Microsoft Purview · Data Lifecycle Management

Retention Management

Create and manage retention policies and labels across Microsoft 365 to ensure compliance with data retention requirements.

Scope: Organization-wide retention policy and label management across all Microsoft 365 workloads

Permissions

  • Retention Policies - Create and configure retention policies and retention labels
  • Workload Settings - Apply retention settings to Exchange, SharePoint, OneDrive, Teams, Copilot interactions
  • Auto-Labeling - Manage automatic labeling and user-published labels for manual application
  • Event-Based Retention - Configure event-based retention for contract or project lifecycle triggers
  • Adaptive Scopes - Configure adaptive scopes for dynamic policy targeting based on user attributes
  • Label Analytics - Review retention label analytics and label application reports
  • Exceptions - Manage exceptions, label overrides, and policy conflicts
  • Copilot Retention - Configure retention for Microsoft 365 Copilot interactions and AI-generated content
  • Disposition Review - Set up disposition review workflows for end-of-retention decisions
  • Administrative Units - Manage administrative units for scoped retention policies
  • Preservation Lock - Configure Preservation Lock for immutable regulatory retention
  • Policy Monitoring - Monitor retention policy effectiveness and coverage

Common use cases

  • Implementing regulatory retention requirements (SEC, FINRA, HIPAA, GDPR, CCPA)
  • Managing corporate records retention schedules with automated enforcement
  • Ensuring legal compliance for data retention and evidence preservation
  • Automating lifecycle management for business documents and communications
  • Retaining Microsoft 365 Copilot interactions per compliance requirements
  • Managing retention for different regions using administrative units
  • Implementing adaptive retention policies based on user department or location
  • Configuring disposition review for end-of-retention decision workflows

Best practices

  • Start with broader retention policies and refine with labels for specific exceptions
  • Test retention policies with pilot groups before broad organization deployment
  • Document retention schedules aligned with business, legal, and regulatory requirements
  • Use Preservation Lock for regulatory compliance requirements requiring immutability
  • Regularly review and update retention settings as regulations change
  • Coordinate closely with legal, records management, and compliance teams
  • Use adaptive scopes for dynamic content targeting based on user attributes
  • Configure Copilot interaction retention carefully - balance compliance with user privacy
  • Implement disposition review workflows for content requiring manual review before deletion
  • Use administrative units to manage retention policies for different regions or divisions
  • Monitor retention label analytics to ensure proper application and coverage
  • Test event-based retention triggers thoroughly before production deployment

Security considerations

  • Incorrect retention settings can result in premature data deletion and regulatory violations
  • Preservation Lock cannot be disabled once applied - use with extreme caution
  • Over-retention can increase storage costs and expand eDiscovery scope significantly
  • Under-retention can violate regulations and destroy critical evidence
  • Monitor for conflicts between retention policies and retention labels
  • Adaptive scopes may inadvertently include or exclude users based on attribute changes
  • Copilot interaction retention affects user privacy and AI usage transparency
  • Administrative units require careful access control to prevent unauthorized changes
  • Disposition review requires trusted reviewers with proper authorization
  • Event-based retention triggers should be tested to avoid premature or delayed deletion
  • Retention policy changes can take up to 7 days to fully propagate

Official Microsoft Learn documentation →

Open the interactive RBACMap →