New-RetentionCompliancePolicy
This cmdlet is available only in Security & Compliance Center PowerShell. For more information, see Security & Compliance Center PowerShell.
Use the New-RetentionCompliancePolicy cmdlet to create new retention policies in the Microsoft 365 compliance center.
For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax.
Syntax
New-RetentionCompliancePolicy
[-Name] <String>
[-Applications <MultiValuedProperty>]
[-Comment <String>]
[-Confirm]
[-Enabled <Boolean>]
[-ExchangeLocation <MultiValuedProperty>]
[-ExchangeLocationException <MultiValuedProperty>]
[-Force]
[-ModernGroupLocation <MultiValuedProperty>]
[-ModernGroupLocationException <MultiValuedProperty>]
[-OneDriveLocation <MultiValuedProperty>]
[-OneDriveLocationException <MultiValuedProperty>]
[-PublicFolderLocation <MultiValuedProperty>]
[-RestrictiveRetention <Boolean>]
[-SharePointLocation <MultiValuedProperty>]
[-SharePointLocationException <MultiValuedProperty>]
[-SkypeLocation <MultiValuedProperty>]
[-SkypeLocationException <MultiValuedProperty>]
[-WhatIf]
[<CommonParameters>] New-RetentionCompliancePolicy
[-Name] <String>
[-Comment <String>]
[-Confirm]
[-Enabled <Boolean>]
[-Force]
[-RestrictiveRetention <Boolean>]
[-TeamsChannelLocation <MultiValuedProperty>]
[-TeamsChannelLocationException <MultiValuedProperty>]
[-TeamsChatLocation <MultiValuedProperty>]
[-TeamsChatLocationException <MultiValuedProperty>]
[-WhatIf]
[<CommonParameters>] Description
New policies are not valid and will not be applied until a retention rule is added to the policy. For more information, see New-RetentionComplianceRule. In addition, at least one location parameter must be defined to create a retention policy.
To use this cmdlet in Security & Compliance Center PowerShell, you need to be assigned permissions. For more information, see Permissions in the Microsoft 365 compliance center.
Examples
Example 1
New-RetentionCompliancePolicy -Name "Regulation 123 Compliance" -ExchangeLocation "Kitty Petersen", "Scott Nakamura" -SharePointLocation "https://contoso.sharepoint.com/sites/teams/finance"
New-RetentionComplianceRule -Name RetUnlimited -Policy "Regulation 123 Compliance" -RetentionDuration UnlimitedThe first command in this example creates a retention policy named "Regulation 123 Compliance" for the mailboxes of Kitty Petersen and Scott Nakamura, and the finance SharePoint Online site. The second command creates a new retention rule named "RetUnlimited" and adds it to the retention policy created with the fist command.
Parameters
The Applications parameter specifies the target when Microsoft 365 Groups are included in the policy (the ModernGroups parameter is set). Valid values are:
Group:Exchangefor the mailbox that's connected to the Microsoft 365 Group.Group:SharePointfor the SharePoint site that's connected to the Microsoft 365 Group."Group:Exchange,SharePoint"for both the mailbox and the SharePoint site that are connected to the Microsoft 365 Group.- blank (
$null): This is the default value, and is functionally equivalent to the value"Group:Exchange,SharePoint".
| Type: | MultiValuedProperty |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Security & Compliance Center |
The Comment parameter specifies an optional comment. If you specify a value that contains spaces, enclose the value in quotation marks ("), for example: "This is an admin note".
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Security & Compliance Center |
The Confirm switch specifies whether to show or hide the confirmation prompt. How this switch affects the cmdlet depends on if the cmdlet requires confirmation before proceeding.
- Destructive cmdlets (for example, Remove-* cmdlets) have a built-in pause that forces you to acknowledge the command before proceeding. For these cmdlets, you can skip the confirmation prompt by using this exact syntax:
-Confirm:$false. - Most other cmdlets (for example, New-* and Set-* cmdlets) don't have a built-in pause. For these cmdlets, specifying the Confirm switch without a value introduces a pause that forces you acknowledge the command before proceeding.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Security & Compliance Center |
The Enabled parameter specifies whether the policy is enabled or disabled. Valid values are:
- $true: The policy is enabled. This is the default value.
- $false: The policy is disabled.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Security & Compliance Center |
The ExchangeLocation parameter specifies the mailboxes to include. Valid values are:
- A mailbox
- A distribution group or mail-enabled security group (all mailboxes that are currently members of the group).
- The value All for all mailboxes. You can only use this value by itself.
To specify a mailbox or distribution group, you can use any value that uniquely identifies it. For example:
- Name
- Distinguished name (DN)
- Email address
- GUID
You can enter multiple values separated by commas. If the values contain spaces or otherwise require quotation marks, use the following syntax: "Value1","Value2",..."ValueN".
If no mailboxes are specified, then no mailboxes are placed on hold.
| Type: | MultiValuedProperty |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Security & Compliance Center |
This parameter specifies the mailboxes to remove from the list of excluded mailboxes when you use the value All for the ExchangeLocation parameter. Valid values are:
- A mailbox
- A distribution group or mail-enabled security group
To specify a mailbox or distribution group, you can use any value that uniquely identifies it. For example:
- Name
- Distinguished name (DN)
- Email address
- GUID
You can enter multiple values separated by commas. If the values contain spaces or otherwise require quotation marks, use the following syntax: "Value1","Value2",..."ValueN".
| Type: | MultiValuedProperty |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Security & Compliance Center |
The Force switch specifies whether to suppress warning or confirmation messages. You can use this switch to run tasks programmatically where prompting for administrative input is inappropriate. You don't need to specify a value with this switch.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Security & Compliance Center |
The ModernGroupLocation parameter specifies the Microsoft 365 Groups to include in the policy. Valid values are:
- A Microsoft 365 Group
- The value All for all Microsoft 365 Groups. You can only use this value by itself.
To identify the Microsoft 365 Group, you can use any value that uniquely identifies it. For example:
- Name
- Distinguished name (DN)
- Email address
- GUID
You can enter multiple values separated by commas. If the values contain spaces or otherwise require quotation marks, use the following syntax: "Value1","Value2",..."ValueN".
| Type: | MultiValuedProperty |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Security & Compliance Center |
The ModernGroupLocationException parameter specifies the Microsoft 365 Groups to exclude when you're using the value All for the ModernGroupLocation parameter.
You can use any value that uniquely identifies the Microsoft 365 Group. For example:
- Name
- Distinguished name (DN)
- Email address
- GUID
You can enter multiple values separated by commas. If the values contain spaces or otherwise require quotation marks, use the following syntax: "Value1","Value2",..."ValueN".
| Type: | MultiValuedProperty |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Security & Compliance Center |
The Name parameter specifies the unique name of the retention policy. If the value contains spaces, enclose the value in quotation marks.
| Type: | String |
| Position: | 1 |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Security & Compliance Center |
The OneDriveLocation parameter specifies the OneDrive for Business sites to include. You identify the site by its URL value, or you can use the value All to include all sites.
You can enter multiple values separated by commas. If the values contain spaces or otherwise require quotation marks, use the following syntax: "Value1","Value2",..."ValueN".
| Type: | MultiValuedProperty |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Security & Compliance Center |
This parameter specifies the OneDrive for Business sites to exclude when you use the value All for the OneDriveLocation parameter. You identify the site by its URL value.
You can enter multiple values separated by commas. If the values contain spaces or otherwise require quotation marks, use the following syntax: "Value1","Value2",..."ValueN".
| Type: | MultiValuedProperty |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Security & Compliance Center |
The PublicFolderLocation parameter specifies that you want to include all public folders in the retention policy. You use the value All for this parameter.
| Type: | MultiValuedProperty |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Security & Compliance Center |
The RestrictiveRetention parameter specifies whether Preservation Lock is enabled for the policy. Valid values are:
- $true: Preservation Lock is enabled for the policy. No one -- including an administrator -- can turn off the policy or make it less restrictive.
- $false: Preservation Lock isn't enabled for the policy. This is the default value.
After a policy has been locked, no one can turn off or disable it, or remove content from the policy. And it's not possible to modify or delete content that's subject to the policy during the retention period. The only ways that you can modify the retention policy are by adding content to it, or extending its duration. A locked policy can be increased or extended, but it can't be reduced, disabled, or turned off.
Therefore, before you lock a retention policy, it's critical that you understand your organization's compliance requirements, and that you don't lock a policy until you are certain that it's what you need.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Security & Compliance Center |
The SharePointLocation parameter specifies the SharePoint Online sites to include. You identify the site by its URL value, or you can use the value All to include all sites.
You can enter multiple values separated by commas. If the values contain spaces or otherwise require quotation marks, use the following syntax: "Value1","Value2",..."ValueN".
SharePoint Online sites can't be added to the policy until they have been indexed. If no sites are specified, then no sites are placed on hold.
| Type: | MultiValuedProperty |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Security & Compliance Center |
This parameter specifies the SharePoint Online sites to exclude when you use the value All for the SharePointLocation parameter. You identify the site by its URL value.
You can enter multiple values separated by commas. If the values contain spaces or otherwise require quotation marks, use the following syntax: "Value1","Value2",..."ValueN".
| Type: | MultiValuedProperty |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Security & Compliance Center |
The SkypeLocation parameter specifies the Skype for Business Online users to include in the policy.
You can use any value that uniquely identifies the user. For example:
- Name
- Distinguished name (DN)
- Email address
- GUID
You can enter multiple values separated by commas. If the values contain spaces or otherwise require quotation marks, use the following syntax: "Value1","Value2",..."ValueN".
| Type: | MultiValuedProperty |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Security & Compliance Center |
This parameter is reserved for internal Microsoft use.
| Type: | MultiValuedProperty |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Security & Compliance Center |
The TeamsChannelLocation parameter specifies the Teams to include in the policy.
You can use any value that uniquely identifies the team. For example:
- Name
- Email address
- GUID
You can enter multiple values separated by commas. If the values contain spaces or otherwise require quotation marks, use the following syntax: "Value1","Value2",..."ValueN".
| Type: | MultiValuedProperty |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Security & Compliance Center |
The TeamsChannelLocationException parameter specifies the Teams to exclude when you use the value All for the TeamsChannelLocation parameter. You can use any value that uniquely identifies the team. For example:
- Name
- Email address
- GUID
You can enter multiple values separated by commas. If the values contain spaces or otherwise require quotation marks, use the following syntax: "Value1","Value2",..."ValueN".
| Type: | MultiValuedProperty |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Security & Compliance Center |
The TeamsChatLocation parameter specifies the Teams users to include in the policy.
You can use any value that uniquely identifies the user. For example:
- Name
- Distinguished name (DN)
- Email address
- GUID
You can enter multiple values separated by commas. If the values contain spaces or otherwise require quotation marks, use the following syntax: "Value1","Value2",..."ValueN".
| Type: | MultiValuedProperty |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Security & Compliance Center |
The TeamsChatLocationException parameter specifies the Teams users to exclude when you use the value All for the TeamsChatLocation parameter. You can use any value that uniquely identifies the user. For example:
- Name
- Distinguished name (DN)
- Email address
- GUID
You can enter multiple values separated by commas. If the values contain spaces or otherwise require quotation marks, use the following syntax: "Value1","Value2",..."ValueN".
| Type: | MultiValuedProperty |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Security & Compliance Center |
The WhatIf switch doesn't work in Security & Compliance Center PowerShell.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Security & Compliance Center |
Inputs
Outputs