Aracılığıyla paylaş


Get started with data lifecycle management

Microsoft 365 licensing guidance for security & compliance.

Ready to start managing the lifecycle of your organization's data by retaining the content that you need to keep, and deleting the content that you don't? To get started, use the following guidance for Microsoft Purview Data Lifecycle Management (formerly Microsoft Information Governance):

  1. Understand how retention and deletion works in Microsoft 365, and then identify the workloads that need a retention policy and whether you need to create retention labels for exceptions: Learn about retention

    Note

    If you need to manage high-value items for business, legal, or regulatory record-keeping requirements: Use retention labels with records management rather than data lifecycle management.

  2. Create retention policies for the workloads you identified, specifying retention settings and actions that are required by your organization policies or industry regulations: Create retention policies

    If needed, create and apply retention labels for your exceptions.

  3. Enable mailbox archiving to provide users with additional mailbox storage space: Enable archive mailboxes in Microsoft 365

    If required to support archive mailboxes:

  4. Understand and manage inactive mailboxes that retain mailbox content after employees leave the organization: Learn about inactive mailboxes

  5. If you have PST files that contain data you want to govern: Import PST files to online mailboxes by using network upload or drive shipping: Learn about importing your organization's PST files

Tip

If you're not an E5 customer, use the 90-day Microsoft Purview solutions trial to explore how additional Purview capabilities can help your organization manage data security and compliance needs. Start now at the Microsoft Purview compliance portal trials hub. Learn details about signing up and trial terms.

Subscription and licensing requirements

A number of different subscriptions support data lifecycle management capabilities.

To see the options for licensing your users to benefit from Microsoft Purview features, see the Microsoft 365 licensing guidance for security & compliance. For the features listed on this page, see the Microsoft Purview Data Lifecycle Management & Microsoft Purview Records Management section for feature-level licensing requirements.

Permissions

Important

Microsoft recommends that you use roles with the fewest permissions. Minimizing the number of users with the Global Administrator role helps improve security for your organization. Learn more about Microsoft Purview roles and permissions.

See the following section for information about roles and role groups to manage Microsoft 365 retention.

For permissions to manage mailboxes for archiving, inactive mailboxes, and import, these typically require Exchange permissions, such as the Mail Recipients role. By default, this role is assigned to the Recipient Management and Organization Management role groups. For the exact permissions requirement for each management task, see the documentation that accompanies the admin instructions.

Permissions for retention policies and retention labels

Members of your compliance team who will create and manage retention policies and retention labels need permissions to the Microsoft Purview portal or the Microsoft Purview compliance portal. To grant permissions for this limited administration, we recommend that you add users to the Compliance Administrator admin role group.

Alternatively to using this default role, you can create a new role group and add the Retention Management role to this group. For a read-only role, use View-Only Retention Management.

For instructions to add users to the default roles or create your own role groups, use the following guidance, depending on the portal you're using:

These permissions are required only to create, configure, and apply retention policies and retention labels. The person configuring these policies and labels doesn't require access to the content.

Support for administrative units

Data lifecycle management supports administrative units that have been configured in Microsoft Entra ID:

  • You can assign administrative units to members of custom role groups and any others that support administrative units. For example, role groups used with Microsoft Purview Records Management. Edit these role groups and select individual members, and then the Assign admin units option to select administrative units from Microsoft Entra ID. These administrators are now restricted to managing just the users in those administrative units.

  • You can define the initial scope of retention policies and retention label policies when you create or edit these policies. When you select administrative units, only the users in those administrative units will be eligible for the policy.

Important

Don't select administrative units for a policy that you want to apply to SharePoint sites or to Exchange public folders. Because administrative units support only users and groups, if you configure policy for retention to use administrative units, you won't be able to select the locations for SharePoint sites or Exchange public folders.

  • Both adaptive scopes and static scopes support administrative units.

  • Additional impact for restricted administrators

    • Policy lookup: Restricted administrators will see policies only from users within their assigned administrative units
    • Import PST files: Restricted administrators won't be able to use the network upload feature to bulk-import PST files to Microsoft 365 mailboxes
    • Exchange legacy features: Restricted administrators won't be able to configure the Exchange legacy features of retention policies and retention tags from messaging records management (MRM), and journaling rules
  • Currently, retention labels don't support administrative units.

  • Currently, a restricted administrator can create and view adaptive scopes for all administrative units when they use PowerShell cmdlets.

  • Currently, inactive mailboxes aren't supported in a policy when you select one or more administrative units. To include inactive mailboxes in the policy, you must be an unrestricted administrator and select Full directory.

For more information about how Microsoft Purview supports administrative units, see Administrative units.

Common scenarios

Use the following table to help you map your business requirements to the most common scenarios for data lifecycle management.

I want to ... Documentation
Efficiently retain or delete data for Microsoft 365 services and Copilot interactions:
- Exchange
- SharePoint
- OneDrive
- Microsoft 365 Groups
- Teams and Copilot
- Viva Engage
- Skype for Business
Create and configure retention policies
Automatically retain content that's deleted by users who have been identified as having an elevated risk level Dynamically mitigate the risk of accidental or malicious deletes
Provide users with additional mailbox storage Enable archive mailboxes in Microsoft 365
Retain mailbox data after employees leave the organization Create and manage inactive mailboxes
Upload mailbox data from PST files Use network upload to import PST files

For scenarios that require data management of individual items, see the common scenarios for records management.

End-user documentation

See the following section for information about end-user documentation to support Microsoft 365 retention.

The data lifecycle management capabilities for inactive mailboxes and import of PST files don't require end-user documentation because these are admin operations only. To help users understand and interact with their archive mailboxes in Outlook after you've enabled this capability, see Manage email storage with online archive mailboxes.

End-user documentation for retention and deletion

Most retention policies work unobtrusively in the background without user interaction, and so need little documentation for users. Retention policies for Teams inform users when their messages have been deleted with a link to Teams messages about retention policies.

However, if you supplement retention policies with retention labels, these labels do have a UI presence in Microsoft 365 apps. Before you deploy these labels to your production network, make sure you provide information and instructions for end users and your help desk. To help users apply retention labels in SharePoint and OneDrive, see Apply retention labels to files in SharePoint or OneDrive.

The most effective end-user documentation will always be customized guidance and instructions you provide for the retention label names and configurations you choose. See the following page and downloads that you can use to help train your users: End User Training for Retention Labels.