shared via Teams“ is Enabled and “AutoRemediate violations if no action is taken by the user during the grace period“ is Disabled
In this case, the auto-remediation period for links will be the addition of the existing settings (but capped to a minimum of 14 days):
- Monitor for items shared via Teams [1 day]
-
Set a grace period for users and site-owners to remediate [7 days]
Therefore in the above example, the links will be auto-remediated after 14 days (since total [8] is less than the minimum [14]).
-
“Monitor for links to items shared via Teams“ is Disabled
-
In this case, the auto-remediation period for links will be set to the maximum value of 730 days.
-
Note that all past sharing links to Teams shared files will be evaluated and automatically remediated if policy criteria is met, even if they were previously approved.
With the new policies, Teams' sharing violations are always auto-remediated without notification. However, these files are still subject to the other sharing policy settings assigned to the site and violations will be raised accordingly.
No action required but good to know
SHARING POLICY DEFINITION
The sharing policy criteria will be converted in order to ensure a smooth transition with minimal impact. The below applies for both Internal and External sharing.
Example scenarios below:
Example 1 - Sharing Policy criteria disabled in current policy
Example 2 - Sharing Policy criteria enabled, Auto-Remediation disabled in current policy
Example 3 - Sharing Policy criteria and Auto-Remediation enabled in current policy
In this case;
- if a setting is Disabled, it will remain Disabled
- if a setting is Enabled and AutoRemediate is Disabled, it will remain Enabled and set to Monitor Only
- if a setting is Enabled and AutoRemediate is Enabled, it will remain Enabled and set to Monitor and AutoRemediate
- existing grace period and re-audit period settings will be retained. If site owner notifications are enabled, these will be retained but only sent once daily going forward
TRUSTED DOMAINS
All existing domains listed here will be added to the new policies.
OTHER NOTES
- All existing policies will be converted as listed above
- Converted policies will be marked accordingly to be easily identified
- Sites which are assigned a policy, will be re-assigned the same policy in the converted format as specified above