Ultimate Guide to Microsoft 365 Data Storage Locations (Exchange, OneDrive, SharePoint, Teams & More)

Update (September 2025): This post has been updated to include the latest changes to private channel message storage and compliance.

If you’re managing Microsoft 365, you already know it stores data across Exchange, SharePoint, Teams, OneDrive, and more. But do you know exactly where each type of data lives—and which Microsoft Purview tools can help protect it?

In today’s fast-paced digital world, data is the lifeblood of any organization. It is the foundation upon which decisions are made, strategies are formulated, and success is measured. As a user or admin of Microsoft 365, you have access to a powerful suite of tools that enable you to create, store, and manage your data with ease. But with so many applications and features, it can be challenging to know where your data is stored and how to access it. Understanding these Microsoft 365 data storage locations is crucial for effective data management and regulatory compliance.

This comprehensive guide will help you answer the question: Where does Microsoft 365 store your data?

Why Understanding Microsoft 365 Data Storage Matters

Knowing where Microsoft 365 stores your data is essential for security, compliance, eDiscovery, and data governance. Here are the key benefits:

• Compliance and Regulations: Determines which privacy and security laws apply, such as GDPR, DPA, HIPAA, and CCPA.
• Data Residency and Sovereignty: Ensures data remains within specified regions for regulated industries.
• eDiscovery and Legal Hold: Ensures legal and compliance teams can access the correct repositories during investigations.
• Retention and Lifecycle Management: Guides IT teams in applying the right retention policies and deletion rules.
• Risk Mitigation: Supports proper offboarding and data cleanup processes to reduce data loss or leakage.
• User Productivity: Helps users understand where to access, edit, and collaborate on files effectively.

Organizations in regulated sectors (finance, healthcare, government) need precise visibility into their Microsoft 365 data architecture to maintain legal defensibility and operational transparency.

Who Benefits from This Knowledge?

This knowledge empowers:

• Data Protection Officers (DPOs) to understand residency and control data flowMicrosoft 365 Applications
• Users to find and access their content
• IT teams to configure retention, backup, and compliance
• Legal and Compliance teams to meet regulatory obligations

Microsoft 365 Applications and Their Data Storage Locations

Each Microsoft 365 app stores data in different services—Exchange Online, SharePoint, OneDrive, SharePoint Embedded or Microsoft-hosted regional services. Below is a comprehensive table showing:

• Which Microsoft Purview compliance controls apply
• Where data is stored
• What data types are involved

Data storage location varies based on the application and its features. Some apps use SharePoint or OneDrive, others use Exchange Online or dedicated services.

To see what apps have been assigned to your account, go to the Microsoft 365 app launcher and select “All apps.” For a full list of Microsoft Apps, visit the Microsoft Apps Directory.

Next, we will explore the specific applications, the Microsoft 365 data storage locations, and what Microsoft Purview compliance controls are available.

---

📊 Microsoft 365 Apps, Data Storage Locations and Purview Compliance Controls

App/Service	Storage Location	Data Stored	Purview Compliance Controls
Exchange Online	Exchange Online Mailbox (User)	Emails, calendar, contacts, tasks, Teams 1:1 & private chats, Forms, Sway, Copilot prompts	✅ Retention Policies and labels ✅ eDiscovery ✅ Audit ✅ Communication Compliance (emails) ✅ DLP
Microsoft 365 Groups	Exchange Online Mailbox (Group)	Group emails, calendars, Teams channel messages, Viva Engage messages, Call Detail Records	✅ Retention Policies and labels ✅ eDiscovery ✅ Audit ✅ Communication Compliance (emails) ✅ DLP
OneDrive for Business	OneDrive (User)	Files, OneNote, recordings, Lists, Whiteboards, Loop components, Stream videos, Clipchamp	✅ Retention Policies and labels ✅ eDiscovery ✅ Audit ✅ DLP
SharePoint Online	SharePoint Site Libraries	Team site files, Lists, OneNote, Loop components, Planner attachments, Stream videos	✅ Retention Policies and labels ✅ eDiscovery ✅ Audit ✅ Information Barriers ✅ DLP
SharePoint Embedded	SharePoint Embedded Containers	Copilot Pages, Copilot Notebooks, and Loop, Microsoft Designer content	✅ Retention Policies ✅ Audit ✅ DLP 🔶 Retention labels (Auto apply only) 🔶 eDiscovery (Full text search of content within .loop files in Purview review sets is not available.)
Bookings	Exchange Online Mailbox (Schedule)	Booking emails, confirmations	✅ Retention Policies ✅ eDiscovery ✅ Audit ✅ DLP
Microsoft Teams	See Exchange/OneDrive/SharePoint	Chats, meetings, files, recordings	✅ Retention Policies ✅ eDiscovery ✅ Audit ✅ Communication Compliance (E5) ✅ DLP
Viva Engage (Native mode)	Exchange Online & Regional Centers	Native mode messages	✅ Retention Policies ✅ eDiscovery ✅ Audit 🔶 DLP (monitor Engage admin center)
Forms	Regional Microsoft Datacenters	Form templates and responses	✅ Audit 🔶 eDiscovery (limited to exported responses) 🔶 Audit (very limited) 🚫 Retention Policies 🚫 DLP
Planner	Regional Microsoft Datacenters + SharePoint	Task metadata and attachments	✅ Retention Policies (attachments only) 🔶 eDiscovery (attachments only) 🔶 DLP (attachments only) 🚫 Audit

Use this table to determine which Purview capabilities apply to each storage type and ensure you’re maximizing your Microsoft 365 data protection strategies.

---

Application-by-Application Deep Dive

Each section below details what’s stored, where it’s stored, and what compliance controls apply.

📧 Exchange Online Mailbox (User) – Storage & Compliance

Exchange Online stores more than just email. It also houses compliance copies of Teams chats, Forms responses, and Copilot interactions.

📝 Content stored in Exchange Online User Mailboxes:

• Standard mailbox content:
  • Emails,
  • Calendar
  • Contacts
  • Tasks
• Hidden Compliance Copies:
  • Microsoft Teams 1:1 and group chat messages
  • Key Change from September 20, 2025. Teams Private channel conversations will be now be stored in the Group mailbox. Post-migration, the latest version of private channel message data from each user’s mailbox is moved to the group mailbox. For Data on hold. Message edits and deleted messages will not be copied into the group mailbox. More info New enhancements in Private Channels in Microsoft Teams unlock their full potential | Microsoft Community Hub.
  • Teams Meeting chats and transcripts
  • Teams Voicemails and call summaries
  • Viva Engage (formerly Yammer) private messages
  • Copilot interactions (prompts and responses)
  • Microsoft Forms data (forms and responses)
  • Sway presentations

🛡️ Microsoft Purview capabilities for Exchange Online User Mailboxes:

• ✅ Retention Policies (separate policies for user mailbox items, Teams messages, Viva Engage messages and Copilot interactions)
• ✅ Retention labels (emails)
• ✅ eDiscovery (standard/premium)
• ✅ Audit logs
• ✅ Communication Compliance (emails) (E5)
• ✅ DLP

📖 Remember that the user’s mailbox is deleted when you remove the user license or delete the account unless the content is subject to retention polices. So you risk losing data. Check out my related blog: Microsoft 365 Offboarding: Secure OneDrive & Mailbox Data.

---

👥 Exchange Online Mailbox (Microsoft 365 Groups) – Storage & Compliance

Each Microsoft 365 Group includes a mailbox that stores shared conversations, calendars, and compliance copies of Teams channel messages and Viva Engage posts.

📝 Content Stored in Microsoft 365 Group mailboxes:

• Standard mailbox content:
  • Microsoft 365 Group emails
  • Shared calendars
• Compliance Copies:
  • Teams standard, private and shared channel messages. Note from September 20, 2025 Private channel messages will be stored in the group mailbox. Post-migration, the latest version of private channel message data from each user’s mailbox is moved to the group mailbox. For Data on hold. Message edits and deleted messages will not be copied into the group mailbox.
  • Shared Teams meeting chats
  • Channel meeting Call Detail Records (CDRs)
  • Viva Engage community conversations

🛡️ Microsoft Purview controls for Microsoft 365 Group mailboxes:

• ✅ Retention policies (separate policies for group mailbox items, Teams channel messages and Viva Engage community messages)
• ✅ Retention labels (emails)
• ✅ eDiscovery (standard/premium)
• ✅ Audit logs
• ✅ Communication Compliance (emails) (E5)
• ✅ DLP

---

🗓️ Exchange Online Mailbox (Bookings) – Storage & Compliance

When a Bookings calendar is created, Microsoft provisions a separate Exchange Online mailbox to manage the booking.

📝 Content Stored in Microsoft Bookings

• Notification logs
• Appointment scheduling metadata
• Customer interaction records

🛡️ Microsoft Purview controls for Microsoft Bookings data (stored in Exchange):

• ✅ Retention policies (Exchange mailbox)
• ✅ eDiscovery (standard/premium)
• ✅ Audit logs
• ✅ DLP

---

📂 OneDrive for Business – Storage & Compliance

Each user’s OneDrive is their personal file repository. It also stores Teams meeting recordings (when initiated by the user), Lists, Whiteboards, and Clipchamp projects.

📝 Content Stored in OneDrive

• Office files (Word, Excel, PowerPoint)
• Uploaded files (PDFs, images, videos)
• OneNote notebooks
• User-generated Microsoft Stream videos
• Microsoft Teams meeting recordings & transcripts (if recorded by the user)
• Personal Lists (from Microsoft Lists)
• Microsoft Loop components (chat and meeting context)
• Whiteboard drawings
• Clipchamp video editing projects

🛡️ Microsoft Purview controls for OneDrive:

• ✅Retention policies (user-level)
• ✅Retention labels (manual/auto (E5))
• ✅eDiscovery
• ✅Audit
• ✅ DLP

📖 Remember that the user’s OneDrive is deleted when you remove the user license or delete the account unless the content is subject to retention polices. So you risk losing data. Check out my related blog: Microsoft 365 Offboarding: Secure OneDrive & Mailbox Data.

---

🏢 SharePoint Online – Storage & Compliance

The collaboration hub for Teams, Lists, OneNote, Planner attachments, and shared files. Rich metadata and content types support advanced records management.

📝 Content Stored in SharePoint:

• Document libraries (Office files, PDFs, multimedia)
• Shared OneNote notebooks
• Microsoft Lists (issue tracking, asset management)
• Teams channel files
• Teams channel meeting recordings & transcripts
• Loop components
• Planner attachments
• Site-related Stream videos
• SharePoint Pages

SharePoint provides powerful metadata tagging, versioning, content types, and information architecture to support records management and compliance.

🛡️ Microsoft Purview controls for SharePoint:

• ✅ Retention policies
• ✅ Retention labels (manual/auto (E5)
• ✅ Default retention labels on a Document Libraries (E5)
• ✅ eDiscovery
• ✅ Audit
• ✅ Information Barriers (E5)
• ✅ DLP

---

🧩 SharePoint Embedded – Storage & Compliance

SharePoint Embedded is a new low-code/no-code platform that allows developers to build custom apps that store files directly in Microsoft 365, leveraging SharePoint’s security, compliance, and content service, without requiring users to interact with traditional SharePoint sites. Loop workspaces and Designer images are great examples of how Microsoft is utilizing SharePoint Embedded to create next-generation, cloud-based collaboration tools.

📝 Content Stored in Shared Container in SharePoint Embedded:

• Loop app, shared workspace
• Microsoft Designer projects
• Custom document management systems
• In-app storage for ISVs or enterprise developers

📝 Content Stored in User-owned Container in SharePoint Embedded:

• Copilot Pages
• Copilot Notebooks
• Loop App, My workspace

More: SharePoint Embedded Public Preview

🛡️ Microsoft Purview controls for SharePoint Embedded:

• ✅ Retention Policies
• 🔶 Retention labels (Auto apply only)
• 🔶 eDiscovery (Full text search of content within .loop files in Purview review sets is not available.)
• ✅ Audit
• ✅ DLP

---

🔄 Microsoft Teams – Storage & Compliance

Teams stores data in multiple back-end services. Compliance copies are maintained even if messages are deleted from the Teams interface.

📝 Content Stored in Microsoft Teams.

• Teams chat service
  • Teams messages
• Exchange user mailbox
  • Compliance copies of 1-to-1 and Group chats
  • Teams Voicemails
  • Call Detail Records
• Exchange Group mailbox
  • Compliance copies of Teams standard and shared Channel messages
  • Compliance copies of Teams private channel messages. Note from September 20, 2025 Private channel messages will be stored in the group mailbox. Post-migration, the latest version of private channel message data from each user’s mailbox is moved to the group mailbox. For Data on hold. Message edits and deleted messages will not be copied into the group mailbox. More info New enhancements in Private Channels in Microsoft Teams unlock their full potential | Microsoft Community Hub.
• SharePoint site
  • Files stored in the channels
  • Teams channel meeting records and transcripts
  • Team OneNote
  • Team Planner file attachments
  • Channel meeting whiteboard
  • Emails forwarded to the channel
• User’s OneDrive account
  • Shared Files in 1 to 1 and group chats
  • User owned Teams meeting records and transcripts
  • User owned Teams meeting whiteboard

Note. Compliance copies are created and stored in hidden folders (non-visible to end users) in Exchange Online. These copies preserve data integrity even if the original message or item is deleted.

🛡️ Microsoft Purview controls for Teams

• ✅Retention policies (separate policies for Teams chat messages, Teams channel messages, Teams Private channel messages)
• ✅Retention labels (on files)
• ✅eDiscovery
• ✅Audit
• ✅Communication Compliance for messages (E5)
• ✅ DLP (scope to Teams and SharePoint/OneDrive for cloud attachments)

---

🎪 Content Stored in Viva Engage (Native Mode) – Storage & Compliance

When Viva Engage (formerly Yammer) is in Native Mode, it becomes fully integrated with Microsoft 365, storing data in Exchange Online, SharePoint Online, and OneDrive for Business, just like Teams and is backed by a Microsoft 365 Group. This unlocks the full range of Microsoft Purview compliance capabilities.

📝 Content Stored in Viva Engage

• Viva Engage cloud storage
  • Viva Engage Messages
• Exchange user mailbox
  • Compliance copies of Viva Engage private messages
• Exchange Group mailbox
  • Compliance copies of Viva Engage community messages
• SharePoint site
  • Files stored in the Viva Engage community

🛡️ Microsoft Purview controls for Viva Engage

• ✅Retention policies (separate policies for Viva Engage private messages and Community conversations)
• ✅Retention labels (on files only)
• ✅eDiscovery
• ✅Audit
• 🔶 DLP (monitor Engage admin center)

---

🌐 Microsoft 365 Services with Restricted Data Residency

Some Microsoft 365 services store data outside your tenant’s primary region to optimize performance or functionality.

Key Considerations:

• Data sovereignty rules (e.g. GDPR) may impact usage.
• Retention and Legal Hold enforcement may vary.
• eDiscovery may have limitations in scope or searchability.

Service	eDiscovery	Retention	Audit	Compliance Copy in Mailbox?	Notes *
Forms	🔶 Partially.	❌ Not Available	✅ Fully Available	✅ Yes Forms and Responses	Content not preserved by an eDiscovery hold
Planner	🔶 Partially	🔶 Partially	🔶 Partially	🔶 Partially	Supported: Tasks, comments, and attachments. Unsupported: Personal (roster) plans, plans in Loop components, premium plans (formerly projects).
Project for the web	✅ Fully Available	❌ Not Available	✅ Fully Available	✅ Yes	Project for the web supports compliance features and stores audit logs in Exchange Online.
Power Apps for Microsoft 365	✅ Fully Available	❌ Not Available	✅ Fully Available	❌ No	Power Apps data is stored in Dataverse, not Exchange Online mailboxes.
Viva Glint	❌ Not Available	❌ Not Available	❌ Not Available	❌ No	Viva Glint does not currently support Purview compliance features.
Viva Goals	❌ Not Available	❌ Not Available	❌ Not Available	❌ No	Viva Goals does not integrate with Exchange Online compliance features.
Viva Learning	✅ Fully Available	✅ Fully Available	✅ Fully Available	✅ Yes	Follows Exchange Online compliance policies.
Viva Engage	✅ Fully Available	✅ Fully Available	✅ Fully Available	✅ Yes	Viva Engage messages are stored in Exchange Online mailboxes, ensuring full compliance.

📖 Learn more: Data Residency for Other Microsoft 365 Services – Microsoft 365 Enterprise | Microsoft Learn.

---

📌 Final Thoughts

Understanding your Microsoft 365 data storage architecture is foundational to data governance, especially when navigating legal, regulatory, and operational complexities.

By knowing:

• Where your data is stored
• What compliance controls are available
• How to apply those controls effectively

…you can reduce risk, ensure compliance, and support a well-governed digital workplace.

📚 Key Microsoft Docs:

• New enhancements in Private Channels in Microsoft Teams unlock their full potential | Microsoft Community Hub
• Microsoft 365 data locations – Microsoft 365 Enterprise | Microsoft Learn
• Advanced data residency in Microsoft 365 – Microsoft 365 Enterprise | Microsoft Learn
• Data Residency for Other Microsoft 365 Services – Microsoft 365 Enterprise | Microsoft Learn
• Conduct an eDiscovery investigation of content in Microsoft Teams | Microsoft Learn
• Content stored in Exchange Online mailboxes for eDiscovery | Microsoft Learn.
• Microsoft Planner support in Microsoft Purview – Microsoft Planner | Microsoft Learn
• Overview and Definitions – Microsoft 365 Enterprise | Microsoft Learn

---

❓ Frequently Asked Questions (FAQ)