Cloud Attachments: What Every Legal and GRC Team Needs to Know

April 30, 2025

By:

Lynn Frances Jae
Lynn Frances Jae

Get the latest insights

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Summary: From our M365 Academy Series, learn about the current state of cloud attachments, their behavior in Teams and OneDrive, and why you may need to update your traditional preservation strategies to manage them.

As our experts advise clients on regulatory responses and litigation readiness, one of the most common issues they address is the handling of linked files, particularly those shared by email or message. Microsoft refers to them as cloud attachments, whereas Google refers to them as linked files. Regardless of the specific product terminology, they refer to a type of hyperlink shared by email or message. The nature of hyperlinking technology allows the recipient to access a document stored in a separate location (in the case of Google and Microsoft, documents that are stored within that enterprise system)—documents that are dynamic in the sense they can continue to be edited, moved and even deleted (subject to existing technical policies).

Despite the frequency of discussion, linked files are one of the mo st misunderstood aspects of cloud governance—and the riskiest to ignore. Whether it's a discovery dispute or a claim of a preservation misstep, the root issue often goes back to understanding the technical architecture, options that exist for preserving and collecting shared files, and the client’s own eDiscovery workflow.

As part of the M365 Academy series, my colleagues explored the current state of cloud attachments (as Microsoft describes them), how they behave in Teams and OneDrive, and why traditional preservation strategies don’t always apply.

Here are five key takeaways.

1. Not all links are equal, and not all are preserved

When users share a file in Microsoft Teams, they create a cloud attachment. But where that file is stored isn’t always obvious; it could be in OneDrive, SharePoint, or another team site. There’s a widespread misconception that putting users on hold preserves every file they’ve shared. It doesn’t.

Enterprise risk: Relying on OneDrive and mailbox holds creates a false sense of preservation coverage, leaving relevant data unpreserved.

Opportunity: Develop scoping workflows that go beyond individuals to include shared locations, group sites, and other collaborative contexts.

2. Don’t confuse ownership with coverage

In M365, custodians often access or contribute to files stored in shared locations they don’t own. Teams channels and SharePoint sites frequently contain relevant content, but not everything in those spaces is relevant, and most users have access to many more files than they actively use. This makes it challenging to define a defensible and proportionate preservation scope regardless of how well collaboration spaces are governed.

Enterprise risk: Overreliance on user-based holds can miss important shared content. But preserving every collaboration space a custodian can access isn’t realistic, possible, or proportional.

Opportunity: Focus on shared locations most likely to hold relevant data based on user activity, role, and business context. Legal and GRC teams should help shape provisioning and access policies, so preservation strategies reflect how employees actually work.

3. Preservation doesn’t guarantee version control

Even if you preserve the file, you may not preserve the shared version. That distinction is important, especially when facts, timing, or language are disputed. Unless the environment was preconfigured to capture the shared state, producing the exact shared version may not be reasonably expected or technically possible. Acknowledge the limitations and ground your approach in defensibility and proportionality.

Enterprise risk: In collaborative environments, content often changes after it’s shared. Producing a version that doesn’t reflect what was actually accessed can introduce the wrong information into discovery, misrepresenting facts, timelines, or intent, and potentially impacting case outcomes.

Opportunity: Acknowledge version gaps and clearly document your limitations. Since identifying the contemporaneous version can be a manual process, consider agreeing to produce a predetermined number of contemporaneous versions. Explain your approach and base your collection and production decisions on proportionality and defensibility.

Note: Microsoft 365 offers a premium feature that stores a separate copy of a document at the time it’s shared. This allows organizations to retain, hold, and collect the correct version during discovery. However, it only works prospectively and must be configured in advance. We are not aware of any clients that have enabled it, as it impacts storage, retention complexity, and overall information governance planning.

4. Terminology shapes expectations—and risk

Words like “attachment” or “parent-child” may feel familiar, but they don’t accurately reflect how cloud attachments behave in M365. In the traditional model, those terms suggested a static relationship, a single point-in-time document physically attached to an email. But today’s cloud-based links are dynamic, permission-based, and versioned. Treating them like traditional attachments can lead reviewers, factfinders, and opposing counsel to assume a stronger, more fixed connection than exists.

Enterprise risk: Using traditional terminology creates inaccurate assumptions during production negotiations and in court.

Opportunity: Choose language that reflects technical reality, terms like “linked files” or “referenced content,” and clearly define them in protocols, declarations, and communications with opposing counsel.

5. Strategy matters more than ever

Cloud attachments are just one piece of a broader challenge. Traditional legal hold models were built around individuals, not collaboration networks. Trying to preserve everything across every location may feel safer, but a boil-the-ocean approach rarely aligns with proportionality or eDiscovery reality. At the same time, choosing not to act or failing to document your rationale can create defensibility issues if your approach is challenged.

Enterprise risk: Without a clear strategy, you risk inconsistency, over-promising, over-collection, or legal challenges that could have been avoided.

Opportunity: Design a strategy that reflects your risk posture, licensing model, and regulatory environment; document how it meets proportionality standards for each matter; and let it inform meet and confer negotiations and ESI agreements.

Final thought: You don’t have to solve this alone

There’s no universal playbook for cloud attachment governance. Each organization has different licensing, tools, risks, and obligations. What matters most is that legal, compliance, and IT are working from a shared understanding—and building a plan that can stand up to scrutiny when it counts.

To learn how Lighthouse helps clients develop cloud attachment protocols, visit the Strategic Consulting Services section of our website.

About the Author

Lynn Frances Jae

Lynn Frances Jae brings over 25 years of experience in legal technology and eDiscovery to her role as the Go to Market Director for Lighthouse. She has played a critical role in shaping marketing strategy, programs, and content for several legal tech companies, ensuring they align with industry needs. Lynn was an early advocate for the adoption of data analytics in eDiscovery and regularly spoke about it at conferences. Her contributions to the field were recognized with the “eDiscovery Pioneer” Award by Women in eDiscovery. She continues to drive thought leadership and business growth, leveraging her extensive industry knowledge to connect data professionals with the services and technology that meet their needs.