Microsoft (Office) 365 Retention Policy: The What, Why, and How?

Microsoft (Office) 365 with Outlook, SharePoint, and Teams are your organization’s bedrock. Moreso, with the WFH push of the pandemic. The business-critical data that they hold need to abide by legal and regulatory obligations. These requirements mandate both preserving information for a specific amount of time and ensuring that data is deleted after a specific time period. In this blog series, we explore?Native Microsoft 365 backup. In Part 1 we covered?the?Office 365 Archive Policy ?and in this blog, we discuss the Office 365 Retention Policy and how to set it up using the Microsoft 365 Compliance Center.

Watch the video here or follow the step-wise instructions below

What is the Microsoft (Office) 365 Retention Policy?

Retention policies and retention labels are used to prevent the permanent deletion of Office 365 data such as files, documents, or emails. They also ensure that information is stored in the company for the mandated period of time.?

• The Office 365 retention policy is used to implement rules on?all?items?and?documents, with minimal exceptions.?
• Retention labels?allow?customized?settings for a single folder,?document,?file, and?email.?Retention labels can be applied both?automatically and?manually by users.?

Note:?You must have global admin permissions to manage both retention policy and labels.?

How To Implement Microsoft (Office) 365’s Retention Policy?Via The Compliance Center??

There are?two ways to implement?Microsoft (Office) 365’s Retention Policies?

• Using the Microsoft?(Office)?365?Compliance Center?
• Via Microsoft PowerShell?

Stage 1: Create a Retention Label Via The Compliance Center

Step 1:?Open the?Microsoft (Office) 365 Compliance Center ?

????

Step 2: On the left navigation menu select Solutions /?Information governance?

Step 3: Open the?Labels?tab and then click on “+” to create a new label?

Step 4: Fill out the Retention Label Settings and click next?

Step 5: Define Retention Settings

• Specify the type of Retention – time-boxed, permanent, no-retention.
• Retention period?– 5/7/10?years,?or custom (specify the number of years, months, and days to retain items)
• Use different conditions or triggers:?
• Date when the item was created, last modified, or labeled
• Employee activity
• Expiration or termination of contracts and agreements
• Product lifetime
• If you select?Only delete items when they reach a certain age?these options are available:
• The age is older than 5/7/10 years or a custom?time period
• Use a trigger when items were either created, last modified or labeled

Step 6: Review settings

Click?Create label?

Step 7: Select how you wish to apply the label

Either publish it to Office 365, auto-apply to a specific type of content, or do nothing.

In this case, we apply it to PDF documents. You have to fill out the form using the wizard?

• Give a name for the auto-label

• Enter the conditions and click?Next.?For example, use?filetype:pdf?to retain PDF files only.?See?Keyword Query Language (KQL) syntax reference ?for more detail about using conditions.?

• Select the locations to apply the policy

• Select a label to auto-apply. The label created in the previous step will be selected by default.

• Review the settings and click?Submit

• Finally, you will see the confirmation that the policy was created. Click?Done?to exit the wizard?

Stage 2: Create a Retention Policy via the Compliance Center

Step 1:?Open the?Microsoft (Office) 365 Compliance Center ?

????

Step 2: On the left navigation menu select Solutions /?Information governance?

Step 3: Open the Retention Policies tab and then click on “+” to create a new policy

Step 4: Enter the Retention policy’s name and description and click Next?

Step 5: Select the objects that must be included in the Retention policy?

Step 6: As with the Retention label, set the Retention Policy settings

Step 6: Review and Submit to create a new Retention Policy

??:

How To Implement Microsoft (Office) 365’s Retention Policy using PowerShell?

Create a Retention Label using Powershell

Step1: Open the Start menu and type “powershell” to find the Windows PowerShell application and select it to run

Step 2: Connect to the Security and Compliance Center

Connect-IPPSSession        

You will get a message that the “Security & Compliance Center” module is loading

Step 3: Run the script to create a label

New-ComplianceTag -Name "Excel documents" -RetentionAction Keep -RetentionDuration 3650 -RetentionType ModificationAgeInDays?        

Where:

Name:?the name of the label

RetentionAction?– what to do for the label. We will?keep?it in our case.

RetentionType?– specify the start of the retention period. We will start the period since the object was last modified?ModificationAgeInDays

RetentionDuration?– The duration to retain items (10 years or 3650 days in our example)

Create a Retention Policy using Powershell

Step1: Run the Windows PowerShell application

Step 2: Connect to the Security and Compliance Center

Connect-IPPSSession        

You will get a message that the “Security & Compliance Center” module is loading

Step 4: Run the script to create a retention policy

New-RetentionCompliancePolicy -Name "Excel Documents" -SharePointLocation All        

Parameters:

Name??– The name of the retention policy. If the name includes a space symbol??then the string should be included in quotation marks, like “Excel Files”

SharePointLocation –?URL of SharePoint sites where Excel files should be retained. “All” means retain items from all sites.

Step 5: Run the script to create a rule to retain Excel files for the policy created above:

New-RetentionComplianceRule -Policy "Excel Documents" -ApplyComplianceTag "Excel documents" -ContentMatchQuery “filetype:xlsx”        

Parameters:

Policy –?The name of the policy created in the previous step

ContentMatchQuery –?The rule or query that will be used to filter items to be retained. For more information on using keywords, please refer to Microsoft’s?Keyword Query Language (KQL) syntax reference

ApplyComplianceTag –?The name of the retention label created above

Why Are Microsoft (Office) 365 Retention Policies Required?

Microsoft Compliance Retention Policies are a powerful tool to comply with legal and/or regulatory requirements for Microsoft 365 applications and their data types. When a retention policy is enabled, existing artifacts and all new data will remain secure in Microsoft 365 for the defined period of time.

Limitations of the Microsoft (Office) 365 Retention Policy

• If users or admins delete the data, it will override the retention policy and will be removed from Microsoft 365 applications. Note that these items will still be accessible using eDiscovery or the Preservation Hold library. As the Library is included in the site’s storage quota, you may need to increase your storage when you use retention settings for SharePoint and Microsoft 365 groups.
• An email or document can have only a single retention label applied to it at a time.
• For Exchange, calendar items are not retained, as are site looks/themes and related settings
• For SharePoint/One Drive, membership permissions, sharing, and access permissions are not preserved.
• For Teams/Groups,?while chats are retained, chat attachments and Groups data not linked to SharePoint is not retained. No permissions, user membership, and metadata is secured with retention policies.
• Costly: The storage costs of retention can be significant crossing the 11TB limit of Microsoft 365. The costs can rack up especially if you are planning to use the Retention policies as backup – for a period of 3 years. That will require you to purchase additional storage even while incurring license upgrade costs to the most expensive Enterprise plan.
• Essentially, recovery is cumbersome with the Retention policy, thus defeating the very purpose of backup for quick recovery of lost data.

Third-party Backup For True Point-in-Time Restore

While Office 365 retention policies may work to adhere to compliance requirements and protect some sensitive data, they fall short when considered as a backup and recovery solution. Instead, a comprehensive?Microsoft 365 Backup ?solution will secure all your Microsoft 365 data from loss –??Mail ,?Calendar ,?Contacts, ?Tasks ,?Groups/ Teams ,?OneDrive ,?SharePoint ,?and?Public Folders . While giving you the ability to recover data from any point-in-time or granularity level in minutes and ensuring regulatory compliance.

Start a free, full-feature 14-day trial ?– Zero setup and no credit card information required