Retention Labels and Data Lifecycle
Implement retention labels, retention label policies, and retention policies to manage how long content is kept and when it's disposed of.
Managing data lifecycle at scale
Every piece of data has a lifecycle: itβs created, used, and eventually either archived or deleted. Retention policies make sure this happens automatically β keeping data when regulations require it and deleting it when itβs no longer needed.
Think of a hospitalβs record-keeping: patient records must be kept for 7 years after the last visit (legal requirement), but old marketing emails can be deleted after 1 year (no legal requirement to keep them). Retention policies enforce these rules automatically across millions of documents.
Retention policies vs retention labels
| Feature | Retention Policies | Retention Labels |
|---|---|---|
| Scope | Entire workloads or locations | Individual items (documents, emails) |
| Applied to | Exchange, SharePoint, OneDrive, Teams, Viva Engage | Specific documents, emails, or folders |
| Application method | Automatic β applies to all content in scope | Manual (user-applied) or automatic (based on conditions) |
| Declare as record | No | Yes β can mark items as records or regulatory records |
| Disposition review | No | Yes β reviewers can approve deletion at end of retention |
| File plan support | No | Yes β structured file plan descriptors |
| Override | Label settings take precedence for labeled items | Label always wins over policy for that item |
Exam tip: The Principles of Retention
When multiple retention policies or labels apply to the same content, Microsoft Purview follows these four principles (in order):
- Retention wins over deletion β if any policy retains, the content is kept even if another policy would delete it
- Longest retention period wins β if multiple policies retain for different periods, the longest period applies
- Explicit deletion wins over implicit β an explicit βdelete after X yearsβ takes precedence over no deletion action
- Shortest deletion period wins β if multiple policies delete, the shortest deletion period applies
The exam loves scenarios where a 3-year policy and a 7-year policy both apply. Answer: content is retained for 7 years (longest wins). If a retention label says βdelete after 5 yearsβ and a policy says βretain for 10 years,β the content is retained for 10 years (retention wins over deletion).
Retention policies
Creating a retention policy
Elena creates a retention policy for MedGuard Healthβs Exchange mailboxes:
| Setting | Value | Why |
|---|---|---|
| Name | βMedGuard Email Retention β 7 Yearsβ | Descriptive, follows naming convention |
| Locations | Exchange email β all users | Applies to every mailbox |
| Retain items | For 7 years | Healthcare regulation requirement |
| After retention period | Delete items automatically | No need to keep beyond 7 years |
| Retention start | When items were created | Based on email received date |
What retention policies do behind the scenes
When a user deletes an email thatβs under a retention policy:
- Email moves to Deleted Items (user sees this)
- User empties Deleted Items β email moves to Recoverable Items folder (hidden)
- Email stays in Recoverable Items until the retention period expires
- After retention period β email is permanently deleted
The user thinks they deleted the email. Compliance knows itβs still there.
Exam tip: Retention for Teams messages
Teams retention works differently from Exchange:
- Teams messages are stored in a hidden folder in the userβs mailbox (for 1:1 chats) or the group mailbox (for channel messages)
- When a user deletes a Teams message, it disappears from the UI but remains in the hidden folder until the retention period expires
- Retention policies for Teams apply to both chat messages and channel messages (configured separately)
- Teams messages do NOT go to the Deleted Items folder β they go directly to a hidden compliance folder
The exam may ask: βA user deletes a Teams message. Is it recoverable?β β Yes, if a retention policy covers Teams messages.
Retention labels
Publishing labels vs auto-applying labels
| Method | How It Works | Best For |
|---|---|---|
| Publish labels | Labels are published to locations (Exchange, SPO, OD). Users manually apply them. | Documents where users know the classification (contracts, policies) |
| Auto-apply labels | Labels are automatically applied based on conditions (SITs, keywords, trainable classifiers) | High-volume content where manual labeling is impractical |
Auto-apply conditions
| Condition | Example | Use Case |
|---|---|---|
| Sensitive information types | Apply βPatient Recordβ label when content contains patient IDs | Healthcare data |
| Keywords or phrases | Apply βLegal Holdβ label when content contains βlitigationβ or βlawsuitβ | Legal department |
| Trainable classifiers | Apply βFinancial Statementβ label to documents matching the financial classifier | Finance department |
| Cloud attachments | Apply labels to files shared via Teams or Outlook | Collaboration content |
Records management
Retention labels can declare items as records or regulatory records:
| Type | What It Means | Can Be Modified | Can Be Deleted |
|---|---|---|---|
| Standard item | Normal retention β retained but can be modified/deleted by users | Yes | Yes (retained behind the scenes) |
| Record | Locked for editing but can be unlocked by admins | No (unless unlocked) | No (until retention expires) |
| Regulatory record | Immutable β cannot be modified or deleted by anyone | No | No (not even admins) |
Elena uses regulatory records for patient consent forms β these must be absolutely immutable for healthcare compliance.
Deep dive: Disposition review
When a retention label has disposition review enabled, content doesnβt automatically delete at the end of the retention period. Instead:
- A disposition reviewer receives a notification
- The reviewer examines the content
- The reviewer approves deletion, extends retention, or applies a different label
- An audit trail records the decision
This is critical for regulated industries where a human must approve data destruction. Elena configures disposition review for all patient records β a compliance officer must approve deletion even after the 7-year period.
Key concepts to remember
Knowledge check
Elena needs to ensure that MedGuard Health's patient consent forms are kept for exactly 7 years and cannot be modified or deleted by anyone β including admins β during that period. What should she configure?
Marcus wants to keep all Oakwood Financial emails for 3 years, then automatically delete them. He also wants specific contracts to be retained for 10 years. How should he configure this?
Next up: Sensitivity Labels and Monitoring β classifying and encrypting content based on its sensitivity.