Retention & Sensitivity Labels

Retention and labels in Teams

Retention policies for Teams

What Teams retention covers

Teams retention policies target three distinct content locations — you can create separate policies for each:

Content Location	What It Covers	Where Content Is Stored
Teams channel messages	Posts and replies in standard and private channels	Azure-hosted storage (not Exchange)
Teams chats	1:1 chats, group chats, meeting chats	Azure-hosted storage (user’s cloud mailbox for compliance)
Copilot interactions	Microsoft 365 Copilot chat history in Teams	Azure-hosted storage

Critical exam point: Teams chat and channel messages are retained via Exchange Online mailboxes (chat messages in participants’ mailboxes, channel messages in the group mailbox). A compliance copy is preserved in a hidden SubstrateHolds folder for eDiscovery and retention processing. Files shared in Teams are stored separately in SharePoint/OneDrive and follow SharePoint/OneDrive retention policies.

Retention vs. deletion

Retention policy actions

Feature	Behaviour	User Experience	Example
Retain only	Content is kept for the specified period, then nothing happens (no auto-delete)	Users see no change — messages stay visible	Keep all Teams chats for 7 years
Delete only	Content is deleted after the specified period	Messages disappear from Teams after the retention period	Delete all channel messages older than 1 year
Retain then delete	Content is kept for the retention period, then permanently deleted	Messages visible during retention, then disappear	Keep Teams chats for 5 years, then delete

Creating a Teams retention policy

1. Go to Microsoft Purview compliance portal → Data lifecycle management → Retention policies
2. Click New retention policy
3. Name the policy and choose the scope (adaptive or static)
4. Select location: Teams channel messages, Teams chats, or Teams Copilot interactions
5. Configure: retain for X days/months/years, then delete (or retain only)
6. Review and create

Scenario: Nadia's retention strategy at Sterling Financial

Sterling Financial must comply with financial regulations that require 7-year message retention. Nadia creates three retention policies:

1. Teams channel messages: Retain for 7 years, then delete — covers all trading desk and compliance channels
2. Teams chats: Retain for 7 years, then delete — includes 1:1 chats between traders (regulatory requirement)
3. Teams Copilot interactions: Retain for 7 years, then delete — new requirement since traders use Copilot for analysis

She also creates a separate delete-only policy for the company social channel: delete messages older than 90 days (no regulatory value, reduces storage).

Important: These policies run in the background. Users at Sterling Financial see no change — messages appear normally. But behind the scenes, Purview ensures nothing is permanently deleted before the 7-year mark, even if a user deletes a message manually.

Key exam concepts for retention

• Retention wins over deletion. If one policy says “retain for 7 years” and another says “delete after 1 year,” the content is retained for 7 years.
• The longest retention period wins when multiple retain policies conflict.
• Explicit deletion wins over implicit (no action) when retention periods are the same.
• Users can delete messages from their Teams view, but the compliance copy is preserved for the full retention period.
• Adaptive scopes target users/groups dynamically (e.g., “all users in the Finance department”). Static scopes target specific locations you manually select.

Sensitivity labels for Teams

What sensitivity labels can protect

Sensitivity labels in Teams go beyond just marking content — they enforce settings automatically:

Label Setting	What It Controls	Example
Meeting lobby	Who bypasses the lobby	”Confidential” → only invited people bypass lobby
Meeting recording	Whether recording is allowed	”Highly Confidential” → recording disabled
Meeting chat	Whether chat is available	”Restricted” → chat disabled during meeting
Watermarking	Content watermark on shared screen and video	”Highly Confidential” → watermark shows user’s email
End-to-end encryption	E2E encryption for meeting audio/video	”Top Secret” → E2E encrypted (limits features)
Who can present	Presenter restrictions	”Confidential” → only organisers can present
Copilot	Whether Copilot can access meeting content	”Highly Confidential” → Copilot disabled

Exam point: Sensitivity labels for Teams meetings are configured in the Microsoft Purview compliance portal under Information protection → Labels. The meeting-specific settings are in the label’s Meetings tab.

Creating and publishing sensitivity labels

Step 1: Create the label

1. Microsoft Purview → Information protection → Labels → Create a label
2. Define scope: Items (files, emails), Groups & sites (Teams, SharePoint sites), and Meetings
3. For meetings: configure lobby, recording, chat, watermark, encryption, presenter, Copilot settings
4. For groups & sites: configure privacy (public/private), external sharing, Conditional Access

Step 2: Publish the label

1. Create a label publishing policy
2. Choose which labels to publish and to which users/groups
3. Set a default label (optional) — auto-applied to new Teams meetings if configured
4. Configure mandatory labelling — require users to apply a label before creating a meeting

Scenario: Nadia's sensitivity labels at Sterling Financial

Nadia creates three sensitivity labels for Teams meetings:

Label	Lobby	Recording	Chat	Watermark	Copilot	Applied By
General	Everyone bypasses	Allowed	Enabled	Off	Enabled	Default for all meetings
Confidential	Only invited people bypass	Allowed (saved to restricted location)	Enabled	On for video	Enabled	User-selected
Highly Confidential	Only organisers bypass	Disabled	In-meeting only (no post-meeting chat)	On for video and shared content	Disabled	User-selected, mandatory for Board meetings

She publishes all three labels to all Sterling Financial users with “General” as the default. The Chief Compliance Officer Elena is satisfied — every board meeting automatically gets the highest protection.

Labels for Teams and M365 Groups

Sensitivity labels can also control team-level settings (not just meetings):

• Privacy: Force team to be Private
• Guest access: Allow or block guest access to the team
• External sharing: Control SharePoint sharing level for the team’s site
• Conditional Access: Require specific CA policies (e.g., managed devices only)

When a user creates a new team and selects “Confidential,” these settings are automatically enforced on the underlying M365 Group and SharePoint site.

🎬 Video walkthrough

🎬 Video coming soon

Retention & Sensitivity Labels — MS-700 Module 3

Retention & Sensitivity Labels — MS-700 Module 3

~11 min

Flashcards

Question

Where are Teams messages stored for retention purposes?

Click or press Enter to reveal answer

Answer

Teams chat messages are retained in participants' Exchange Online mailboxes. Channel messages are retained in the Microsoft 365 group mailbox. A compliance copy is held in a hidden SubstrateHolds folder. Files shared in Teams are stored separately in SharePoint/OneDrive.

Click to flip back

Question

What happens when a retention policy says 'retain 7 years' but another says 'delete after 1 year'?

Click or press Enter to reveal answer

Answer

Retention wins over deletion. The content is retained for 7 years. The longest retention period wins when multiple policies conflict.

Click to flip back

Question

What meeting settings can a sensitivity label enforce in Teams?

Click or press Enter to reveal answer

Answer

Lobby bypass, recording on/off, chat availability, watermarking (video and shared content), end-to-end encryption, who can present, and whether Copilot can access meeting content.

Click to flip back

Question

What are the three Teams content locations for retention policies?

Click or press Enter to reveal answer

Answer

1. Teams channel messages (standard and private channels), 2. Teams chats (1:1, group, and meeting chats), 3. Copilot interactions. Each needs its own retention policy.

Click to flip back

Knowledge Check

Knowledge Check

Sterling Financial must retain all Teams chat messages for 7 years for regulatory compliance. A trader manually deletes a sensitive chat message. What happens?

AThe message is permanently deleted — manual deletion overrides retention policiesBThe message disappears from the trader's Teams view but the compliance copy is retained for 7 yearsCThe deletion is blocked — retention policies prevent users from deleting messagesDThe message is moved to the trader's Exchange Online deleted items folder

Check Answer

Knowledge Check

Nadia needs to ensure that all Teams meetings labelled 'Highly Confidential' at Sterling Financial have recording disabled, watermarks on shared content, and Copilot disabled. What should she configure?

AA Teams meeting policy in the Teams admin centerBA sensitivity label with meeting protection settings in Microsoft PurviewCA Conditional Access policy in Microsoft Entra IDDA DLP policy targeting Teams meetings in Microsoft Purview

Check Answer

Knowledge Check

Which statement about Teams retention policies is TRUE?

AA single retention policy can cover Teams channel messages, chats, and SharePoint files simultaneouslyBTeams retention policies can target Teams channel messages, Teams chats, and Copilot interactions as separate locationsCRetention policies for Teams are configured in the Teams admin centerDTeams messages are stored in Exchange Online mailboxes and follow Exchange retention policies

Check Answer

---

Next up: DLP & Conditional Access — how to prevent sensitive data from leaking through Teams and control who can access Teams based on conditions.