Secure Cloud Backup

Microsoft (Office) 365 Retention Policy: The What, Why, and How?

Steps and video to setup Microsoft Office 365 Retention Policy via the Microsoft 365 Compliance Center, along with its pros and cons
Microsoft Office 365 Retention Policy Compliance | CloudAlly
dotted blue horizontal | CloudAlly
Share this:

Microsoft (Office) 365 with Outlook, SharePoint, and Teams are your organization’s bedrock. Moreso, with the WFH push of the pandemic. The business-critical data that they hold need to abide by legal and regulatory obligations. These requirements mandate both preserving information for a specific amount of time and ensuring that data is deleted after a specific time period. In this blog series, we explore Native Microsoft 365 backup. In Part 1 we covered the Office 365 Archive Policy and in this blog, we discuss the Office 365 Retention Policy and how to set it up using the Microsoft 365 Compliance Center.

Microsoft (Office) 365 Retention Policy

Watch the video here or follow the step-wise instructions below

What is the Microsoft (Office) 365 Retention Policy?

Retention policies and retention labels are used to prevent the permanent deletion of Office 365 data such as files, documents, or emails. They also ensure that information is stored in the company for the mandated period of time. 

  • The Office 365 retention policy is used to implement rules on all items and documents, with minimal exceptions. 
  • Retention labels allow customized settings for a single folder, document, file, and email. Retention labels can be applied both automatically and manually by users. 

Note: You must have global admin permissions to manage both retention policy and labels. 

How To Implement Microsoft (Office) 365’s Retention Policy Via The Compliance Center? 

There are two ways to implement Microsoft (Office) 365’s Retention Policies 

  • Using the Microsoft (Office) 365 Compliance Center 
  • Via Microsoft PowerShell 

Stage 1: Create a Retention Label Via The Compliance Center

Step 1: Open the Microsoft (Office) 365 Compliance Center 

     

Step 2: On the left navigation menu select Solutions / Information governance 

Step 3: Open the Labels tab and then click on “+” to create a new label 

Step 4: Fill out the Retention Label Settings and click next 

Step 5: Define Retention Settings

  • Specify the type of Retention – time-boxed, permanent, no-retention.
  • Retention period  – 5/7/10 years, or custom (specify the number of years, months, and days to retain items)
  • Use different conditions or triggers: 
    • Date when the item was created, last modified, or labeled
    • Employee activity
    • Expiration or termination of contracts and agreements
    • Product lifetime
    • If you select Only delete items when they reach a certain age these options are available:
      • The age is older than 5/7/10 years or a custom time period
      • Use a trigger when items were either created, last modified or labeled

Step 6: Review settings

Click Create label 

Step 7: Select how you wish to apply the label

Either publish it to Office 365, auto-apply to a specific type of content, or do nothing.

In this case, we apply it to PDF documents. You have to fill out the form using the wizard 

  • Give a name for the auto-label

Microsoft Office 365 Retention Policy Compliance center

Microsoft Office 365 Retention Policy Compliance center

  • Select the locations to apply the policy

  • Select a label to auto-apply. The label created in the previous step will be selected by default.

Microsoft Office 365 Retention Policy Compliance center

  • Review the settings and click Submit

Microsoft Office 365 Retention Policy Compliance center

  • Finally, you will see the confirmation that the policy was created. Click Done to exit the wizard 

Microsoft Office 365 Retention Policy Compliance center

Stage 2: Create a Retention Policy via the Compliance Center

Step 1: Open the Microsoft (Office) 365 Compliance Center 

     

Step 2: On the left navigation menu select Solutions / Information governance 

Step 3: Open the Retention Policies tab and then click on “+” to create a new policy

Microsoft Office 365 Retention Policy Compliance center

Step 4: Enter the Retention policy’s name and description and click Next 

Microsoft Office 365 Retention Policy Compliance center

Step 5: Select the objects that must be included in the Retention policy 

Microsoft Office 365 Retention Policy Compliance center

Step 6: As with the Retention label, set the Retention Policy settings

Microsoft Office 365 Retention Policy Compliance center

Step 6: Review and Submit to create a new Retention Policy

   Microsoft Office 365 Retention Policy Compliance center:

How To Implement Microsoft (Office) 365’s Retention Policy using PowerShell?

Create a Retention Label using Powershell

Step1: Open the Start menu and type “powershell” to find the Windows PowerShell application and select it to run

Step 2: Connect to the Security and Compliance Center

Connect-IPPSSession

You will get a message that the “Security & Compliance Center” module is loading

Step 3: Run the script to create a label

New-ComplianceTag -Name "Excel documents" -RetentionAction Keep -RetentionDuration 3650 -RetentionType ModificationAgeInDays 

Where:

Name: the name of the label

RetentionAction – what to do for the label. We will keep it in our case.

RetentionType – specify the start of the retention period. We will start the period since the object was last modified ModificationAgeInDays

RetentionDuration – The duration to retain items (10 years or 3650 days in our example)

Create a Retention Policy using Powershell

Step1: Run the Windows PowerShell application

Step 2: Connect to the Security and Compliance Center

Connect-IPPSSession

You will get a message that the “Security & Compliance Center” module is loading

Step 4: Run the script to create a retention policy

New-RetentionCompliancePolicy -Name "Excel Documents" -SharePointLocation All

Parameters:

Name  – The name of the retention policy. If the name includes a space symbol  then the string should be included in quotation marks, like “Excel Files”

SharePointLocation – URL of SharePoint sites where Excel files should be retained. “All” means retain items from all sites.

Step 5: Run the script to create a rule to retain Excel files for the policy created above:

New-RetentionComplianceRule -Policy "Excel Documents" -ApplyComplianceTag "Excel documents" -ContentMatchQuery “filetype:xlsx”

Parameters:

Policy – The name of the policy created in the previous step

ContentMatchQuery – The rule or query that will be used to filter items to be retained. For more information on using keywords, please refer to Microsoft’s Keyword Query Language (KQL) syntax reference

ApplyComplianceTag – The name of the retention label created above

Why Are Microsoft (Office) 365 Retention Policies Required?

Microsoft Compliance Retention Policies are a powerful tool to comply with legal and/or regulatory requirements for Microsoft 365 applications and their data types. When a retention policy is enabled, existing artifacts and all new data will remain secure in Microsoft 365 for the defined period of time.

Limitations of the Microsoft (Office) 365 Retention Policy

  • If users or admins delete the data, it will override the retention policy and will be removed from Microsoft 365 applications. Note that these items will still be accessible using eDiscovery or the Preservation Hold library. As the Library is included in the site’s storage quota, you may need to increase your storage when you use retention settings for SharePoint and Microsoft 365 groups.
  • An email or document can have only a single retention label applied to it at a time.
  • For Exchange, calendar items are not retained, as are site looks/themes and related settings
  • For SharePoint/One Drive, membership permissions, sharing, and access permissions are not preserved.
  • For Teams/Groups, while chats are retained, chat attachments and Groups data not linked to SharePoint is not retained. No permissions, user membership, and metadata is secured with retention policies.
  • Costly: The storage costs of retention can be significant crossing the 11TB limit of Microsoft 365. The costs can rack up especially if you are planning to use the Retention policies as backup – for a period of 3 years. That will require you to purchase additional storage even while incurring license upgrade costs to the most expensive Enterprise plan.
  • Essentially, recovery is cumbersome with the Retention policy, thus defeating the very purpose of backup for quick recovery of lost data.

Third-party Backup For True Point-in-Time Restore

While Office 365 retention policies may work to adhere to compliance requirements and protect some sensitive data, they fall short when considered as a backup and recovery solution. Instead, a comprehensive Microsoft 365 Backup solution will secure all your Microsoft 365 data from loss –  MailCalendar, Contacts, TasksGroups/ TeamsOneDrive, SharePoint, and Public Folders. While giving you the ability to recover data from any point-in-time or granularity level in minutes and ensuring regulatory compliance.

Start a free, full-feature 14-day trial – Zero setup and no credit card information required

Share this:

Related posts:

Thought Leader Talks

Series of Intriguing Q&A with the leading IT influencers

Click the RSS icon below sign up and get our blog posts by RSS

Twitter Latest tweets
Get the latest insights on cloud-to-cloud backup to your inbox.
dotted_BLUE_horizontal_divider
Subscribe to our latest blog posts
Get Posts Via Email - With the latest insights on cloud-to-cloud backup.