As with previous chapters in this book, there are requirements when it comes to implementing retention labels and policies as well. To keep it streamlined with the other chapters and with the exam as well, the license we are going to use in the demonstrations and guides is Microsoft 365 E5.

Licensing is always a jungle to navigate, as retention labels are present in licensing subscriptions other than E5. Microsoft has a well-documented description of this at the following link: https://docs.microsoft.com/en-us/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#which-licenses-provide-the-rights-for-a-user-to-benefit-from-the-service-8.

Creating and applying retention label policies

Before we jump into creating and applying retention label policies, we must cover the principles of retentions policies, which are described in the following diagram:

Figure 10.1 – The principles of retention in Microsoft 365

  • Retention always wins over deletion: Suppose that one retention policy states that Exchange emails are to be deleted after 3 years, but another policy states that Exchange emails are to be retained for 5 years and then deleted. Under these circumstances, any content that reaches 3 years of age will be deleted and hidden from the user, but still retained in the Recoverable Items folder until the content reaches the 5-year retention period. After 5 years, the item would be permanently deleted. Content retained by one policy cannot be permanently deleted by another policy.
  • Longest retention period wins: If any content is subject to multiple policies as regards the retention of said content, it will be retained until the end of the longest retention period.
  • Explicit inclusion wins over implicit inclusion: If a label with retention settings is manually assigned by a user to an item (known as an explicit label), that label takes precedence over a policy assigned at the site or mailbox level. Suppose that an explicit label says to retain an item for 10 years, but the policy assigned to the item says to retain it for 5 years, then the label would take precedence. Auto-applied labels are considered implicit because they are applied automatically by Microsoft 365.
  • Shortest deletion period wins: If content is subject to multiple policies that delete it with no retention, it will be deleted at the end of the shortest retention period.

With the principles of retention in Microsoft 365, we can start to create and apply retention label policies.

Configuring retention policies

The creation of a retention policy consists of the following steps:

  1. Naming the policy
  2. Locations to cover with the policy
  3. Retention settings for the policy
  4. Reviewing the settings of the policy

These are described in the following diagram:

Figure 10.2 – Retention policy configuration

To create a retention policy, we will head back into the Microsoft 365 compliance center, under Information Governance and Retention policies, as described by the following screenshot:

Figure 10.3 – The location of retention policies in the Microsoft 365 compliance center

Now follow the steps shown next to create a retention policy:

  1. Naming the policy: Enter a friendly name for the policy and an admin description for the policy:

Figure 10.4 – Naming the retention policy

2. On the next page, we will select the locations we will cover with this retention policy. To select a location, simply toggle the switch to On for the desired location. Here, we are also given the option to specify explicitly which users, sites, OneDrive accounts, and Microsoft 365 groups to include in the policy or exclude from it:

Figure 10.5 – Choosing the location to apply the retention policy

Note

To create a retention policy for Microsoft Teams content, you will need to create a policy for Teams channel messages and Teams chats explicitly turned on, with everything else turned off. If you want to create a policy for Teams private channel messages, you will need to create a policy with that location explicitly turned on, with everything else turned off.

3. On the next screen, we will configure Retention settings for the policy. We will have to configure the following items for the policy:

Figure 10.6 – The retention settings for a policy

4. The Retain items for a specific period field has a number of options – 5 years, 7 years (default), 10 years, and Custom, as described in Figure 10.7:

Figure 10.7 – Showing the options for the Retain items for a specific period setting

5. The same goes for the Start the retention period based on field, which has the options When items were created and When items were last modified, as described in Figure 10.8:

Figure 10.8 – Showing the options for the Start the retention period based on setting

6. Two other options are available, which are Retain items forever and Only delete items when they reach a certain age, where the latter gives us basically the same options as with the Retain items for a specific period option mentioned in step 5. But instead of choosing the retention period, we will choose an expiry age on items, after which they will be permanently deleted:

Figure 10.9 – Showing the options for the Only delete items when they reach a certain age setting

7. On the last page of the creation of a retention policy, we get to review our settings for the policy before creating said policy in our tenant. Please note the callout at the bottom, stating that items currently older than the time range specified in the policy will be deleted permanently in your tenant:

Figure 10.10 – Showing the Review and finish page

8. After creating the policy, we are taken back to the page in the Microsoft 365 compliance center showing us our newly created retention policy listed:

Figure 10.11 – Showing the retention policies available in the tenant

That covers how to create and configure a retention policy. Up next, we will delve deeper into how to create and configure retention labels.

Leave a Reply

Your email address will not be published. Required fields are marked *