Create and publish retention labels by using PowerShell

After you've decided to use retention labels to help you keep or delete documents and emails in Microsoft 365, you might have realized that you have many and possibly hundreds of retention labels to create and publish. The recommended method to create retention labels at scale is by using file plan from the Microsoft Purview portal or the Microsoft Purview compliance portal. However, you can also use PowerShell.

Use the information, template files and examples, and script in this article to help you bulk-create retention labels and publish them in retention label policies. Then, the retention labels can be applied by administrators and users.

The supplied instructions don't support retention labels that are auto-applied.


  1. In Excel, create a list of your retention labels and a list of their retention label policies.

  2. Use PowerShell to create the retention labels and retention label policies in those lists.


Step 1: Create a .csv file for the retention labels

  1. Copy the following sample .csv file for a template and example entries for four different retention labels, and paste them into Excel.

  2. Convert the text to columns: Data tab > Text to Columns > Delimited > Comma > General

  3. Replace the examples with entries for your own retention labels and settings. For more information about the parameter values, see New-ComplianceTag.

  4. Save the worksheet as a .csv file in a location that's easy to find for a later step. For example: C:>Scripts\Labels.csv


  • If the .csv file contains a retention label with the same name as one that already exists, the script skips creating that retention label. No duplicate retention labels are created.

  • Don't change or rename the column headers from the sample .csv file provided, or the script will fail.

Sample .csv file for retention labels

Name (Required),Comment (Optional),IsRecordLabel (Required),RetentionAction (Optional),RetentionDuration (Optional),RetentionType (Optional),ReviewerEmail (Optional)
LabelName_t_1,Record - keep and delete - 2 years,$true,KeepAndDelete,730,CreationAgeInDays,
LabelName_t_2,Keep and delete tag - 7 years,$false,KeepAndDelete,2555,ModificationAgeInDays,
LabelName_t_3,5 year delete,$false,Delete,1825,TaggedAgeInDays,
LabelName_t_4,Record label tag - financial,$true,Keep,730,CreationAgeInDays,

Step 2: Create a .csv file for the retention label policies

  1. Copy the following sample .csv file for a template and example entries for three different retention label policies, and paste them into Excel.

  2. Convert the text to columns: Data tab > Text to Columns > Delimited > Comma > General

  3. Replace the examples with entries for your own retention label policies and their settings. For more information about the parameter values for this cmdlet, see New-RetentionCompliancePolicy.

  4. Save the worksheet as a .csv file in a location that's easy to find for a later step. For example: <path>Policies.csv


  • If the .csv file contains a retention label policy with the same name as one that already exists, the script skips creating that retention label policy. No duplicate retention label policies are created.

  • Don't change or rename the column headers from the sample .csv file provided, or the script will fail.

Sample .csv file for retention policies

Policy Name (Required),PublishComplianceTag (Required),Comment (Optional),Enabled (Required),ExchangeLocation (Optional),ExchangeLocationException (Optional),ModernGroupLocation (Optional),ModernGroupLocationException (Optional),OneDriveLocation (Optional),OneDriveLocationException (Optional),PublicFolderLocation (Optional),SharePointLocation (Optional),SharePointLocationException (Optional),SkypeLocation (Optional),SkypeLocationException (Optional)
Publishing Policy Red1,"LabelName_t_1, LabelName_t_2, LabelName_t_3, LabelName_t_4",N/A,$true,All,,All,,All,,,All,,,
Publishing Policy Orange1,"LabelName_t_1, LabelName_t_2",N/A,$true,All,,,,,,,,,,
Publishing Policy Yellow1,"LabelName_t_3, LabelName_t_4",N/A,$false,All,,,,,,,,,,

Step 3: Create the PowerShell script

  1. Copy and paste the following PowerShell script into Notepad.

  2. Save the file by using a file name extension of .ps1 in a location that's easy to find. For example: <path>CreateRetentionSchedule.ps1


  • The script prompts you to provide the two source files that you created in the previous two steps:

    • If you don't specify the source file to create the retention labels, the script moves on to create the retention label policies.
    • If you don't specify the source file to create the retention label policies, the script creates the retention labels only.
  • The script generates a log file that records each action it took and whether the action succeeded or failed. See the final step for instructions how to locate this log file.

PowerShell script

. Steps: Import and publish retention labels
    - Load retention labels csv file
    - Validate csv file input
    - Create retention labels
    - Create retention policies
    - Publish retention labels for the policies
    - Generate the log for retention labels and policies creation
    - Generate the csv result for the labels and policies created
. Syntax
    .\Publish-ComplianceTag.ps1 [-LabelListCSV <string>] [-PolicyListCSV <string>]
. Detailed Description
    1) [-LabelListCSV <string>]
    -LabelListCSV ".\SampleInputFile_LabelList.csv"
    Load compliance tag for creation.
    2) [-PolicyListCSV <string>]
    -PolicyListCSV ".\SampleInputFile_PolicyList.csv"
    Load compliance tag for creation.
param (
    [Parameter(Mandatory = $true)]
    [string]$LabelListCSV = "",
    [Parameter(Mandatory = $true)]
    [string]$PolicyListCSV = "",
# -------------------
# File operation
# -------------------
Function FileExist
        # File path needed to check
        [Parameter(Mandatory = $true)]
    $inputFileExist = Test-Path $FilePath
    if (!$inputFileExist)
        if ($Warning -eq $false)
            WriteToLog -Type "Failed" -Message "[File: $FilePath] The file doesn't exist"
            WriteToLog -Type "Warning" -Message "[File: $FilePath] The file doesn't exist"
        WriteToLog -Type "Succeed" -Message "[File: $FilePath] The file is found"
# -------------------
# Log operation
# -------------------
Function WriteToLog
        # Message want to write to log file
        [Parameter(Mandatory = $true)]
        # "Succeed" or "Faild"
        [String]$Type = "Message"
    $date = Get-Date -Format 'HH:mm:ss'
    $logInfo = $date + " - [$Type] " + $Message
    $logInfo | Out-File -FilePath $logfilePath -Append
    if ($Type -eq "Succeed") { Write-Host $logInfo -ForegroundColor Green }
    elseif ($Type -eq "Failed") { Write-Host $logInfo -ForegroundColor Red }
    elseif ($Type -eq "Warning") { Write-Host $logInfo -ForegroundColor Yellow }
    elseif ($Type -eq "Start") { Write-Host $logInfo -ForegroundColor Cyan }
    else { Write-Verbose $logInfo }
Function Create-Log
        # Log folder Root
        [Parameter(Mandatory = $true)]
        # The function Log file for
        [Parameter(Mandatory = $true)]
    $logFolderPath = "$LogFolderRoot\logfiles"
    $folderExist = Test-Path "$logFolderPath"
    if (!$folderExist)
        $folder = New-Item "$logFolderPath" -type directory
    $date = Get-Date -Format 'MMddyyyy_HHmmss'
    $logfilePath = "$logFolderPath\Log_{0}_{1}.txt" -f $LogFunction, $date
    Write-Verbose "Log file is written to: $logfilePath"
    $logfile = New-Item $logfilePath  -type file
    return $logfilePath
Function Create-ResultCSV
        # Result folder Root
        [Parameter(Mandatory = $true)]
        # The function Result file for
        [Parameter(Mandatory = $true)]
    $retFolderPath = "$ResultFolderRoot\logfiles"
    $folderExist = Test-Path "$retFolderPath"
    if (!$folderExist)
        $folder = New-Item "$retFolderPath" -type directory
    $date = Get-Date -Format 'MMddyyyy_HHmmss'
    $retfilePath = "$retFolderPath\Result_{0}_{1}.csv" -f $ResultFunction, $date
    Write-Verbose "Result file is written to: $retfilePath"
    $retfile = New-Item $retfilePath  -type file
    return $retfilePath
# -------------------
# Prepare Log File
# -------------------
$scriptPath = '.\'
$logfilePath = Create-Log -LogFolderRoot $scriptPath -LogFunction "Publish_Compliance_Tag"
if ($ResultCSV)
    $tagRetFile = Create-ResultCSV -ResultFolderRoot $scriptPath -ResultFunction "Tag_Creation"
    $tagPubRetFile = Create-ResultCSV -ResultFolderRoot $scriptPath -ResultFunction "Tag_Publish"
# -------------------
# Invoke Powershell cmdlet
# -------------------
Function InvokePowerShellCmdlet
        [Parameter(Mandatory = $true)]
        WriteToLog -Type "Start" -Message "Execute Cmdlet : '$CmdLet'"
        return Invoke-Expression $CmdLet -ErrorAction SilentlyContinue
        WriteToLog -Type "Failed" "Failed to execute cmdlet!"
        WriteToLog -Type "Failed" $error[0]
        return $null
# -------------------
# Create Compliance Tag
# -------------------
Function CreateComplianceTag
        # File path needed to check
        [Parameter(Mandatory = $true)]

    WriteToLog -Type "Start" "Start to create Compliance Tag"
    FileExist $FilePath

    # TODO Validate CSV file for the Header
        # Import csv
        $labels = Import-Csv $FilePath
        # Retrieve existing compliance tags
        $tags = InvokePowerShellCmdlet "Get-ComplianceTag"
        foreach($lab in $labels)
            # Cmdlet parameters
            $para = [String]::Empty;
            $name = [String]::Empty;
            $cmdlet = 'New-ComplianceTag'
            if ([String]::IsNullOrEmpty($lab.'Name (Required)'))
                WriteToLog -Type "Failed" -Message "Could not acquire table for writing."
                $name = $lab.'Name (Required)'
                $cmdlet += " -Name '" + $name + "'"
            if (![String]::IsNullOrEmpty($lab.'Comment (Optional)'))
                $para = $lab.'Comment (Optional)'
                $cmdlet += " -Comment '" + $para + "'"
            if (![String]::IsNullOrEmpty($lab.'IsRecordLabel (Required)'))
                $para = $lab.'IsRecordLabel (Required)'
                $cmdlet += " -IsRecordLabel " + $para
            if (![String]::IsNullOrEmpty($lab.'RetentionAction (Optional)'))
                $para = $lab.'RetentionAction (Optional)'
                $cmdlet += " -RetentionAction " + $para
            if (![String]::IsNullOrEmpty($lab.'RetentionDuration (Optional)'))
                $para = $lab.'RetentionDuration (Optional)'
                $cmdlet += " -RetentionDuration " + $para
            if (![String]::IsNullOrEmpty($lab.'RetentionType (Optional)'))
                $para = $lab.'RetentionType (Optional)'
                $cmdlet += " -RetentionType " + $para
            if (![String]::IsNullOrEmpty($lab.'ReviewerEmail (Optional)'))
                $emails = $lab.'ReviewerEmail (Optional)'.Split(",") | ForEach-Object { $_.Trim() }
                if (($emails -ne $null) -and ($emails.Count -ne 0))
                    $eml = '@('
                    foreach($email in $emails)
                        $eml += "'{0}'," -f $email
                    $eml = $eml.Substring(0, $eml.Length - 1) + ')'

                    $cmdlet += " -ReviewerEmail " + $eml
            # If the tag already exists, skip for creation
            if (($tags -eq $null) -or ($tags | ? { $_.Name.ToLower() -eq $name.ToLower() }) -eq $null)
                # Create compliance tag
                $msg = "Execute Cmdlet : {0}" -f $cmdlet

                $ret = InvokePowerShellCmdlet $cmdlet

                if ($ret -eq $null)
                    WriteToLog -Type "Failed" $error[0]
                WriteToLog -Type "Warning" -Message "The tag '$name' already exists! Skip for creation!"
        WriteToLog -Type "Failed" "Error in input"
# -------------------
# Create Retention Compliance Policy
# -------------------
Function CreateRetentionCompliancePolicy
        # File path needed to check
        [Parameter(Mandatory = $true)]

    WriteToLog -Type "Start" "Start to Create Retention Policy"
    FileExist $FilePath
        # Import csv
        $list = Import-Csv -Path $FilePath
        # Retrieve existing retention compliance policy
        $policies = InvokePowerShellCmdlet "Get-RetentionCompliancePolicy"
        foreach($rp in $list)
            # Cmdlet parameters
            $para = [String]::Empty;
            $name = [String]::Empty;
            $rpid = [String]::Empty;
            $cmdlet = 'New-RetentionCompliancePolicy'
            if ([String]::IsNullOrEmpty($rp.'Policy Name (Required)'))
                WriteToLog -Type "Failed" -Message "Could not acquire table for writing."
               $name = $rp.'Policy Name (Required)'
               $cmdlet += " -Name '" + $name + "'"
            if ([String]::IsNullOrEmpty($rp.'Enabled (Required)'))
                WriteToLog -Type "Failed" -Message "Could not acquire table for writing."
                $enabled = $rp.'Enabled (Required)'
                $cmdlet += " -Enabled " + $enabled
            if (![String]::IsNullOrEmpty($rp.'ExchangeLocation (Optional)'))
                $para = $rp.'ExchangeLocation (Optional)'
                $cmdlet += " -ExchangeLocation " + $para

            if (![String]::IsNullOrEmpty($rp.'ExchangeLocationException (Optional)'))
                $para = $rp.'ExchangeLocationException (Optional)'
                $cmdlet += " -ExchangeLocationException " + $para
            if (![String]::IsNullOrEmpty($rp.'ModernGroupLocation (Optional)'))
                $para = $rp.'ModernGroupLocation (Optional)'
                $cmdlet += " -ModernGroupLocation " + $para
            if (![String]::IsNullOrEmpty($rp.'ModernGroupLocationException (Optional)'))
                $para = $rp.'ModernGroupLocationException (Optional)'
                $cmdlet += " -ModernGroupLocationException " + $para
            if (![String]::IsNullOrEmpty($rp.'OneDriveLocation (Optional)'))
                $para = $rp.'OneDriveLocation (Optional)'
                $cmdlet += " -OneDriveLocation " + $para
            if (![String]::IsNullOrEmpty($rp.'OneDriveLocationException (Optional)'))
                $para = $rp.'OneDriveLocationException (Optional)'
                $cmdlet += " -OneDriveLocationException " + $para
            if (![String]::IsNullOrEmpty($rp.'SharePointLocation (Optional)'))
                $para = $rp.'SharePointLocation (Optional)'
                $cmdlet += " -SharePointLocation " + $para
            if (![String]::IsNullOrEmpty($rp.'SharePointLocationException (Optional)'))
                $para = $rp.'SharePointLocationException (Optional)'
                $cmdlet += " -SharePointLocationException " + $para
            if (![String]::IsNullOrEmpty($rp.'PublicFolderLocation (Optional)'))
                $para = $rp.'PublicFolderLocation (Optional)'
                $cmdlet += " -PublicFolderLocation " + $para
            if (![String]::IsNullOrEmpty($rp.'SkypeLocation (Optional)'))
                $para = $rp.'SkypeLocation (Optional)'
                $cmdlet += " -SkypeLocation " + $para
            if (![String]::IsNullOrEmpty($rp.'SkypeLocationException (Optional)'))
                $para = $rp.'SkypeLocationException (Optional)'
                $cmdlet += " -SkypeLocationException " + $para
            # If the policy already exists, skip for creation
            if (($policies -eq $null) -or ($policies | ? { $_.Name.ToLower() -eq $name.ToLower() }) -eq $null)
                # Create retention compliance policy
                $msg = "Execute Cmdlet : {0}" -f $cmdlet

                $ret = invokepowershellcmdlet $cmdlet

                if ($ret -eq $null)
                    WriteToLog -Type "Failed" $error[0]
                $rpid = $ret.Guid
                WriteToLog -Type "Warning" -Message "The policy '$name' already exists! Skip for creation!"
                $rpid = ($policies | ? { $_.Name.ToLower() -eq $name.ToLower() }).Guid

            # Retrieve tag name for publishing
            $ts = $rp.'PublishComplianceTag (Required)'
            $tagList = $ts.Split(",") | ForEach-Object { $_.Trim() }

            WriteToLog -Type "Message" -Message "Publish Tags : '$ts'"

            PublishComplianceTag -PolicyGuid $rpid -TagName $tagList
        WriteToLog -Type "Failed" "Error in input"
# -------------------
# Publish Compliance Tag
# -------------------
Function PublishComplianceTag
        [Parameter(Mandatory = $true)]
        [Parameter(Mandatory = $true)]

    WriteToLog -Type "Start" "Start to Publish Compliance Tag"
        # Retrieve existing rule related to the given compliance policy
        $rule = InvokePowerShellCmdlet ("Get-RetentionComplianceRule -Policy {0}" -f $PolicyGuid)
        $tagGuids = New-Object System.Collections.ArrayList

        foreach ($tn in $TagNames)
            $t = InvokePowerShellCmdlet ("Get-ComplianceTag {0}" -f $tn)
            $tagGuids.Add($t.Guid) | Out-Null
        if ($rule -ne $null)
            foreach ($r in $rule)
                if ([String]::IsNullOrEmpty($r.PublishComplianceTag))
                    $tl = $r.PublishComplianceTag.Split(",")
                    if ($tagGuids.Contains([GUID]$tl[0]))

        foreach($t in $tagGuids)
            # Publish compliance tag
            $cmdlet = "New-RetentionComplianceRule -Policy {0} -PublishComplianceTag {1}" -f $PolicyGuid, $t
            $ret = InvokePowerShellCmdlet $cmdlet

            if ($ret -eq $null)
                WriteToLog -Type "Failed" $error[0]
        WriteToLog -Type "Failed" "Error in input"
# -------------------
# Export All Labels Created in The Process
# -------------------
Function ExportCreatedComplianceTag
        [Parameter(Mandatory = $true)]

    WriteToLog -Type "Start" "Start to Export Compliance Tag Created"
        # Import input csv
        $labels = Import-Csv $LabelFilePath
        # Create result table
        $tabName = "ResultTable"
        $table = New-Object system.Data.DataTable "$tabName"
        $col1 = New-Object system.Data.DataColumn Name,([string])
        $col2 = New-Object system.Data.DataColumn Comment,([string])
        $col3 = New-Object system.Data.DataColumn IsRecordLabel,([string])
        $col4 = New-Object system.Data.DataColumn RetentionAction,([string])
        $col5 = New-Object system.Data.DataColumn RetentionDuration,([string])
        $col6 = New-Object system.Data.DataColumn RetentionType,([string])
        $col7 = New-Object system.Data.DataColumn ReviewerEmail,([string])

        # Add the Columns
        foreach($lab in $labels)
            $t = InvokePowerShellCmdlet ("Get-ComplianceTag '{0}' " -f $lab.'Name (Required)')

            # Create a result row
            $row = $table.NewRow()
            $row['Name'] = $t.Name
            $row['Comment'] = $t.Comment
            $row['IsRecordLabel'] = $t.IsRecordLabel
            $row['RetentionAction'] = $t.RetentionAction
            $row['RetentionDuration'] = $t.RetentionDuration
            $row['RetentionType'] = $t.RetentionType
            $row['ReviewerEmail'] = $t.ReviewerEmail

            # Add the row to the table
        $table | Export-Csv $tagRetFile -NoTypeInformation
        WriteToLog -Type "Failed" "Error in exporting results."
# -------------------
# Export All Published Labels and Policies in The Process
# -------------------
Function ExportPublishedComplianceTagAndPolicy
        [Parameter(Mandatory = $true)]

    WriteToLog -Type "Start" "Start to Export Published Compliance Tag and Policy"
        # Import input csv
        $policies = Import-Csv $PolicyFilePath
        # Create result table
        $tabName = "ResultTable"
        $table = New-Object system.Data.DataTable "$tabName"
        $col1 = New-Object system.Data.DataColumn 'Policy Name',([string])
        $col2 = New-Object system.Data.DataColumn PublishComplianceTag,([string])
        $col3 = New-Object system.Data.DataColumn Comment,([string])
        $col4 = New-Object system.Data.DataColumn Enabled,([string])
        $col5 = New-Object system.Data.DataColumn ExchangeLocation,([string])
        $col6 = New-Object system.Data.DataColumn ExchangeLocationException,([string])
        $col7 = New-Object system.Data.DataColumn ModernGroupLocation,([string])
        $col8 = New-Object system.Data.DataColumn ModernGroupLocationException,([string])
        $col9 = New-Object system.Data.DataColumn OneDriveLocation,([string])
        $col10 = New-Object system.Data.DataColumn OneDriveLocationException,([string])
        $col11 = New-Object system.Data.DataColumn PublicFolderLocation,([string])
        $col12 = New-Object system.Data.DataColumn SharePointLocation,([string])
        $col13 = New-Object system.Data.DataColumn SharePointLocationException,([string])
        $col14 = New-Object system.Data.DataColumn SkypeLocation,([string])
        $col15 = New-Object system.Data.DataColumn SkypeLocationException,([string])

        # Add the Columns
        foreach($policy in $policies)
            $t = InvokePowerShellCmdlet ("Get-RetentionCompliancePolicy '{0}' -DistributionDetail" -f $policy.'Policy Name (Required)')

            # Create a result row
            $row = $table.NewRow()
            $row['Policy Name'] = $t.Name

            $rules = InvokePowerShellCmdlet ("Get-RetentionComplianceRule -Policy {0}" -f $t.Guid)
            $tagList = [String]::Empty
            foreach($rule in $rules)
                if ([String]::IsNullOrEmpty($rule.PublishComplianceTag) -eq $False)
                    $tName = $rule.PublishComplianceTag.Split(',')[1]
                    $tagList = [String]::Concat($tagList, $tName, ",")
            if (![String]::IsNullOrEmpty($tagList))
                $tagList = $tagList.Substring(0, $tagList.LastIndexOf(','))
            $row['PublishComplianceTag'] = $tagList
            $row['Comment'] = $t.Comment
            $row['Enabled'] = $t.Enabled
            $row['ExchangeLocation'] = $t.ExchangeLocation
            $row['ExchangeLocationException'] = $t.ExchangeLocationException
            $row['ModernGroupLocation'] = $t.ModernGroupLocation
            $row['ModernGroupLocationException'] = $t.ModernGroupLocationException
            $row['OneDriveLocation'] = $t.OneDriveLocation
            $row['OneDriveLocationException'] = $t.OneDriveLocationException
            $row['PublicFolderLocation'] = $t.PublicFolderLocation
            $row['SharePointLocation'] = $t.SharePointLocation
            $row['SharePointLocationException'] = $t.SharePointLocationException
            $row['SkypeLocation'] = $t.SkypeLocation
            $row['SkypeLocationException'] = $t.SkypeLocationException

            # Add the row to the table
        $table | Export-Csv $tagPubRetFile -NoTypeInformation
        WriteToLog -Type "Failed" "Error in exporting results."
# Create compliance tag
CreateComplianceTag -FilePath $LabelListCSV
# Create retention policy and publish compliance tag with the policy
CreateRetentionCompliancePolicy -FilePath $PolicyListCSV
# Export to result csv
if ($ResultCSV)
    ExportCreatedComplianceTag -LabelFilePath $LabelListCSV
    ExportPublishedComplianceTagAndPolicy -PolicyFilePath $PolicyListCSV

Step 4: Run the PowerShell script

First, Connect to Security & Compliance PowerShell.

Then, run the script that creates and publishes the retention labels:

  1. In your Security & Compliance PowerShell session, enter the path, followed by the characters .\ and the file name of the script, and then press ENTER to run the script. For example:

  2. The script prompts you for the locations of the .csv files that you created in the previous steps. Enter the path, followed by the characters .\ and file name of the .csv file, and then press ENTER. For example, for the first prompt:


Step 5: View the log file with the results

Use the log file that the script created to check the results and identify any failures that need resolving.

You can find the log file at the following location, although the digits in the example file name vary.
