Previous

Next

Govern organizational data using Microsoft Purview Data Lifecycle Management

Completed

Microsoft Purview Data Lifecycle Management provides organizations with tools and capabilities to retain the content they need to keep and delete the content they don't. Organizations must often retain and delete content for compliance and regulatory requirements. However, deleting content that no longer has business value also helps organizations manage risk and liability. For example, it reduces an organization's attack surface.

Retention policies are the cornerstone for data lifecycle management. Organizations should use these policies for Microsoft 365 workloads that include Exchange, SharePoint, OneDrive, Teams, and Yammer. The organization should configure the retention period for the content in these services. It doesn't matter if the organization must retain the data indefinitely or for a specific period if users edit or delete it. Or, if the data is still available, the organization can configure the policy to permanently delete the content automatically after a specified period. The policy can combine these two actions for retention and then deletion. This scenario is a typical configuration. For example, retain email for three years and then delete it.

When you configure a retention policy, you can target one of the following instances:

• All instances in your organization, such as all mailboxes and all SharePoint sites.
• Individual instances, such as only the mailboxes for specific departments or regions, or selected SharePoint sites.

Organizations sometimes need exceptions for individual emails or documents. For example, they may require a longer retention period for legal documents. Organizations can create these exceptions be using retention labels they publish to apps. By doing so, users can apply them, or automatically apply them by inspecting the content.

Additional reading. For more information about retention policies and retention labels, and how retention works in Microsoft 365, see Learn about retention policies and retention labels.

Note

Some organizations must manage high-value items for business, legal, or regulatory record-keeping requirements. In these scenarios, use retention labels with records management rather than retention labels with data lifecycle management.

Other data lifecycle management capabilities to help organizations keep what they need and delete what they don't include:

• Mailbox archiving. Provides users with extra mailbox storage space. Also provides autoexpanding archiving for mailboxes that need more than 100 GB of storage. A default archiving policy automatically moves email to the archive mailbox. If necessary, you can customize this policy. For more information about mailbox archiving, see Learn about archive mailboxes.
• Inactive mailboxes. They retain mailbox content after employees leave the organization. For more information about inactive mailboxes, see Learn about inactive mailboxes.
• Import service for PST files. To do so, use network upload or drive shipping. For more information, see Learn about importing your organization's PST files.

Get started with Microsoft Purview Data Lifecycle Management

Organizations govern their data when they retain the content they must keep and delete the content they don't. In doing so, they should use the following guidance for Microsoft Purview Data Lifecycle Management:

1. Understand how retention and deletion works in Microsoft 365. Based on this knowledge, the organization can then identify the workloads that need a retention policy and whether it must create retention labels for exceptions. For more information, see Learn about retention.

   Note

   Organizations that manage high-value items for business, legal, or regulatory record-keeping requirements should use retention labels with records management rather than data lifecycle management.

2. Create retention policies for the workloads you identified. Specify retention settings and actions that your organization policies or industry regulations require. For more information, see Create retention policies.

   If needed, create and apply retention labels for your exceptions.

3. Enable mailbox archiving. Archiving provides users with extra mailbox storage space. For more information, see Enable archive mailboxes in the Microsoft Purview compliance portal.

   When organizations must support archive mailboxes, they should:

   • Enable autoexpanding archiving for mailboxes that need more than 100 GB of storage.
   • Use retention tags with a retention policy from messaging records management (MRM) if you either need to:
     • Customize how to automatically move emails from a user's primary mailbox to their archive mailbox.
     • Specify retention and deletion settings for specific folders rather than the whole mailbox.

4. Understand and manage inactive mailboxes. Focus on inactive mailboxes that retain mailbox content after employees leave the organization. For more information, see Learn about inactive mailboxes.

5. Import PST files. If you have PST files that contain data you want to govern, import the files to online mailboxes by using network upload or drive shipping. For more information, see Learn about importing your organization's PST files.

Subscription and licensing requirements

Many different subscriptions support data lifecycle management capabilities. To see the options for licensing your users to benefit from Microsoft Purview features, see the Microsoft 365 licensing guidance for security & compliance.

Permissions

Permissions to manage mailboxes for archiving, inactive mailboxes, and import usually require Exchange permissions, such as the Mail Recipients role. By default, Microsoft 365 assigns this role to the Recipient Management and Organization Management role groups.

Permissions for retention policies and retention labels

Members of your compliance team who create and manage retention policies and retention labels need permissions to the Microsoft Purview compliance portal. By default, the tenant admin (Global Administrator) has access to this location and can give compliance officers and other people access without giving them all the permissions of a tenant admin. To grant permissions for this limited administration, Microsoft recommends that you add users to the Compliance Administrator admin role group.

As an alternative to using this default role, you can create a new role group and add the Retention Management role to this group. For a read-only role, use View-Only Retention Management.

For instructions to add users to the default roles or create your own role groups, see Permissions in the Microsoft Purview compliance portal.

Organizations only need to assign these permissions to create, configure, and apply retention policies and retention labels. The person configuring these policies and labels doesn't require access to the content.

Common scenarios

Use the following table to help you map your business requirements to the most common scenarios for data lifecycle management.

I want to...	Documentation
Efficiently retain or delete data for Microsoft 365 services: - Exchange - SharePoint - OneDrive - Microsoft 365 Groups - Teams - Yammer - Skype for Business	Create and configure retention policies
Provide users with extra mailbox storage.	Enable archive mailboxes in the Microsoft Purview compliance portal
Retain mailbox data after employees leave the organization.	Create and manage inactive mailboxes
Upload mailbox data from PST files.	Use network upload to import PST files

If you have a scenario that requires data management of individual items, see the common scenarios for records management.

End-user documentation

The Microsoft Purview Data Lifecycle Management capabilities that support mailbox management (archiving, inactive mailboxes, and import) typically don't require end-user documentation.

End-user documentation for retention and deletion

Most retention policies work unobtrusively in the background without user interaction. As such, end users need little documentation. Retention policies for Teams inform users when they deleted their messages with a link to Teams messages about retention policies.

However, if you supplement retention policies with retention labels, these labels do have a UI presence in Microsoft 365 apps. Before you deploy these labels to your production network, ensure you provide information and instructions for end users and your help desk. To help users apply retention labels in SharePoint and OneDrive, see Apply retention labels to files in SharePoint or OneDrive.

The most effective end-user documentation is always customized guidance and instructions. In this case, it's the documentation you provide for the retention label names and configurations you choose.

Additional reading. For more information, see the following article for downloads that you can use to help train your users: End User Training for Retention Labels.

Knowledge check

Choose the best response for the following question. Then select “Check your answers.”

Check your knowledge

1.

Fabrikam is ready to start governing its data by retaining the content that it must keep and deleting the content that it doesn't. As part of this project, it's following guidance from Microsoft Purview Data Lifecycle Management. Based on that information, Fabrikam determined that it must support archive mailboxes. What should it do for mailboxes that need more than 100 GB of storage?

Use retention labels with records management rather than data lifecycle management

Create and configure retention policies

Enable autoexpanding archiving

You must answer all questions before checking your work.

Continue