Microsoft Purview · Records Management

Disposition Management

Review and approve content disposition at end of retention period to ensure proper record destruction with proof of disposal and audit trail.

Scope: Disposition review and approval for all items reaching end of retention across Exchange, SharePoint, OneDrive, Teams, and Microsoft 365 Groups

Permissions

  • Disposition Queue - Access disposition review queue and pending disposition dashboard
  • Pending Review - Review items pending disposition across all Microsoft 365 locations
  • Retention Decisions - Approve or extend retention for items with justification required
  • Justification - Provide business justification for disposition decisions and retention extensions
  • Proof of Disposal - Export proof of disposal evidence and comprehensive disposition reports
  • Reviewer Management - Configure disposition reviewer permissions and assign reviewers to labels
  • Disposition History - View disposition history and audit trail of all disposition actions
  • Search and Filter - Filter and search disposition items by location, label, status, date range
  • Multi-Stage Review - Configure multi-stage disposition review workflows for critical records
  • Permanent Deletion - Permanently delete items after disposition approval (cannot be undone)
  • Failed Dispositions - View items that failed disposition due to legal holds or preservation locks
  • Completion Monitoring - Monitor disposition completion status and generate compliance reports

Common use cases

  • Reviewing records before permanent deletion to ensure retention requirements are met
  • Ensuring no litigation hold, eDiscovery hold, or preservation lock applies before disposition
  • Making final determination on extending retention for high-value or business-critical content
  • Providing approval for compliance with retention schedules and regulatory obligations
  • Creating audit trail of disposition decisions for SEC, FINRA, FDA compliance reporting
  • Coordinating with business units on whether to retain or dispose of valuable content
  • Generating proof of disposal reports for regulatory audits and compliance documentation
  • Managing multi-stage disposition review for records requiring legal or management approval
  • Handling event-based retention disposition when triggered by employee departure or contract expiration
  • Resolving disposition failures due to holds or locks by coordinating with legal teams

Best practices

  • Review disposition items promptly to avoid backlog - set SLA for disposition decisions
  • Check for active litigation, investigations, or regulatory inquiries before approving disposition
  • Document detailed justification for retention extensions to support audit requirements
  • Coordinate with business units and data owners on high-value or sensitive content disposition
  • Maintain detailed records of disposition decisions with business context and rationale
  • Set up regular disposition review schedule (weekly or bi-weekly) to prevent queue buildup
  • Use multi-stage reviewer approval for critical records requiring legal or executive sign-off
  • Export proof of disposal reports quarterly for compliance documentation and audit readiness
  • Monitor failed dispositions and coordinate with legal to release unnecessary holds
  • Create disposition review checklists to ensure consistent decision-making across reviewers
  • Verify no pending eDiscovery cases or regulatory requests before bulk approvals
  • Use filters to prioritize disposition items by sensitivity, age, or business unit

Security considerations

  • Premature disposition approval can result in destruction of evidence needed for litigation or investigations
  • All disposition decisions are permanently logged and auditable - cannot be deleted or modified
  • Cannot approve disposition if legal hold, eDiscovery hold, or preservation lock is present
  • Should verify no pending litigation, regulatory inquiry, or internal investigation before approval
  • Disposition creates permanent deletion - cannot be undone even by administrators
  • Proof of disposal evidence must be retained per regulatory requirements (often 7+ years)
  • Coordinate with legal before disposition approval to avoid spoliation sanctions
  • Failed dispositions due to holds may indicate ongoing legal matters - do not override holds
  • Disposition reviewer role should be assigned only to trusted, senior personnel
  • Monitor disposition activity logs for unauthorized or suspicious approval patterns

Common questions

When should I assign the Disposition Management role?

Assign Disposition Management when you need to: Reviewing records before permanent deletion to ensure retention requirements are met; Ensuring no litigation hold, eDiscovery hold, or preservation lock applies before disposition; Making final determination on extending retention for high-value or business-critical content; Providing approval for compliance with retention schedules and regulatory obligations; and Creating audit trail of disposition decisions for SEC, FINRA, FDA compliance reporting. It is part of Microsoft Purview and should be granted as a least-privilege alternative to broader roles like Global Administrator.

What can someone with the Disposition Management role do?

The Disposition Management role grants permissions including: Disposition Queue - Access disposition review queue and pending disposition dashboard; Pending Review - Review items pending disposition across all Microsoft 365 locations; Retention Decisions - Approve or extend retention for items with justification required; Justification - Provide business justification for disposition decisions and retention extensions; Proof of Disposal - Export proof of disposal evidence and comprehensive disposition reports; and Reviewer Management - Configure disposition reviewer permissions and assign reviewers to labels. See the Permissions section above for the full list.

What are the security risks of the Disposition Management role?

Key considerations when assigning Disposition Management: Premature disposition approval can result in destruction of evidence needed for litigation or investigations; All disposition decisions are permanently logged and auditable - cannot be deleted or modified; Cannot approve disposition if legal hold, eDiscovery hold, or preservation lock is present; and Should verify no pending litigation, regulatory inquiry, or internal investigation before approval. Review the Security considerations section before assignment, and pair with Privileged Identity Management (PIM) for just-in-time access where possible.

Official Microsoft Learn documentation →

Open the interactive RBACMap →