Explore retention by using retention policies and retention labels
For most organizations, the volume and complexity of their data is increasing daily—email, documents, instant messages, and more. Effectively managing or governing this information is important because organizations need to:
- Comply proactively with industry and government regulations and internal policies that require them to store content for a minimum period of time. For example, some government regulations require organizations to store certain types of content for seven years.
- Reduce their risk if there's litigation or a security breach by permanently deleting old content they no longer need to keep.
- Share knowledge effectively and be more agile by ensuring that their users work only with content that's current and relevant to them.
Retention settings that organizations configure can help them achieve these goals. Managing content commonly requires two actions:
- Retain content. Prevent permanent deletion and remain available for eDiscovery.
- Delete content. Permanently delete content from the organization.
With these two retention actions, organizations can configure retention settings for the following outcomes:
- Retain-only. Keep content forever or for a specified period of time.
- Delete-only. Permanently delete content after a specified period of time.
- Retain and then delete. Keep content for a specified period of time and then permanently delete it.
These retention settings that work with content in place saves organizations the extra overhead of creating and configuring extra storage when they need to retain content for compliance reasons. They also save organizations from having to implement customized processes to copy and synchronize this data.
How retention settings work with content in place
Organizations use retention policies to implement retention settings. Retention policies enable organizations to proactively decide whether to retain content, delete content, or retain and then delete the content. A retention policy enables organizations to efficiently manage their data. It does so by assigning retention settings at the container level, which the contents of the container automatically inherit.
When content has retention settings assigned to it, users can continue to edit and work with the content as if nothing changed. They're able to do so because the system retains the content in place, in its original location. But what happens if users edit or delete content included in the retention policy? In that case, the system saves a copy of the content as it appeared when it applied the policy to a secure location. It keeps the copy in its original state in this location while the policy is in effect.
For SharePoint and OneDrive sites, the system keeps a copy of the original content in the Preservation Hold library when users edit or delete it.
Note
The system includes the Preservation Hold library in the site's storage quota. As such, an organization may need to increase its storage when it uses retention settings for SharePoint and Microsoft 365 groups.
For Exchange mailboxes, the system retains the copy in the Recoverable Items folder.
For Teams and Yammer messages, the system retains the copy in a hidden folder named SubstrateHolds. This folder is a subfolder in the Exchange Recoverable Items folder.
These secure locations and the retained content aren't visible to most people. In most cases, people don't even need to know that their content is subject to retention settings.
Additional reading. For detailed information about how retention settings work for different workloads, see the following articles:
- Learn about retention for SharePoint and OneDrive.
- Learn about retention for Microsoft Teams.
- Learn about retention for Yammer.
- Learn about retention for Exchange.
Retention policies and retention labels
An organization can assign its retention settings to content by using retention policies or retention labels with label policies. An organization can use Just one of these methods, or it can combine them together.
A retention policy can assign the same retention settings for content at a site or mailbox level. It can also use a retention label to assign retention settings at an item level, such as a folder, document, or email.
For example, let's assume that Contoso wants to retain all documents in a SharePoint site for five years. It's more efficient to implement this plan with a retention policy than to apply the same retention label to all documents in that site. However, if the company must retain some of the documents in that site for five years and others for 10 years, a retention policy wouldn't be able to accommodate this situation. When you need to specify retention settings at the item level, you must use retention labels.
Unlike retention policies, retention settings from retention labels travel with the content if you move it to a different location within your company's Microsoft 365 tenant. In addition, retention labels have the following capabilities that retention policies don't support:
- Options to start the retention period from when the content was:
- Labeled
- Based on an event
- Created (the age of the content)
- Last modified
- Use trainable classifiers to identify content to label.
- Apply a default label for SharePoint items or Exchange messages.
- Supported actions at the end retention period:
- Disposition review to review the content before you permanently delete it.
- Automatically apply another retention label.
- Mark the content as a record as part of the label settings.
- Have proof of disposition when you delete content at the end of its retention period.
Retention policies
Organizations can apply retention policies to the following locations:
- Exchange email
- SharePoint site
- OneDrive accounts
- Microsoft 365 Groups
- Skype for Business
- Exchange public folders
- Teams channel messages
- Teams chats
- Teams private channel messages
- Yammer community messages
- Yammer user messages
Organizations can efficiently apply a single policy to multiple locations, or to specific locations or users.
When an organization determines the date to use as the start of the retention period, it can choose either the content's create date or last modified date. The system only supports using the last modified date for files and the SharePoint, OneDrive, and Microsoft 365 Groups locations.
Items inherit the retention settings from the container specified in the retention policy. Let's assume an administrator configured the retention policy to retain content. In this situation, if someone later moves the items outside that container, the system retains a copy of that item in the workload's secured location. However, the retention settings don't travel with the content in its new location. If you require the retention settings to travel with the content to its new location, then use retention labels instead of retention policies.
Retention labels
Organizations should use retention labels for different types of content that require different retention settings. For example:
- An organization must retain its tax forms for a minimum period of time.
- An organization wants to permanently delete press materials when they reach a specific age.
- An organization wants to retain competitive research for a specific period, after which it wants to permanently delete the research.
- An organization must mark work visas as a record so that users can't edit or delete them.
Important
In all these cases, retention labels let you apply retention settings for governance control at the item level (document or email).
With retention labels, organizations can:
- Enable their users to apply a retention label manually to content in Outlook and Outlook on the web, OneDrive, SharePoint, and Microsoft 365 groups. Users often know best what type of content they're working with. As such, they can classify it and have the appropriate retention settings applied.
- Apply retention labels to content automatically if it matches specific conditions. These conditions include cloud attachments that users share in email or Teams, or when the content contains:
- Specific types of sensitive information.
- Specific keywords that match a query you create.
- Pattern matches for a trainable classifier.
- Start the retention period from when the organization labeled the content for documents in SharePoint sites and OneDrive accounts, and for email items.
- Start the retention period when an event occurs. For example, when an employee leaves the organization, or a contract expires.
- Apply a default retention label to a document library, folder, or document set in SharePoint. Organizations should design the label so that all documents stored in that location inherit the default retention label.
- Mark items as a record as part of their records management strategy. When this labeled content remains in Microsoft 365, the organization might need to place further restrictions on the content for regulatory reasons. For more information, see Compare restrictions for what allowed and blocked actions.
Unlike sensitivity labels, retention labels don't persist if the users move the content outside of Microsoft 365.
Classifying content without applying any actions
Although the main purpose of retention labels is to retain or delete content, you can also use retention labels without turning on any retention or other actions. In this case, you can use a retention label simply as a text label, without enforcing any actions.
For example, you can create and apply a retention label named "Review later" with no actions. You can then use that label to find that content later.
Using a retention label as a condition in a DLP policy
You can specify a retention label as a condition in a Microsoft Purview Data Loss Prevention (DLP) policy for documents in SharePoint. For example, you can configure a DLP policy to prevent users from sharing documents outside the organization if they have a specified retention label applied to it.
Additional reading. For more information, see Using a retention label as a condition in a DLP policy.
Retention labels and policies that apply them
When you publish retention labels, the system includes them in a retention label policy. By doing so, the labels become available for admins and users to apply to content. The following diagram shows the two options in this design:
- You can include a single retention label in multiple retention label policies.
- Retention label policies specify the locations to publish the retention labels. You can include the same location in multiple retention label policies.
You can also create one or more autoapply retention label policies, each with a single retention label. With this policy, the system automatically applies a retention label when you meet conditions that you specify in the policy.
Retention label policies and locations
You can publish retention labels to different locations, depending on what the retention label does.
| If the retention label is... | Then you can apply the label policy to... |
|---|---|
| Published to administrators and end users. | Exchange, SharePoint, OneDrive, Microsoft 365 Groups |
| Autoapplied based on sensitive information types or trainable classifiers. | Exchange, SharePoint, OneDrive |
| Autoapplied based on keywords or a query. | Exchange, SharePoint, OneDrive, Microsoft 365 Groups |
| Autoapplied to cloud attachments. | SharePoint, OneDrive, Microsoft 365 Groups |
Exchange public folders, Skype, Teams, and Yammer messages don't support retention labels. To retain and delete content from these locations, you must use retention policies.
Only one retention label at a time
An email or document can only have a single retention label applied to it at a time. An end user or administrator can manually apply a retention label. The system can also automatically apply it by using any of the following methods:
- Autoapply label policy
- Document understanding model for SharePoint Syntex
- Default label for SharePoint or Outlook
- Outlook rules
For standard retention labels (they don't mark items as a record or regulatory record):
- Administrators and end users can manually change or remove an existing retention label that the organization applies on content.
- When content already has a retention label applied, the system doesn't automatically remove the existing label or replace it with another retention label - with two possible exceptions:
You configure the existing label to automatically apply a different retention label at the end of the retention period.
You apply the existing label as a default label. When you use a default label, there are some scenarios when you can replace it with another default label, or the system can automatically remove it.
For more information about default labels and corresponding label behavior, see the following resources:
- Default label for SharePoint. Label behavior when you use a default label for SharePoint.
- Default label for Outlook. Applying a default retention label to an Outlook folder.
- If there are multiple autoapply label policies that could apply a retention label, and content meets the conditions of multiple policies, the system applies the retention label for the oldest autoapply label policy (by date created).
When retention labels mark items as a record or a regulatory record, the system never automatically changes these labels during their configured retention period. Only administrators for the container can manually change or remove retention labels that mark items as a record, but not regulatory records. For more information, see Compare restrictions for allowed and blocked actions.
Policy lookup
An organization can configure multiple retention policies for Microsoft 365 locations. It can also configure multiple retention label policies that it publishes or automatically applies. To find the policies for retention that administrators assigned to specific users, sites, and Microsoft 365 groups, select the Policy lookup tab in either the Data lifecycle management or Records management solutions in the Microsoft Purview compliance portal.
For example:
You must specify one of the following options:
- The exact email address for a user.
- The exact URL for a site.
- The exact email address for a Microsoft 365 group.
You can't use wildcards, or partial matches.
The exact URL option for sites includes OneDrive accounts. For information how to specify the URL for a user's OneDrive account, see Get a list of all user OneDrive URLs in your organization.
Knowledge check
Choose the best response for the following question. Then select “Check your answers.”