Retention Labels and Data Lifecycle
Implement retention labels, retention label policies, and retention policies to manage how long content is kept and when it's disposed of.
Managing data lifecycle at scale
Every piece of data has a lifecycle: it’s created, used, and eventually either archived or deleted. Retention policies make sure this happens automatically — keeping data when regulations require it and deleting it when it’s no longer needed.
Think of a hospital’s record-keeping: patient records must be kept for 7 years after the last visit (legal requirement), but old marketing emails can be deleted after 1 year (no legal requirement to keep them). Retention policies enforce these rules automatically across millions of documents.
Retention policies vs retention labels
| Feature | Retention Policies | Retention Labels |
|---|---|---|
| Scope | Entire workloads or locations | Individual items (documents, emails) |
| Applied to | Exchange, SharePoint, OneDrive, Teams, Viva Engage | Specific documents, emails, or folders |
| Application method | Automatic — applies to all content in scope | Manual (user-applied) or automatic (based on conditions) |
| Declare as record | No | Yes — can mark items as records or regulatory records |
| Disposition review | No | Yes — reviewers can approve deletion at end of retention |
| File plan support | No | Yes — structured file plan descriptors |
| Override | Label settings take precedence for labeled items | Label always wins over policy for that item |
Exam tip: The Principles of Retention
When multiple retention policies or labels apply to the same content, Microsoft Purview follows these four principles (in order):
- Retention wins over deletion — if any policy retains, the content is kept even if another policy would delete it
- Longest retention period wins — if multiple policies retain for different periods, the longest period applies
- Explicit deletion wins over implicit — an explicit “delete after X years” takes precedence over no deletion action
- Shortest deletion period wins — if multiple policies delete, the shortest deletion period applies
The exam loves scenarios where a 3-year policy and a 7-year policy both apply. Answer: content is retained for 7 years (longest wins). If a retention label says “delete after 5 years” and a policy says “retain for 10 years,” the content is retained for 10 years (retention wins over deletion).
Retention policies
Creating a retention policy
Elena creates a retention policy for MedGuard Health’s Exchange mailboxes:
| Setting | Value | Why |
|---|---|---|
| Name | ”MedGuard Email Retention — 7 Years” | Descriptive, follows naming convention |
| Locations | Exchange email — all users | Applies to every mailbox |
| Retain items | For 7 years | Healthcare regulation requirement |
| After retention period | Delete items automatically | No need to keep beyond 7 years |
| Retention start | When items were created | Based on email received date |
What retention policies do behind the scenes
When a user deletes an email that’s under a retention policy:
- Email moves to Deleted Items (user sees this)
- User empties Deleted Items → email moves to Recoverable Items folder (hidden)
- Email stays in Recoverable Items until the retention period expires
- After retention period → email is permanently deleted
The user thinks they deleted the email. Compliance knows it’s still there.
Exam tip: Retention for Teams messages
Teams retention works differently from Exchange:
- Teams messages are stored in a hidden folder in the user’s mailbox (for 1:1 chats) or the group mailbox (for channel messages)
- When a user deletes a Teams message, it disappears from the UI but remains in the hidden folder until the retention period expires
- Retention policies for Teams apply to both chat messages and channel messages (configured separately)
- Teams messages do NOT go to the Deleted Items folder — they go directly to a hidden compliance folder
The exam may ask: “A user deletes a Teams message. Is it recoverable?” → Yes, if a retention policy covers Teams messages.
Retention labels
Publishing labels vs auto-applying labels
| Method | How It Works | Best For |
|---|---|---|
| Publish labels | Labels are published to locations (Exchange, SPO, OD). Users manually apply them. | Documents where users know the classification (contracts, policies) |
| Auto-apply labels | Labels are automatically applied based on conditions (SITs, keywords, trainable classifiers) | High-volume content where manual labeling is impractical |
Auto-apply conditions
| Condition | Example | Use Case |
|---|---|---|
| Sensitive information types | Apply “Patient Record” label when content contains patient IDs | Healthcare data |
| Keywords or phrases | Apply “Legal Hold” label when content contains “litigation” or “lawsuit” | Legal department |
| Trainable classifiers | Apply “Financial Statement” label to documents matching the financial classifier | Finance department |
| Cloud attachments | Apply labels to files shared via Teams or Outlook | Collaboration content |
Records management
Retention labels can declare items as records or regulatory records:
| Type | What It Means | Can Be Modified | Can Be Deleted |
|---|---|---|---|
| Standard item | Normal retention — retained but can be modified/deleted by users | Yes | Yes (retained behind the scenes) |
| Record | Locked for editing but can be unlocked by admins | No (unless unlocked) | No (until retention expires) |
| Regulatory record | Immutable — cannot be modified or deleted by anyone | No | No (not even admins) |
Elena uses regulatory records for patient consent forms — these must be absolutely immutable for healthcare compliance.
Deep dive: Disposition review
When a retention label has disposition review enabled, content doesn’t automatically delete at the end of the retention period. Instead:
- A disposition reviewer receives a notification
- The reviewer examines the content
- The reviewer approves deletion, extends retention, or applies a different label
- An audit trail records the decision
This is critical for regulated industries where a human must approve data destruction. Elena configures disposition review for all patient records — a compliance officer must approve deletion even after the 7-year period.
Key concepts to remember
Knowledge check
Elena needs to ensure that MedGuard Health's patient consent forms are kept for exactly 7 years and cannot be modified or deleted by anyone — including admins — during that period. What should she configure?
Marcus wants to keep all Oakwood Financial emails for 3 years, then automatically delete them. He also wants specific contracts to be retained for 10 years. How should he configure this?
🎬 Video coming soon
Next up: Sensitivity Labels and Monitoring — classifying and encrypting content based on its sensitivity.