Exchange Online · Compliance & Security
Records Management
Members can configure compliance features such as retention policy tags, message classifications, and mail flow rules for records purposes.
Scope: Email retention and records management
Permissions
- Audit Logs - Search administrator audit log
- Journaling - Configure journaling rules
- Message Tracking - Track message delivery
- Retention Management - Manage retention policies and tags
- Transport Rules - Create and manage mail flow rules
Common use cases
- Implementing email lifecycle management
- Configuring auto-archive policies
- Managing retention for regulatory compliance
- Setting up message journaling
Best practices
- Align with organizational retention schedules
- Use Microsoft Purview for unified retention across M365
- Document retention policy rationale with legal/compliance
- Test retention policies before broad deployment
Security considerations
- Retention policies can permanently delete content
- Journaling copies messages externally - protect journal recipients
- Audit log access reveals administrative actions