1. The Core Mechanisms: Policies vs. Labels

This is another critical distinction to explain to stakeholders, similar to Information Protection.

  • Retention Policies:
    • Applied at the container level (e.g., an entire Exchange mailbox, a SharePoint site, all Teams chats).
    • Broad and invisible to the end user.
    • Example: “Retain all employee OneDrive data for 7 years after they leave, then silently delete it.”
  • Retention Labels:
    • Applied at the item level (a specific Word document or email).
    • Visible to the user (can be selected from a dropdown in Office apps).
    • Records Management: Labels can declare a document as a “Record.” Once marked as a Record, the document is locked and cannot be edited or deleted by anyone (including Global Admins) until the retention period expires.

2. The Principles of Retention (The Conflict Engine)

In an enterprise, a single document might be subject to multiple conflicting policies (e.g., a 7-year HR retain policy, but a 3-year IT auto-delete policy). Microsoft uses a strict hierarchy to resolve this:

  1. Retention wins over deletion: If Policy A says “delete in 3 years” and Policy B says “retain for 5 years,” the file is kept for 5 years.
  2. Longest retention period wins: If Policy A says “retain for 5 years” and Policy B says “retain for 7 years,” it is kept for 7 years.
  3. Explicit wins over implicit: A Retention Label manually applied to a file by a user will override a broad Retention Policy applied to the whole site.
  4. Shortest deletion period wins: If there are no retention policies, but Policy A says “delete after 1 year” and Policy B says “delete after 3 years,” the file is deleted after 1 year.

3. Archiving & Storage Optimization

  • Exchange Online Archiving:
    • The primary mailbox has a 50GB or 100GB limit. You must actively enable the “Archive Mailbox” feature for users.
    • Auto-expanding archiving: Must be enabled at the tenant level. Once the initial 100GB archive is nearly full, Microsoft automatically provisions additional storage space (up to 1.5TB for Enterprise plans).
    • Note: Retention policies physically move the mail from the primary mailbox to the archive mailbox.
  • Microsoft 365 Archive (SharePoint):
    • A newer feature for cold storage. You can archive entire inactive SharePoint sites to free up active tenant storage quotas. The site becomes read-only and unsearchable to standard users, but admins can reactivate it. Billed via an Azure Pay-As-You-Go subscription.

4. eDiscovery & Legal Holds

  • The Override: A Legal Hold (eDiscovery hold) trumps all Data Lifecycle policies. Even if a document reaches its 7-year automated deletion date, if it is under a Legal Hold, it cannot be purged.
  • Recoverable Items Folder (Exchange): When a user “permanently” deletes an email (Shift+Delete), it goes to the Recoverable Items folder (hidden from the user). If the mailbox is on hold, the email stays there indefinitely for compliance officers to discover.
  • Preservation Hold Library (SharePoint): If a SharePoint site is under a retention policy or hold, and a user deletes a file, a copy is silently moved to the “Preservation Hold Library” (accessible only by Site Collection Admins) to satisfy the policy.

5. Essential PowerShell Cmdlets (Security & Compliance)

  • Connection: Connect-IPPSSession
  • Policy Management:
    • Get-RetentionCompliancePolicy (Lists broad container-level policies)
    • Get-ComplianceTag (Lists item-level Retention Labels—note that PowerShell still uses the legacy term “ComplianceTag”)
  • Exchange Archiving (ExchangeOnlineManagement):
    • Enable-Mailbox -Identity user@domain.com -Archive
    • Enable-MailboxAutoExpandingArchive (Tenant-wide toggle)