Microsoft Purview · Data Lifecycle Management

View-Only Retention Management

Read-only access to retention policies, labels, and analytics for auditing, compliance reporting, and oversight without modification permissions.

Scope: Read-only access to all retention features organization-wide for audit, oversight, and compliance reporting

Permissions

  • Retention Policies - View all retention policies and labels across Exchange, SharePoint, OneDrive, Teams, Microsoft 365 Groups
  • Reports - Access comprehensive retention reports and analytics dashboards
  • Label Analytics - Review retention label applications: user-applied vs auto-applied, location-specific analytics
  • Disposition Status - View disposition status, pending reviews, and disposition history
  • Export - Export retention configuration reports for audit documentation and compliance submissions
  • Label Statistics - View retention label analytics: top labels, application counts, location breakdowns
  • Policy Lookup - Access policy lookup tool to determine which retention settings apply to specific locations
  • Adaptive Scopes - View adaptive scope configuration and membership queries (dynamic user groups)
  • Event-Based Retention - Review event-based retention configuration and triggered events
  • Administrative Units - View administrative unit scoped policies and their target populations
  • Copilot Retention - Access retention settings for Microsoft 365 Copilot interactions
  • Preservation Lock - View preservation lock status on immutable retention policies

Common use cases

  • External auditors reviewing retention compliance programs for SEC, FINRA, FDA, or other regulatory audits
  • Management oversight of retention program effectiveness and coverage gaps
  • Compliance reporting and analytics for board presentations or regulatory submissions
  • Training new retention management staff before granting full administrative permissions
  • Legal team review of retention schedules during litigation preparation or discovery
  • Third-party consultants assessing data governance and information lifecycle maturity
  • Internal audit teams verifying adherence to retention policies and regulatory requirements
  • Executive dashboards showing retention label adoption rates and compliance metrics
  • IT teams understanding retention configuration without risk of accidental changes
  • Business unit leaders monitoring retention coverage for their departments

Best practices

  • Use for compliance audits and regulatory assessments by external or internal auditors
  • Generate regular retention coverage reports to identify gaps in policy application
  • Monitor for retention policy conflicts or overlapping retention settings
  • Verify retention labels are applied correctly and consistently across workloads
  • Export policy configuration quarterly for offline compliance documentation
  • Use policy lookup tool to troubleshoot user questions about retention behavior
  • Review adaptive scope membership to ensure dynamic targeting is working correctly
  • Analyze retention label analytics to identify under-utilized or over-applied labels
  • Compare retention configuration against regulatory requirements during annual reviews
  • Monitor disposition pending queue to identify potential backlogs requiring escalation
  • Use reports to demonstrate compliance with retention requirements to auditors
  • Coordinate with Retention Management role holders to recommend improvements based on findings

Security considerations

  • Cannot make changes - lowest risk retention-related role, safe for external parties
  • Can view retention settings and coverage which may reveal organizational data governance strategy
  • Export capabilities should be monitored - reports may contain sensitive retention metadata
  • Policy configuration exports may reveal business-critical retention schedules
  • Disposition history visibility may expose information about content deletion timelines
  • Should have data handling agreements for external auditors or consultants
  • Consider time-limited assignments for temporary contractors or external auditors
  • Monitor export activity to ensure compliance with data protection policies
  • Access to adaptive scope queries may reveal organizational structure and user attributes
  • View-only access to event-based retention may expose business process information

Official Microsoft Learn documentation →

Open the interactive RBACMap →