Table of Contents
Implementing SharePoint Online Retention Policies
Do you need to retain SharePoint documents or files for a certain number of years? Do you have industry-mandated regulations to comply with? Simply setup a SharePoint Online Retention Policy and Retention Label to maintain a “Preservation Hold” of all sensitive SharePoint data. Retention policies are a part of Microsoft (Office) 365’s Compliance features including Records Management, Data Loss Prevention (DLP), and eDiscovery.
They help ensure compliance with industry-specific regulatory laws, ensuring that your organization holds sensitive data for the mandated period of time. Watch the video below for a quick step-by-step walk-through to set up a SharePoint Retention Policy and Retention Label. This blog is a part of our series on native Microsoft (Office) 365 SharePoint Online Backup and Restore options – in Part 2, we detail the Best Way to Archive SharePoint Online.
Talk with our Backup Expert
Microsoft (Office) 365 SharePoint’s Retention Policy 101
- Video Walkthrough
- What is Microsoft (Office) 365 SharePoint’s Retention Policy?
- How to Setup a SharePoint Retention Policy Via the Compliance Center
- How to Setup a SharePoint Retention Policy Using PowerShell
- Limitations of SharePoint Retention Policy
Video Walkthrough: Set up a Microsoft (Office) 365 SharePoint Retention Policy
Via the Compliance Center
Using PowerShell
What is Microsoft (Office) 365 SharePoint’s Retention Policy?
Retention policies and retention labels are used to prevent the permanent deletion of SharePoint sites and data. You must have global admin permissions to manage both retention policy and labels. For retention policies and auto-apply label policies, SharePoint sites must be indexed for the retention settings to be applied. Even files that are configured to not appear in search results are included in the retention policy.
What’s Included (and What’s Not)?
All files stored in SharePoint or OneDrive sites can be retained by applying a retention policy or retention label.
Files that can still be deleted with:
- A Retention Policy:
- All document library files, including any auto-created SharePoint document libraries like Site Assets.
- List items
- Organizing structures that include libraries, lists, and folders.
- A Retention Label:
- All files in all document libraries and all root level solo files.
- While list items can be retained, system lists are excluded.
- For list items with a standard retention label, i.e. item is a non-record, the document attachment (if any) doesn’t automatically inherit the retention settings of the label and has to be labeled independently. Whereas for a retention label that declares the item a record,
the document attachment (if any) automatically inherits the retention settings from the label. - Organizing structures that include libraries, lists, and folders.
Prefer to exclude some files? You can exclude specific document libraries with retention labels using:
NOT(DocumentLink:"")
How does the SharePoint Retention Policy work?
Step 1: Data included as a part of SharePoint Retention Policies are automatically stored in a Preservation Hold library. SharePoint prevents users from deleting items stored in this library and an older version of the item is stored when items are edited.
Step 2: When a user attempts to change or delete content under a Retention policy or label, a check is made to see if the content has been changed since the retention settings were applied. If it is the first change, the content is copied to the Preservation Hold library. The user is then allowed to edit or delete the original content. To retain all versions of a file, you must turn on versioning.
Step 3: A timer job regularly cleans up the Preservation Hold library every 7 days.
How to Setup a SharePoint Retention Policy Via the Compliance Center
Step 1: Open the Microsoft Office 365 Compliance Center https://compliance.microsoft.com/
Step 2: On the left navigation menu select Solutions / Information governance
Step 3: Open the Retention Policies tab and then click on “+” to create a new policy
Step 4: Enter the policy’s name, description, and click Next
Step 5: Uncheck all locations except SharePoint
Step 6: Select the period of retention and what you wish to be done with the data at the end of the retention period. We selected the longest period of retention (10 years) “Do nothing” in our example.
Step 7: Verify settings and click Submit to create your SharePoint Retention policy
How to Setup a SharePoint Retention Policy Using PowerShell
Step 1: Run your Windows Powershell app
Step 2: Connect to the Security & Compliance Center
Connect-IPPSSession
The “Security & Compliance Center” module will start loading
Step 3: Run this PowerShell script to create a retention policy
New-RetentionCompliancePolicy -Name "Backup for SharePoint" -SharePointLocation All
Parameters:
Name – name of the retention policy. If the name includes a space symbol then the string should be included in quotation marks, like “All files”
SharePointLocation – URL of SharePoint sites where Excel files should be retained
All – retain items from all sites.
In this example, we retain all files on all SharePoint sites
Limitations of the SharePoint Retention Policy
SharePoint retention policy has quite a few limitations such as not being searchable by eDiscovery tools, having cumbersome versioning issues, and the fact that the data is permanently deleted from the Preservation Hold library after 37 days. While retention policies can make do to ensure sensitive data is not deleted, they can in no way take the place of SharePoint backup. Apart from offering time-bound recovery, the data held is likely outdated, can rack up storage costs, and is tedious to restore. CloudAlly Backup for SharePoint Online includes Team and Public Sites (including sub-sites), Private Site Collections, and OneDrive for Business sites. It also includes unlimited AWS backup storage and non-destructive recovery to the original or new site. Secure automated backup and easy recovery with a few clicks. Start a Free Trial Now! (No payment details required | Zero setup)
