Learn about retention policies and retention labels
For most organizations, the volume and complexity of their data is increasing daily—email, documents, instant messages, and more. Effectively managing or governing this information is important because you need to:
Comply proactively with industry regulations and internal policies that require you to retain content for a minimum period of time—for example, the Sarbanes-Oxley Act might require you to retain certain types of content for seven years.
Reduce your risk in the event of litigation or a security breach by permanently deleting old content that you're no longer required to keep.
Help your organization to share knowledge effectively and be more agile by ensuring that your users work only with content that's current and relevant to them.
Retention settings that you configure can help you achieve all these goals. Managing content commonly requires two actions:
Retaining content so that it can't be permanently deleted before the end of the retention period.
Deleting content permanently at the end of the retention period.
With these two retention actions, you can configure retention settings for the following outcomes:
- Retain-only: Retain content forever or for a specified period of time.
- Delete-only: Delete content after a specified period of time.
- Retain and then delete: Retain content for a specified period of time and then delete it.
These retention settings work with content in place that saves you the additional overheads of creating and configuring additional storage when you need to retain content for compliance reasons. In addition, you don't need to implement customized processes to copy and synchronize this data.
How retention settings work with content in place
When content has retention settings assigned to it, that content remains in its original location. People can continue to work with their documents or mail as if nothing's changed. But if they edit or delete content that's included in the retention policy, a copy of the content is automatically retained.
For SharePoint and OneDrive sites: The copy is retained in the Preservation Hold library.
For Exchange mailboxes: The copy is retained in the Recoverable Items folder.
For Teams and Yammer messages: The copy is retained in a hidden folder named SubstrateHolds as a subfolder in the Exchange Recoverable Items folder.
The Preservation Hold library consumes storage that isn't exempt from a site's storage quota. You might need to increase your storage when you use retention settings for SharePoint and Microsoft 365 groups.
These secure locations and the retained content are not visible to most people. In most cases, people do not even need to know that their content is subject to retention settings.
For more detailed information about how retention settings work for different workloads, see the following articles:
- Learn about retention for SharePoint and OneDrive
- Learn about retention for Microsoft Teams
- Learn about retention for Yammer
- Learn about retention for Exchange
Retention policies and retention labels
You can use both retention policies and retention labels with label policies to assign your retention settings to content.
Use a retention policy to assign the same retention settings for content at a site or mailbox level, and use a retention label to assign retention settings at an item level (folder, document, email).
For example, if all documents in a SharePoint site should be retained for 5 years, it's more efficient to do this with a retention policy than apply the same retention label to all documents in that site. However, if some documents in that site should be retained for 5 years and others retained for 10 years, a retention policy wouldn't be able to do this. When you need to specify retention settings at the item level, use retention labels.
Unlike retention policies, retention settings from retention labels travel with the content if it’s moved to a different location within your Microsoft 365 tenant. In addition, retention labels have the following capabilities that retention policies don't support:
Options to start the retention period from when the content was labeled or based on an event, in addition to the age of the content or when it was last modified.
Use trainable classifiers to identify content to label.
Apply a default label for SharePoint documents.
Support disposition review to review the content before it's permanently deleted.
Retention policies can be applied to the following locations:
- Exchange email
- SharePoint site
- OneDrive accounts
- Microsoft 365 Groups
- Skype for Business
- Exchange public folders
- Teams channel messages
- Teams chats
- Yammer community messages
- Yammer private messages
You can very efficiently apply a single policy to multiple locations, or to specific locations or users.
For the start of the retention period, you can choose when the content was created or, supported only for files and the SharePoint, OneDrive, and Microsoft 365 Groups locations, when the content was last modified.
Items inherit the retention settings from their container specified in the retention policy. If they are then moved outside that container when the policy is configured to retain content, a copy of that item is retained in the workload's secured location. However, the retention settings don't travel with the content in its new location. If that's required, use retention labels instead of retention policies.
Use retention labels for different types of content that require different retention settings. For example:
Tax forms that need to be retained for a minimum period of time.
Press materials that need to be permanently deleted when they reach a specific age.
Competitive research that needs to be retained for a specific period and then permanently deleted.
Work visas that must be marked as a record so that they can't be edited or deleted.
In all these cases, retention labels let you apply retention settings for governance control at the item level (document or email).
With retention labels, you can:
Enable people in your organization to apply a retention label manually to content in Outlook and Outlook on the web, OneDrive, SharePoint, and Microsoft 365 groups. Users often know best what type of content they're working with, so they can classify it and have the appropriate retention settings applied.
Apply retention labels to content automatically if it matches specific conditions, such as when the content contains:
- Specific types of sensitive information.
- Specific keywords that match a query you create.
- Pattern matches for a trainable classifier.
Start the retention period from when the content was labeled for documents in SharePoint sites and OneDrive accounts, and to email items with the exception of calendar items. If you apply a retention label with this configuration to a calendar item, the retention period starts from when it is sent.
Start the retention period when an event occurs, such as employees leave the organization, or contracts expire.
Apply a default retention label to a document library, folder, or document set in SharePoint, so that all documents that are stored in that location inherit the default retention label.
Additionally, retention labels support records management for email and documents across Microsoft 365 apps and services. You can use a retention label to mark items as a record. When this happens and the content remains in Microsoft 365, the label places further restrictions on the content that might be needed for regulatory reasons. For more information, see Compare restrictions for what actions are allowed or blocked.
Retention labels, unlike sensitivity labels, do not persist if the content is moved outside Microsoft 365.
There is no limit to the number of retention labels that are supported for a tenant. However, 10,000 is the maximum number of policies that are supported for a tenant and these include the policies that apply the labels (retention label policies and auto-apply retention policies), as well as retention policies.
Classifying content without applying any actions
Although the main purpose of retention labels is to retain or delete content, you can also use retention labels without turning on any retention or other actions. In this case, you can use a retention label simply as a text label, without enforcing any actions.
For example, you can create and apply a retention label named "Review later" with no actions, and then use that label to find that content later.
Using a retention label as a condition in a DLP policy
You can specify a retention label as a condition in a data loss prevention (DLP) policy for documents in SharePoint. For example, configure a DLP policy to prevent documents from being shared outside the organization if they have a specified retention label applied to it.
For more information, see Using a retention label as a condition in a DLP policy.
Retention labels and policies that apply them
When you publish retention labels, they're included in a retention label policy that makes them available for admins and users to apply to content. As the following diagram shows:
A single retention label can be included in multiple retention label policies.
Retention label policies specify the locations to publish the retention labels. The same location can be included in multiple retention label policies.
You can also create one or more auto-apply retention label policies, each with a single retention label. With this policy, a retention label is automatically applied when conditions that you specify in the policy are met.
Retention label policies and locations
Different types of retention labels can be published to different locations, depending on what the retention label does.
|If the retention label is…||Then the label policy can be applied to…|
|Published to admins and end users
||Exchange, SharePoint, OneDrive, Microsoft 365 Groups
|Auto-applied based on sensitive information types or trainable classifiers
||Exchange (all mailboxes only), SharePoint, OneDrive
|Auto-applied based on a query
||Exchange, SharePoint, OneDrive, Microsoft 365 Groups
In Exchange, retention labels that you auto-apply are applied only to messages newly sent (data in transit), not to all items currently in the mailbox (data at rest). Also, auto-apply retention labels for sensitive information types and trainable classifiers apply to all mailboxes; you can't select specific mailboxes.
Exchange public folders, Skype, Teams and Yammer messages do not support retention labels. To retain and delete contain from these locations, use retention policies instead.
Only one retention label at a time
An email or document can have only a single retention label applied to it at a time. A retention label can be applied manually by an end user or admin, or automatically by using any of the following methods:
- Auto-apply label policy
- Document understanding model for SharePoint Syntex
- Default label for SharePoint or Outlook
- Outlook rules
For standard retention labels (they don't mark items as a record or regulatory record):
Admins and end users can manually change or remove an existing retention label that's applied on content.
When content already has a retention label applied, the existing label won't be automatically removed or replaced by another retention label with one possible exception: The existing label was applied as a default label.
For more information about the label behavior when it's applied by using a default label:
- Default label for SharePoint: Label behavior when you use a default label for SharePoint
- Default label for Outlook: Applying a default retention label to an Outlook folder
If there are multiple auto-apply label policies that could apply a retention label, and content meets the conditions of multiple policies, the retention label for the oldest auto-apply label policy (by date created) is applied.
When retention labels mark items as a record or a regulatory record, these labels are never automatically changed. Only admins for the container can manually change or remove retention labels that mark items as a record, but not regulatory records. For more information, see Compare restrictions for what actions are allowed or blocked.
Monitoring retention labels
From the Microsoft 365 compliance center, use Data classification > Overview to monitor how your retention labels are being used in your tenant, and identify where your labeled items are located. For more information, including important prerequisites, see Know your data - data classification overview.
Consider using some of the other data classification insights, such as trainable classifiers and sensitive info types, to help you identify content that you might need to retain or delete, or manage as records.
The Office 365 Security & Compliance Center has the equivalent overview information for retention labels from Information governance > Dashboard, and more detailed information from Information governance > Label activity explorer. For more information about monitoring retention labels from this older admin center, see the following documentation:
- View the data governance reports
- View label usage with label analytics
- View label activity for documents
Using Content Search to find all content with a specific retention label
After retention labels are applied to content, either by users or auto-applied, you can use content search to find all items that have a specific retention label applied.
When you create a content search, choose the Retention label condition, and then enter the complete retention label name or part of the label name and use a wildcard. For more information, see Keyword queries and search conditions for Content Search.
Compare capabilities for retention policies and retention labels
Use the following table to help you identify whether to use a retention policy or retention label, based on capabilities.
|Capability||Retention policy||Retention label|
|Retention settings that can retain and then delete, retain-only, or delete-only||Yes||Yes|
- Microsoft 365 groups
- Skype for Business
Yes, except public folders
|Retention applied automatically||Yes||Yes|
|Retention applied based on conditions
- sensitive info types, KQL queries and keywords, trainable classifiers
|Retention applied manually||No||Yes|
|UI presence for end users||No||Yes|
|Persists if the content is moved||No||Yes, within your Microsoft 365 tenant|
|Declare item as a record||No||Yes|
|Start the retention period when labeled or based on an event||No||Yes|
|Proof of disposition for up to 7 years||No||Yes, when item is declared a record|
|Audit admin activities||Yes||Yes|
|Identify items subject to retention:
- Content Search
- Data classification page, content explorer, activity explorer
Note that you can use both retention policies and retention labels as complementary retention methods. For example:
You create and configure a retention policy that automatically deletes content five years after it's last modified, and apply the policy to all OneDrive accounts.
You create and configure a retention label that keeps content forever and add this to a label policy that you publish to all OneDrive accounts. You explain to users how to manually apply this label to specific documents that should be excluded from automatic deletion if not modified after five years.
For more information about how retention policies and retention labels work together and how to determine their combined outcome, see the next section that explains the principles of retention and what takes precedence.
The principles of retention, or what takes precedence?
Unlike retention labels, you can apply more than one retention policy to the same content. Each retention policy can result in a retain action and a delete action. Additionally, that item could also be subject to these actions from a retention label.
In this scenario, when items can be subject to multiple retention settings that could conflict with one another, what takes precedence to determine the outcome?
The outcome isn't which single retention policy or single retention label wins, but how long an item is retained (if applicable) and when an item is deleted (if applicable). These two actions are calculated independently from each other, from all the retention settings applied to an item.
For example, an item might be subject to one retention policy that is configured for a delete-only action, and another retention policy that is configured to retain and then delete. Consequently, this item has just one retain action but two delete actions. The retention and deletion actions could be in conflict with one another and the two deletion actions might have a conflicting date. To work out the outcome, you must apply the principles of retention.
At a high level, you can be assured that retention always takes precedence over deletion, and the longest retention period wins. These two simple rules always decide how long an item will be retained.
There are a few more factors that determine when an item will be deleted, which include the delete action from a retention label always takes precedence over the delete action from a retention policy.
Use the following flow to understand the retention and deletion outcomes for a single item, where each level acts as a tie-breaker for conflicts, from top to bottom. If the outcome is determined by the first level because there are no further conflicts, there's no need to progress to the next level, and so on.
If you are using retention labels: Before using this flow to determine the outcome of multiple retention settings on the same item, make sure you know which retention label is applied.
Explanation for the four different levels:
Retention wins over deletion. Content won't be permanently deleted when it also has retention settings to retain it.
Example: An email message is subject to a retention policy for Exchange that is configured to delete items after three years and it also has a retention label applied that is configured to retain items for five years.
The email message is retained for five years because this retention action takes precedence over deletion. The email message is deleted at the end of the five years because of the deferred delete action.
The longest retention period wins. If content is subject to multiple retention settings that retain content for different periods of time, the content will be retained until the end of the longest retention period.
Example: Documents in the Marketing SharePoint site are subject to two retention policies. The first retention policy is configured for all SharePoint sites to retain items for five years. The second retention policy is configured for specific SharePoint sites to retain items for ten years.
Documents in this Marketing SharePoint site are retained for ten years because that's the longest retention period.
Explicit wins over implicit. Applicable to determine when items will be deleted:
A retention label (however it was applied) provides explicit retention in comparison with retention policies, because the retention settings are applied to an individual item rather than implicitly assigned from a container. This means that a delete action from a retention label always takes precedence over a delete action from any retention policy.
Example: A document is subject to two retention policies that have a delete action of five years and ten years respectively, and also a retention label that has a delete action of seven years.
The document is deleted after seven years because the delete action from the retention label takes precedence.
When you have retention policies only: If a retention policy for a location is scoped to use an include configuration (such as specific users for Exchange email) that retention policy takes precedence over unscoped retention policies for the same location.
An unscoped retention policy is where a location is selected without specifying specific instances. For example, Exchange email and the default setting of All recipients is an unscoped retention policy. Or, SharePoint sites and the default setting of All sites. When retention policies are scoped, they have equal precedence at this level.
Example 1: An email message is subject to two retention policies. The first retention policy is unscoped and deletes items after ten years. The second retention policy is scoped to specific mailboxes and deletes items after five years.
The email message is deleted after five years because the deletion action from the scoped retention policy takes precedence over the unscoped retention policy.
Example 2: A document in a user's OneDrive account is subject to two retention policies. The first retention policy is scoped to include this user's OneDrive account and has a delete action after 10 years. The second retention policy is scoped to include this user's OneDrive account and has a delete action after seven years.
When this document will be deleted can't be determined at this level because both retention policies are scoped.
The shortest deletion period wins. Applicable to determine when items will be deleted from retention policies and the outcome couldn't be resolved from the previous level: Content is deleted at the end of the shortest retention period.
Example: A document in a user's OneDrive account is subject to two retention policies. The first retention policy is scoped to include this user's OneDrive account and has a delete action after 10 years. The second retention policy is scoped to include this user's OneDrive account and has a delete action after seven years.
This document will be deleted after seven years because that's the shortest retention period for these two scoped retention policies.
Note that items subject to eDiscovery hold also fall under the first principle of retention; they cannot be deleted by any retention policy or retention label. When that hold is released, the principles of retention continue to apply to them. For example, they could then be subject to an unexpired retention period or a deferred delete action.
More complex examples that combine retain and delete actions:
An item has the following retention settings applied to it:
- A retention policy for delete-only after five years
- A retention policy that retains for three years and then deletes
- A retention label that retains-only for seven years
Outcome: The item is retained for seven years because retention takes precedence over deletion and seven years is the longest retention period. At the end of this retention period, the item is deleted because of the delete action from the retention policies that was deferred while the item was retained.
Although the two retention policies have different dates for the delete actions, the earliest the item can be deleted is at the end of the longest retention period, which is longer than both deletion dates. In this example, there is no conflict to resolve for the deletion dates so all conflicts are resolved by the second level.
An item has the following retention settings applied to it:
- An unscoped retention policy that deletes-only after ten years
- A scoped retention policy that retains for five years and then deletes
- A retention label that retains for three years and then deletes
Outcome: The item is retained for five years because that's the longest retention period. At the end of that retention period, the item is deleted because of the delete action of three years from the retention label that was deferred while the item was retained. Deletion from retention labels takes precedence over deletion from all retention policies. In this example, all conflicts are resolved by the third level.
Use Preservation Lock to restrict changes to policies
Some organizations might need to comply with rules defined by regulatory bodies such as the Securities and Exchange Commission (SEC) Rule 17a-4, which requires that after a policy for retention is turned on, it cannot be turned off or made less restrictive.
Preservation Lock ensures your organization can meet such regulatory requirements because it locks a retention policy or retention label policy so that no one—including an administrator—can turn off the policy, delete the policy, or make it less restrictive.
You apply Preservation Lock after the retention policy or retention label policy is created. For more information and instructions, see Use Preservation Lock to restrict changes to retention policies and retention label policies.
Releasing a policy for retention
Providing your policies for retention don't have a Preservation Lock, you can delete your policies at any time, which effectively turns off the previously applied retention settings. You can also keep the policy but change the location status to off.
When you do either of these actions, any SharePoint or OneDrive content that's being retained in the Preservation Hold library is not immediately and permanently deleted. Instead, to help prevent inadvertent data loss, there is a 30-day grace period, during which content expiration for that policy does not happen in the Preservation Hold library, so that you can restore any content from there, if needed. Additionally, you can't manually delete this content during the grace period.
You can change the location status back to on during the grace period, and no content will be deleted for that policy.
This 30-day grace period in SharePoint and OneDrive corresponds to the 30-day delay hold in Exchange. For more information, see Managing mailboxes on delay hold.
Auditing retention configuration
Administrator actions for retention policies and retention labels are saved to the audit log when auditing is enabled. For example, an audit event is created when a retention policy or label is created, configured, or deleted. For the full list, see Retention policy and retention label activities.
PowerShell cmdlets for retention policies and retention labels
To use the retention cmdlets, you must first connect to the Office 365 Security & Compliance Center PowerShell. Then, use any of the following cmdlets:
When to use retention policies and retention labels or eDiscovery holds
Although retention settings and holds that you create with an eDiscovery case can both prevent data from being permanently deleted, they are designed for different scenarios. To help you understand the differences and decide which to use, use the following guidance:
Retention settings that you specify in retention policies and retention labels are designed for a long-term information governance strategy to retain or delete data for compliance requirements. The scope is usually broad with the main focus being the location and content rather than individual users. The start and end of the retention period is configurable, with the option to automatically delete content without additional administrator intervention.
Holds for eDiscovery (either Core eDiscovery or Advanced eDiscovery cases) are designed for a limited duration to preserve data for a legal investigation. The scope is specific with the focus being content owned by identified users. The start and end of the preservation period isn't configurable but dependent on individual administrator actions, without an option to automatically delete content when the hold is released.
Summary to compare retention with holds:
|Focus:||Broad, content-based||Specific, user-based|
|Start and end date configurable:||Yes||No|
|Content deletion:||Yes (optional)||No|
If content is subject to both retention settings and an eDiscovery hold, preserving content for the eDiscovery hold always takes precedence. In this way, the principles of retention expand to eDiscovery holds because they preserve data until an administrator manually releases the hold. However, despite this precedence, don't use eDiscovery holds for long-term information governance. If you are concerned about automatic deletion of data, you can configure retention settings to retain items forever, or use disposition review with retention labels.
If you are using older eDiscovery tools to preserve data, see the following resources:
SharePoint and OneDrive:
Use retention policies and retention labels instead of older features
If you need to proactively retain or delete content in Microsoft 365 for information governance, we recommend that you use retention policies and retention labels instead of the following older features.
If you currently use these older features, they will continue to work side-by-side with retention policies and retention labels. However, we recommend that going forward, you use retention policies and retention labels instead. They provide you with a single mechanism to centrally manage both retention and deletion of content across Microsoft 365.
Older features from Exchange Online:
- Retention tags and retention policies, also known as messaging records management (MRM) (deletion only)
Older features from SharePoint and OneDrive:
Document deletion policies (deletion only)
Configuring in place records management (retention only)
Use policies for site closure and deletion (deletion only)
Information management policies (deletion only)
If you have configured SharePoint sites for content type policies or information management policies to retain content for a list or library, those policies are ignored while a retention policy is in effect.
- SharePoint Online Limits
- Limits and specifications for Microsoft Teams
- Resources to help you meet regulatory requirements for information governance and records management
If you are ready to create retention policies, see Create and configure retention policies.
To create and apply retention labels: