Learn about retention for Copilot for Microsoft 365

  • Article

Microsoft 365 licensing guidance for security & compliance.

Note

Microsoft Copilot for Microsoft 365 messages are automatically included in the retention policy location named Teams chats and Copilot interactions because they are retained and deleted by using the same mechanisms. Users don't have to be using Teams for the retention policy to apply to Copilot for Microsoft 365.

The information in this article supplements Learn about retention because it has information that's specific to Microsoft Teams messages and interactions with Microsoft Copilot for Microsoft 365.

For other workloads, see:

For more information about Microsoft Purview integration with Copilot, see Microsoft Purview data security and compliance protections for generative AI apps.

Tip

If you're not an E5 customer, use the 90-day Microsoft Purview solutions trial to explore how additional Purview capabilities can help your organization manage data security and compliance needs. Start now at the Microsoft Purview compliance portal trials hub. Learn details about signing up and trial terms.

What's included for retention and deletion

Retention policies for the location Teams chats and Copilot interactions include user prompts to Microsoft Copilot for Microsoft 365, and the Copilot responses to users. These messages can be retained and deleted for compliance reasons.

User prompts include text that users type, and selecting Microsoft Copilot for Microsoft 365 prompts that are captured as a prepopulated message. Copilot responses include text, links, and references. Because messages to indicate that a response is in progress don't have business value, these messages aren't captured.

How retention works with Microsoft Copilot for Microsoft 365

Use this section to understand how your compliance requirements are met by backend storage and processes, and should be verified by eDiscovery tools rather than by messages that are currently visible in Copilot.

You can use a retention policy to retain data from messages in Microsoft Copilot for Microsoft 365, and delete those messages. Behind the scenes, Exchange mailboxes are used to store data copied from these messages. Data from Copilot messages is stored in a hidden folder in the mailbox of the user who runs Copilot. This hidden folder isn't designed to be directly accessible to users or administrators, but instead, store data that compliance administrators can search with eDiscovery tools.

The Exchange mailbox for retaining Microsoft Copilot for Microsoft 365 messages has the RecipientTypeDetails attribute of UserMailbox, which also stores message data for Teams private channels and cloud-based Teams users.

After a retention policy is configured for Microsoft Copilot for Microsoft 365 interactions, a timer job from the Exchange service periodically evaluates items in the hidden mailbox folder where these messages are stored. The timer job typically takes 1-7 days to run. When these items have expired their retention period, they're moved to the SubstrateHolds folder—another hidden folder that's in every user mailbox to store "soft-deleted" items before they're permanently deleted.

Messages remain in the SubstrateHolds folder for at least 1 day, and then if they're eligible for deletion, the timer job permanently deletes them the next time it runs.

Important

Because of the first principle of retention and since Copilot messages are stored in Exchange Online mailboxes, permanent deletion from the SubstrateHolds folder is always suspended if the mailbox is affected by another Copilot or Teams retention policy for the same location, Litigation Hold, delay hold, or if an eDiscovery hold is applied to the mailbox for legal or investigative reasons.

After a retention policy is configured for Microsoft Copilot for Microsoft 365, the paths the content takes depend on whether the retention policy is to retain and then delete, to retain only, or delete only.

When the retention policy is to retain and then delete:

Diagram of retention flow for Microsoft Copilot for Microsoft 365 messages.

In most scenarios, Copilot messages aren't removed. For example, they remain but are hidden when users close a chat window or close the app. However, Copilot messages are removed in the following scenarios:

For the two paths in the diagram:

  1. If messages are removed from Copilot, the message is moved to the SubstrateHolds folder where it remains for at least 1 day. When the retention period expires, the message is permanently deleted the next time the timer job runs (typically between 1-7 days).

  2. If messages remain in Copilot after the retention period expires, the message is copied to the SubstrateHolds folder. This action typically takes between 1-7 days from the expiry date. When the message is in the SubstrateHolds folder, it's stored there for at least 1 day, and then the message is permanently deleted the next time the timer job runs (typically between 1-7 days).

Note

Messages stored in mailboxes, including the hidden folders, are searchable by eDiscovery tools. Until messages are permanently deleted from the SubstrateHolds folder, they remain searchable by eDiscovery tools.

When the retention period expires and copies a message to the SubstrateHolds folder, a delete operation is communicated to the backend service for Copilot, that then relays the same operation to the user app with Copilot. Delays in this communication or caching can explain why, for a short period of time, users continue to see these messages in Copilot.

Important

Messages visible in Copilot are not an accurate reflection of whether they are retained or permanently deleted for compliance requirements.

When the retention policy is retain-only, or delete-only, the content's paths are variations of retain and delete.

Content paths for retain-only retention policy

  1. If messages are removed from Copilot the message is moved to the SubstrateHolds folder after the retention period expires. This action typically takes between 1-7 days from the expiry date. If the retention policy is configured to retain forever, the item remains there. If the retention policy has an end date for the retention period and it expires, the message is permanently deleted the next time the timer job runs (typically between 1-7 days).

  2. If messages remain in Copilot after the retention period expires, nothing happens before and after the retention period; the message remains in its original location.

Content paths for delete-only retention policy

  1. If messages are removed from Copilot during the retention period, the message is moved to the SubstrateHolds folder. The message is stored in the SubstrateHolds folder for at least 1 day and permanently deleted the next time the timer job runs (typically between 1-7 days).

  2. If messages remain in Copilot after the retention period expires, the message is copied to the SubstrateHolds folder. This action typically takes between 1-7 days from the expiry date. The message is retained there for at least 1 day and then permanently deleted the next time the timer job runs (typically between 1-7 days).

Example flows and timings for retention policies

Use the following examples to see how the processes and timings explained in the previous sections apply to retention policies that have the following configurations:

For all examples that refer to permanent deletion, because of the principles of retention, this action is suspended if the message is subject to another retention policy to retain the item or it's subject to an eDiscovery hold.

Example 1: Retain for 30 days and then delete

On day 1, a user sends a prompt to Microsoft Copilot for Microsoft 365 and the prompt is removed after 10 days.

Retention outcome:

  • After day 10, the message is moved to the SubstrateHolds folder, where it can still be searched with eDiscovery tools.
  • At the end of the retention period (30 days from day 1), the message is permanently deleted typically within 1-7 days after the minimum of 1 day, and then won't be returned with eDiscovery searches.
Example 2: Delete-only after 1 day

Note

Because of the short one-day duration of this configuration and retention processes that operate within a time period of 1-7 days, this section shows example timings that are within the typical time ranges.

On day 1, a user sends a prompt to Microsoft Copilot for Microsoft 365 and this prompt isn't removed from Copilot.

Example retention outcome if the user's prompt isn't removed:

  • Day 5 (typically 1-7 days after the start of the retention period on day 2):

    • The message is copied to the SubstrateHolds folder and remains there for at least 1 day.

  • Day 9 (typically 1-7 days after a minimum of 1 day in the SubstrateHolds folder):

    • The message is permanently deleted and then won't be returned with eDiscovery searches.

As this example shows, although you can configure a retention policy to delete messages after just one day, the service undergoes multiple processes to ensure a compliant deletion. As a result, a delete action after 1 day could take 16 days before the message is permanently deleted so that it's no longer returned in eDiscovery searches.

When a user leaves the organization

If a user leaves your organization and their Microsoft 365 account is deleted, their Copilot messages that are subject to retention are stored in an inactive mailbox. The Copilot messages remain subject to any retention policy that was placed on the user before their mailbox was made inactive, and the contents are available to an eDiscovery search. For more information, see Learn about inactive mailboxes.

Configuration guidance

If you're new to configuring retention in Microsoft 365, see Get started with data lifecycle management.

If you're ready to configure a retention policy for Microsoft Copilot for Microsoft 365 interactions, see Create and configure retention policies.