Table of Contents
Plan for information retention and disposition by using retention labels
You can control how long your organization keeps content using two main actions:
- Retain: This ensures content is not automatically deleted and remains accessible for legal discovery (eDiscovery) purposes. You can choose to retain content indefinitely or for a specific period.
- Delete: This permanently removes content from your system after a set amount of time.
These actions allow you to configure various retention settings:
- Retain only: Keeps content forever or for a specific duration.
- Delete only: Permanently deletes content after a set time.
- Retain then delete: Keeps content for a specified period and then removes it permanently.
Benefits of using these retention settings:
- Saves storage costs: By managing content in place, you avoid the need for additional storage solutions and the associated setup costs.
- Simplifies data management: Eliminates the need for complex processes to copy and synchronize data for retention purposes.
Create retention labels for data lifecycle management
M365 Copilot is a hot topic and to note that retention settings for Microsoft Copilot messages are automatically managed alongside Teams chats in the ‘Teams chats and Copilot interactions’ location. This is because both utilize the same mechanisms for storing and deleting data. Importantly, even if your organization doesn’t use Teams, Microsoft Copilot messages will still be subject to the retention policy applied to this location.
When a user departs your organization and their Microsoft 365 account is deactivated, their Copilot messages following retention policies are preserved. These messages are stored in a special inactive mailbox. Any retention policy applied to the user’s account before deactivation continues to govern these messages, allowing them to be retrieved through eDiscovery searches.
That of the way, let’s see how to create those labels. I will use the new Purview portal in my examples.
And select Create a label, give it a name and choose the settings for the label
| Feature | Description |
|---|---|
| Manual application | Users can directly apply labels to content in various applications like Outlook, OneDrive, SharePoint, and Microsoft 365 Groups. |
| Automatic application | Labels can be applied automatically based on specific criteria: |
| Content type: Cloud attachments (email/Teams), specific information types. | |
| Keywords: User-defined keywords found in the content. | |
| Patterns: Matches identified by a trainable classifier. | |
| Retention period start | Choose the start of the retention period: |
| Upon labeling: For documents (SharePoint/OneDrive) and emails. | |
| Upon event: Employee departure, contract expiration, etc. | |
| Default labels | Assign default labels to specific SharePoint locations (libraries, folders) for automatic application. |
| Record management | Mark content as official records for compliance, adding further restrictions. |
Important note! Retention labels, unlike sensitivity labels, don’t persist if the content is moved outside Microsoft 365
Retention Labels Beyond Retention and Deletion
While the primary function of retention labels involves managing content retention and deletion timelines, they offer additional functionality beyond triggering specific actions. Here’s how:
Using Retention Labels as Tags:
- No action required: You can leverage retention labels purely for content categorization without enforcing automatic retention settings or other actions.
- Example: Create a label named “Review Later” and assign it to content without setting a retention period. This allows you to easily search and identify these items for future review at your own discretion.
This approach provides a flexible way to organize and categorize content within your organization without solely relying on automatic actions triggered by retention labels.
One example could be those leavers
And what you can automatically trigger after the specified time
Disposition Review and Notification
Another superb feature is to assign reviewers for the Labeled content.
Triggering and Recipients:
- Upon reaching the designated retention period, a disposition review is initiated.
- The chosen reviewers are notified via email that content awaits their review.
- Reviewers can be:
- Individual users
- Members of a mail-enabled security group (excluding the group owner)
Customization:
- You can tailor the notification email sent to reviewers, including specific instructions.
- Multi-language support:
- Requires manual translation of the instructions.
- The custom text will be displayed to all reviewers regardless of their language settings.
In Summary:
Retention labels offer a streamlined review process for content nearing the end of its designated retention period. Reviewers receive timely notifications tailored to their needs, ensuring efficient management of your organization’s data.
Configure and manage adaptive scopes
In the new Purview portal experience you see a Recommendation for Adaptive Scopes
Create an adaptive scope policy that targets specific attributes for your users, sites or groups that have the most changes impact the compliance rules for their content. You can also use an existing adaptive scope if you’ve already created one.
You can find Adaptive scopes under settings https://purview.microsoft.com/settings/adaptivescope
Note for Microsoft, add it to Compliance and Governance pages for more direct access.
When you start creating a Scope, you can choose User, SPO or M365 Group based filters.
In example for users, you can find with first name
But there are also limits.
Maximums for adaptive policy scopes
There’s no limit to the number of adaptive policy scopes that you can add to a policy, but there are some maximum limits for the query that defines each adaptive scope:
- String length for attribute or property values: 200
- Number of attributes or properties without a group, or within a group: 10
- Number of groups: 10
- Number of characters in an advanced query: 10,000
- Grouping attributes or properties within a group isn’t supported. This means that the maximum number of properties or attributes supported within a single adaptive scope is 100.
| Adaptive scope type | Attributes or properties supported include |
|---|---|
| Users – applies to: – Exchange mailboxes – OneDrive accounts – Teams chats and Copilot interactions – Teams private channel messages – Viva Engage user messages | First Name Last name Display name Job title Department Office Street address City State or province Postal code Country or region Email addresses Alias Exchange custom attributes: CustomAttribute1 – CustomAttribute15 |
| SharePoint sites – applies to: – SharePoint sites * – OneDrive accounts | Site URL Site name SharePoint custom properties: RefinableString00 – RefinableString99 |
| Microsoft 365 Groups – applies to: – Microsoft 365 Group mailboxes & sites – Teams channel messages (standard and shared) – Viva Engage community messages | Name Display name Description Email addresses Alias Exchange custom attributes: CustomAttribute1 – CustomAttribute15 |
Configure a retention label policy to publish labels
Choose a Label to publish
And use Adaptive or a Static scope
With Adaptive scope you can choose previously created scopes. You cannot create new ones from this menu, you have to have them predefined.
And with Static you can choose the services manually
If you publish retention labels to SharePoint or OneDrive, those labels typically appear for users to select within one day. However, allow up to seven days.
If you publish retention labels to Exchange, it can take up to seven days for those retention labels to appear for users. As with all retention settings for Exchange, the mailbox must contain at least 10 MB of data.
Configure a retention label policy to auto-apply labels
Retention labels offer a powerful feature – automatic application, saving your organization valuable time and resources. This means:
- Reduced User Training: No need to extensively train users on all classification schemes.
- Improved Classification Accuracy: Eliminates reliance on user discretion, ensuring consistent labeling.
- Empowered Users: Users can focus on their core tasks without worrying about data governance policies.
Triggers for Automatic Application:
- Content without an existing label: Ensures consistent application across your data.
- Specific criteria:
- Sensitive information: Protects confidential data automatically.
- Keywords: Targets content based on specific terms.
- Searchable properties: Leverages existing metadata for targeted labeling.
- Trainable classifiers: Applies labels based on machine-learning patterns.
- Cloud attachments: Ensures consistent labeling for shared attachments.
By leveraging automatic application, you gain increased control over your data retention policies while freeing up valuable time for your organization.
And you can choose how to match the content, in example you can use Sensitivity Information Types.
Cloud attachments are files stored in SharePoint, OneDrive, or Microsoft 365 Groups that are attached as links to Outlook, Teams, and Viva Engage messages or that are referenced in interactions with Copilot. The label will be applied only to the version of the file that’s being shared or referenced and does not apply to the message. As a result, you won’t be able to choose Exchange, Teams, or Viva Engage as a location in the next step.
You can read more from Learn
Interpret the results of policy precedence, including using Policy lookup
You can configure multiple retention policies for Microsoft 365 locations, as well as multiple retention label policies that you publish or auto-apply. To find the policies for retention that are assigned to specific users, sites, and Microsoft 365 groups, use Policy lookup from the Data lifecycle management or Records management solutions in the Microsoft Purview compliance portal.
You will find Policy lookup under Policies.
And you can with a specific user, site or a group.
Prioritizing Retention and Deletion Outcomes with Multiple Policies and Labels
While you can apply both retention policies and labels, understanding the outcome can be complex. Here’s a simplified breakdown:
Key Points:
- Multiple Policies and Labels: An item can have multiple retention policies and labels applied, potentially leading to conflicting settings.
- Independent Calculation: Retention and deletion are calculated independently for each action (retain, delete) across all applied policies and labels.
- Precedence Principles:
- Retention vs. Deletion: Retention always takes precedence over deletion.
- Longest Retention Wins: The item is retained for the longest period defined across all settings.
- Labels over Policies: For deletion, actions from a retention label override those from policies.
- Conflict Resolution Flow: This flow prioritizes conflicting settings:
- Retention vs. Deletion: Prioritizes the longest retention period.
- Label vs. Policy Deletion: Prioritizes deletion action from retention label first.
- Multiple Deletion Actions: Chooses the earliest deletion date.
Understanding the Flow:
- Retention: The longest retention period across all policies and labels wins.
- Deletion:
- If no conflict exists, deletion happens based on the first policy/label setting.
- If there’s a conflict:
- Prioritize deleting based on the retention label (if present).
- Choose the earliest deletion date among conflicting settings.
In Summary:
By applying these principles, you can accurately determine how long an item will be retained and when it will be permanently deleted, even with multiple conflicting settings.
You can read more on precedence from Learn
Closure
Like before, let’s see what we covered in this section.
Retention labels
You can control how long your organization keeps content using two main actions:
- Retain: This ensures content is not automatically deleted and remains accessible for legal discovery (eDiscovery) purposes. You can choose to retain content indefinitely or for a specific period.
- Delete: This permanently removes content from your system after a set amount of time.
Deleting retention labels
To delete a retention label, all three conditions must apply:
- The label isn’t included in any retention label policy
- The label isn’t configured for event-based retention
- The label isn’t configured to mark items as regulatory records
When all these conditions are met:
- You can always delete a retention label that doesn’t mark items as records (sometimes referred to as a “standard retention label”). The deletion succeeds even if the label is applied to items, and the retention label is then removed from these items.
- You can delete a retention label that marks items as records only if the label isn’t applied to items. If the label has been applied to items, the deletion fails and you see a link to content explorer to identify the labeled items. It can take up to two days for content explorer to show the items that are labeled. In this scenario, the retention label might be deleted without showing you the link to content explorer.
Important note! Retention labels, unlike sensitivity labels, don’t persist if the content is moved outside Microsoft 365
You can use Retention Labels as Tags:
- No action required: You can leverage retention labels purely for content categorization without enforcing automatic retention settings or other actions.
Adaptive scopes
There’s no limit to the number of adaptive policy scopes that you can add to a policy, but there are some maximum limits for the query that defines each adaptive scope:
- String length for attribute or property values: 200
- Number of attributes or properties without a group, or within a group: 10
- Number of groups: 10
- Number of characters in an advanced query: 10,000
- Grouping attributes or properties within a group isn’t supported. This means that the maximum number of properties or attributes supported within a single adaptive scope is 100.
Retention labels
If you publish retention labels to SharePoint or OneDrive, those labels typically appear for users to select within one day. However, allow up to seven days.
You can also auto-label content
Exchange:
| Condition | Items in transit (sent or received) | Existing items (data at rest) |
|---|---|---|
| Sensitive info types | Yes | No |
| Specific keywords or searchable properties | Yes | Yes |
| Trainable classifiers | Yes | Yes (last six months only) |
SharePoint and OneDrive
| Condition | New or modified items | Existing items |
|---|---|---|
| Sensitive info types | Yes | Yes * |
| Specific keywords or searchable properties | Yes | Yes |
| Trainable classifiers | Yes | Yes (last six months only) |
Policy Lookup and Precedence
You can configure multiple retention policies for Microsoft 365 locations, as well as multiple retention label policies that you publish or auto-apply. To find the policies for retention that are assigned to specific users, sites, and Microsoft 365 groups, use Policy lookup from the Data lifecycle management or Records management solutions in the Microsoft Purview compliance portal.
Precedence
- Multiple Policies and Labels: An item can have multiple retention policies and labels applied, potentially leading to conflicting settings.
- Independent Calculation: Retention and deletion are calculated independently for each action (retain, delete) across all applied policies and labels.
- Precedence Principles:
- Retention vs. Deletion: Retention always takes precedence over deletion.
- Longest Retention Wins: The item is retained for the longest period defined across all settings.
- Labels over Policies: For deletion, actions from a retention label override those from policies.
- Conflict Resolution Flow: This flow prioritizes conflicting settings:
- Retention vs. Deletion: Prioritizes the longest retention period.
- Label vs. Policy Deletion: Prioritizes deletion action from retention label first.
- Multiple Deletion Actions: Chooses the earliest deletion date.
Link to main post
RSS - Posts