Cloud Attachments: What Every Legal and GRC Team Needs to Know
April 30, 2025
By:
Summary: From our M365 Academy Series, learn about the current state of cloud attachments, their behavior in Teams and OneDrive, and why you may need to update your traditional preservation strategies to manage them.
As our experts advise clients on regulatory responses and litigation readiness, one of the most common issues they address is the handling of linked files, particularly those shared by email or message. Microsoft refers to them as cloud attachments, whereas Google refers to them as linked files. Regardless of the specific product terminology, they refer to a type of hyperlink shared by email or message. The nature of hyperlinking technology allows the recipient to access a document stored in a separate location (in the case of Google and Microsoft, documents that are stored within that enterprise system)—documents that are dynamic in the sense they can continue to be edited, moved and even deleted (subject to existing technical policies).
Despite the frequency of discussion, linked files are one of the mo st misunderstood aspects of cloud governance—and the riskiest to ignore. Whether it's a discovery dispute or a claim of a preservation misstep, the root issue often goes back to understanding the technical architecture, options that exist for preserving and collecting shared files, and the client’s own eDiscovery workflow.
As part of the M365 Academy series, my colleagues explored the current state of cloud attachments (as Microsoft describes them), how they behave in Teams and OneDrive, and why traditional preservation strategies don’t always apply.
Here are five key takeaways.
1. Not all links are equal, and not all are preserved
When users share a file in Microsoft Teams, they create a cloud attachment. But where that file is stored isn’t always obvious; it could be in OneDrive, SharePoint, or another team site. There’s a widespread misconception that putting users on hold preserves every file they’ve shared. It doesn’t.
Enterprise risk: Relying on OneDrive and mailbox holds creates a false sense of preservation coverage, leaving relevant data unpreserved.
Opportunity: Develop scoping workflows that go beyond individuals to include shared locations, group sites, and other collaborative contexts.
2. Don’t confuse ownership with coverage
In M365, custodians often access or contribute to files stored in shared locations they don’t own. Teams channels and SharePoint sites frequently contain relevant content, but not everything in those spaces is relevant, and most users have access to many more files than they actively use. This makes it challenging to define a defensible and proportionate preservation scope regardless of how well collaboration spaces are governed.
Enterprise risk: Overreliance on user-based holds can miss important shared content. But preserving every collaboration space a custodian can access isn’t realistic, possible, or proportional.
Opportunity: Focus on shared locations most likely to hold relevant data based on user activity, role, and business context. Legal and GRC teams should help shape provisioning and access policies, so preservation strategies reflect how employees actually work.
3. Preservation doesn’t guarantee version control
Even if you preserve the file, you may not preserve the shared version. That distinction is important, especially when facts, timing, or language are disputed. Unless the environment was preconfigured to capture the shared state, producing the exact shared version may not be reasonably expected or technically possible. Acknowledge the limitations and ground your approach in defensibility and proportionality.
Enterprise risk: In collaborative environments, content often changes after it’s shared. Producing a version that doesn’t reflect what was actually accessed can introduce the wrong information into discovery, misrepresenting facts, timelines, or intent, and potentially impacting case outcomes.
Opportunity: Acknowledge version gaps and clearly document your limitations. Since identifying the contemporaneous version can be a manual process, consider agreeing to produce a predetermined number of contemporaneous versions. Explain your approach and base your collection and production decisions on proportionality and defensibility.
Note: Microsoft 365 offers a premium feature that stores a separate copy of a document at the time it’s shared. This allows organizations to retain, hold, and collect the correct version during discovery. However, it only works prospectively and must be configured in advance. We are not aware of any clients that have enabled it, as it impacts storage, retention complexity, and overall information governance planning.
4. Terminology shapes expectations—and risk
Words like “attachment” or “parent-child” may feel familiar, but they don’t accurately reflect how cloud attachments behave in M365. In the traditional model, those terms suggested a static relationship, a single point-in-time document physically attached to an email. But today’s cloud-based links are dynamic, permission-based, and versioned. Treating them like traditional attachments can lead reviewers, factfinders, and opposing counsel to assume a stronger, more fixed connection than exists.
Enterprise risk: Using traditional terminology creates inaccurate assumptions during production negotiations and in court.
Opportunity: Choose language that reflects technical reality, terms like “linked files” or “referenced content,” and clearly define them in protocols, declarations, and communications with opposing counsel.
5. Strategy matters more than ever
Cloud attachments are just one piece of a broader challenge. Traditional legal hold models were built around individuals, not collaboration networks. Trying to preserve everything across every location may feel safer, but a boil-the-ocean approach rarely aligns with proportionality or eDiscovery reality. At the same time, choosing not to act or failing to document your rationale can create defensibility issues if your approach is challenged.
Enterprise risk: Without a clear strategy, you risk inconsistency, over-promising, over-collection, or legal challenges that could have been avoided.
Opportunity: Design a strategy that reflects your risk posture, licensing model, and regulatory environment; document how it meets proportionality standards for each matter; and let it inform meet and confer negotiations and ESI agreements.
Final thought: You don’t have to solve this alone
There’s no universal playbook for cloud attachment governance. Each organization has different licensing, tools, risks, and obligations. What matters most is that legal, compliance, and IT are working from a shared understanding—and building a plan that can stand up to scrutiny when it counts.
To learn how Lighthouse helps clients develop cloud attachment protocols, visit the Strategic Consulting Services section of our website.
