Microsoft (Office) 365 with Outlook, SharePoint, and Teams are your organization’s bedrock. Moreso, with the WFH push of the pandemic. The business-critical data that they hold need to abide by legal and regulatory obligations. These requirements mandate both preserving information for a specific amount of time and ensuring that data is deleted after a specific time period. In this blog series, we explore Native Microsoft 365 backup. In Part 1 we covered the Office 365 Archive Policy and in this blog, we discuss the Office 365 Retention Policy and how to set it up using the Microsoft 365 Compliance Center.
Microsoft (Office) 365 Retention Policy
- What is the Microsoft (Office) 365 Retention Policy?
- How To Implement Microsoft (Office) 365’s Retention Policy via the Compliance Center?
- How To Implement Microsoft (Office) 365’s Retention Policy using PowerShell?
- Why are Microsoft (Office) 365 Retention policies required?
Watch the video here or follow the step-wise instructions below
What is the Microsoft (Office) 365 Retention Policy?
Retention policies and retention labels are used to prevent the permanent deletion of Office 365 data such as files, documents, or emails. They also ensure that information is stored in the company for the mandated period of time.
- The Office 365 retention policy is used to implement rules on all items and documents, with minimal exceptions.
- Retention labels allow customized settings for a single folder, document, file, and email. Retention labels can be applied both automatically and manually by users.
Note: You must have global admin permissions to manage both retention policy and labels.
How To Implement Microsoft (Office) 365’s Retention Policy Via The Compliance Center?
There are two ways to implement Microsoft (Office) 365’s Retention Policies
- Using the Microsoft (Office) 365 Compliance Center
- Via Microsoft PowerShell
Stage 1: Create a Retention Label Via The Compliance Center
Step 1: Open the Microsoft (Office) 365 Compliance Center
Step 2: On the left navigation menu select Solutions / Information governance
Step 3: Open the Labels tab and then click on “+” to create a new label
Step 4: Fill out the Retention Label Settings and click next
Step 5: Define Retention Settings
- Specify the type of Retention – time-boxed, permanent, no-retention.
- Retention period – 5/7/10 years, or custom (specify the number of years, months, and days to retain items)
- Use different conditions or triggers:
- Date when the item was created, last modified, or labeled
- Employee activity
- Expiration or termination of contracts and agreements
- Product lifetime
- If you select Only delete items when they reach a certain age these options are available:
- The age is older than 5/7/10 years or a custom time period
- Use a trigger when items were either created, last modified or labeled
Step 6: Review settings
Click Create label
Step 7: Select how you wish to apply the label
Either publish it to Office 365, auto-apply to a specific type of content, or do nothing.
In this case, we apply it to PDF documents. You have to fill out the form using the wizard
- Give a name for the auto-label
- Enter the conditions and click Next. For example, use filetype:pdf to retain PDF files only. See Keyword Query Language (KQL) syntax reference for more detail about using conditions.
- Select the locations to apply the policy
- Select a label to auto-apply. The label created in the previous step will be selected by default.
- Review the settings and click Submit
- Finally, you will see the confirmation that the policy was created. Click Done to exit the wizard
Stage 2: Create a Retention Policy via the Compliance Center
Step 1: Open the Microsoft (Office) 365 Compliance Center
Step 2: On the left navigation menu select Solutions / Information governance
Step 3: Open the Retention Policies tab and then click on “+” to create a new policy
Step 4: Enter the Retention policy’s name and description and click Next
Step 5: Select the objects that must be included in the Retention policy
Step 6: As with the Retention label, set the Retention Policy settings
Step 6: Review and Submit to create a new Retention Policy
:
How To Implement Microsoft (Office) 365’s Retention Policy using PowerShell?
Create a Retention Label using Powershell
Step1: Open the Start menu and type “powershell” to find the Windows PowerShell application and select it to run
Step 2: Connect to the Security and Compliance Center
Connect-IPPSSession
You will get a message that the “Security & Compliance Center” module is loading
Step 3: Run the script to create a label
New-ComplianceTag -Name "Excel documents" -RetentionAction Keep -RetentionDuration 3650 -RetentionType ModificationAgeInDays
Where:
Name: the name of the label
RetentionAction – what to do for the label. We will keep it in our case.
RetentionType – specify the start of the retention period. We will start the period since the object was last modified ModificationAgeInDays
RetentionDuration – The duration to retain items (10 years or 3650 days in our example)
Create a Retention Policy using Powershell
Step1: Run the Windows PowerShell application
Step 2: Connect to the Security and Compliance Center
Connect-IPPSSession
You will get a message that the “Security & Compliance Center” module is loading
Step 4: Run the script to create a retention policy
New-RetentionCompliancePolicy -Name "Excel Documents" -SharePointLocation All
Parameters:
Name – The name of the retention policy. If the name includes a space symbol then the string should be included in quotation marks, like “Excel Files”
SharePointLocation – URL of SharePoint sites where Excel files should be retained. “All” means retain items from all sites.
Step 5: Run the script to create a rule to retain Excel files for the policy created above:
New-RetentionComplianceRule -Policy "Excel Documents" -ApplyComplianceTag "Excel documents" -ContentMatchQuery “filetype:xlsx”
Parameters:
Policy – The name of the policy created in the previous step
ContentMatchQuery – The rule or query that will be used to filter items to be retained. For more information on using keywords, please refer to Microsoft’s Keyword Query Language (KQL) syntax reference
ApplyComplianceTag – The name of the retention label created above
Why Are Microsoft (Office) 365 Retention Policies Required?
Microsoft Compliance Retention Policies are a powerful tool to comply with legal and/or regulatory requirements for Microsoft 365 applications and their data types. When a retention policy is enabled, existing artifacts and all new data will remain secure in Microsoft 365 for the defined period of time.
Limitations of the Microsoft (Office) 365 Retention Policy
- If users or admins delete the data, it will override the retention policy and will be removed from Microsoft 365 applications. Note that these items will still be accessible using eDiscovery or the Preservation Hold library. As the Library is included in the site’s storage quota, you may need to increase your storage when you use retention settings for SharePoint and Microsoft 365 groups.
- An email or document can have only a single retention label applied to it at a time.
- For Exchange, calendar items are not retained, as are site looks/themes and related settings
- For SharePoint/One Drive, membership permissions, sharing, and access permissions are not preserved.
- For Teams/Groups, while chats are retained, chat attachments and Groups data not linked to SharePoint is not retained. No permissions, user membership, and metadata is secured with retention policies.
- Costly: The storage costs of retention can be significant crossing the 11TB limit of Microsoft 365. The costs can rack up especially if you are planning to use the Retention policies as backup – for a period of 3 years. That will require you to purchase additional storage even while incurring license upgrade costs to the most expensive Enterprise plan.
- Essentially, recovery is cumbersome with the Retention policy, thus defeating the very purpose of backup for quick recovery of lost data.
Third-party Backup For True Point-in-Time Restore
While Office 365 retention policies may work to adhere to compliance requirements and protect some sensitive data, they fall short when considered as a backup and recovery solution. Instead, a comprehensive Microsoft 365 Backup solution will secure all your Microsoft 365 data from loss – Mail, Calendar, Contacts, Tasks, Groups/ Teams, OneDrive, SharePoint, and Public Folders. While giving you the ability to recover data from any point-in-time or granularity level in minutes and ensuring regulatory compliance.
Start a free, full-feature 14-day trial – Zero setup and no credit card information required
