SC-401 - Retention and Data Lifecycle
Quick Navigation
Retention Overview
Microsoft Purview data lifecycle management helps organizations keep what they need and delete what they do not. Retention ensures that content is:
- Preserved for the required period (regulatory, legal, business requirement)
- Deleted when the retention period expires (to minimize data exposure and storage costs)
Two primary tools in Microsoft Purview for retention:
| Tool | Scope | Granularity | User Visible |
|---|---|---|---|
| Retention Policies | Broad - applies to entire locations (all mailboxes, all SharePoint sites) | Location-level, cannot target specific documents | No - users do not see them |
| Retention Labels | Granular - applies to specific items (individual documents, emails) | Item-level settings override location-level policies | Yes - users can see and (if permitted) apply labels |
Retention Labels
Retention labels provide item-level retention control. They can be manually applied by users, auto-applied by Purview based on conditions, or published for users to apply.
Retention Label Settings
| Setting | Options |
|---|---|
| Retention period | Fixed period (days, months, years) from: creation date, last modification date, label applied date, or a custom event date |
| At end of retention period | Delete automatically, trigger disposition review, or do nothing (keep but allow deletion) |
| Classify as record | Mark item as a regulatory or standard record (restricts editing/deletion during retention) |
| Retention period start | When was the retention clock started (creation, modification, event) |
Label Publishing vs. Auto-Apply
| Method | How | Use Case |
|---|---|---|
| Publish to users | Create a label policy targeting users/locations; users manually apply in Office apps, SharePoint, OD, Outlook | Content that users know needs specific retention (contracts, legal docs) |
| Auto-apply based on SIT | Purview automatically applies the label when content containing the specified SITs is found | PII-containing documents that require 7-year retention for regulatory compliance |
| Auto-apply based on trainable classifier | Applies label to content matching a classifier (e.g., tax documents) | Category-based retention of documents that are hard to pattern-match |
| Auto-apply based on cloud attachments | Applies label to files shared as cloud attachments in Teams and Outlook | Ensuring collaboration content is retained |
| Default label in SP library | Site admin sets a default retention label for a document library | All documents in a specific library get the same retention |
Retention labels survive content being moved between locations within Microsoft 365. If you move a labeled email from Exchange to Teams or a labeled document from one SharePoint site to another, the retention label stays with the item. Labels also travel within OneDrive sync when files are moved locally.
Retention Policies
Retention policies apply a single retention setting to an entire location (e.g., all Exchange mailboxes, all SharePoint sites). They are simpler than labels but cannot target individual documents.
Supported Locations
- Exchange Online mailboxes (email, calendar, tasks)
- SharePoint sites and document libraries
- OneDrive accounts
- Microsoft 365 Groups (mailbox + SharePoint site)
- Teams channel messages (requires Teams-specific retention policy)
- Teams private/shared channel messages
- Teams chats (1:1 and group chats)
- Viva Engage messages
Retain-Only vs. Retain-Then-Delete vs. Delete-Only
| Action | Behavior |
|---|---|
| Retain for X years | Content is preserved for X years even if user deletes it (recoverable); after X years, content can be deleted normally |
| Retain for X years then delete | Content preserved for X years; then automatically deleted by the service |
| Delete content older than X years | No preservation - content older than X years is deleted (useful for reducing data exposure of old content) |
For Teams and Viva Engage, retention policies must use dedicated Teams/Yammer locations - you cannot use Exchange policies to retain Teams messages. Teams messages (channel and chat) are actually stored in Exchange (in hidden mailbox folders), but retention for Teams is processed differently and requires Teams-specific policies to handle the data correctly.
Adaptive Scopes
Adaptive scopes allow retention policies and label policies to dynamically target users, groups, and sites based on Azure AD attributes and SharePoint properties, without having to manually maintain static lists.
Adaptive Scope Types
| Scope Type | Targets | Example Query |
|---|---|---|
| Users | Azure AD user accounts based on user attributes | Department = "Finance" OR City = "New York" |
| SharePoint sites | SharePoint sites based on site properties | Site template = "Team site" AND created after 2022 |
| Microsoft 365 Groups | M365 Groups based on group attributes | Group name contains "Legal" |
Benefits of Adaptive Scopes
- Automatically includes new users/sites that match the query when they are created
- Automatically removes users/sites that no longer match (e.g., when someone leaves Finance)
- Eliminates the need to manually add/remove users from static scope policies
- Supports OPATH query syntax for complex targeting
Adaptive scopes require Azure AD Premium P1 (for user and group attribute-based queries). They are defined as reusable scope objects in the Purview portal that can be applied to multiple retention or label policies. Changes to the scope query take effect within 5-7 days as the scope member list is refreshed.
Retention Precedence
When multiple retention policies and/or labels apply to the same content, Microsoft Purview uses a retention precedence order to determine which settings win. The general principle is: preserve always wins over delete, and longer retention wins over shorter.
Precedence Order (Highest to Lowest)
- Explicit retain over explicit delete: If one policy says retain and another says delete, retain wins
- Longer retention period over shorter: Among multiple retain settings, the longest period wins
- User deletion over automatic policy deletion: Explicit deletions by users happen after retention expires; policy auto-deletions happen at period end
- Retention label over retention policy: An item-level label overrides the location-level policy for that specific item
Practical Example
A SharePoint file has:
- A retention policy: retain all SharePoint content for 3 years
- A retention label: retain for 7 years (applied because it contains legal contract SITs)
The file will be retained for 7 years (label wins - it's longer and item-level), not 3 years. The retention policy still protects all other unlabeled files in SharePoint for 3 years.
The retention precedence rules mean you can safely layer retention policies and labels. Use retention policies for baseline coverage (all mailboxes retained for 3 years), and use labels for specific high-value content that needs longer or different retention. Labels never shorten what the policy would preserve - only extend or add granularity.
Records Management
Records management in Microsoft Purview handles formal records - documents that must be preserved in their original state for legal or regulatory reasons. Records management features are available in Purview Records Management (separate from Data Lifecycle Management).
Record Declaration Types
| Type | Description | Editing/Deletion |
|---|---|---|
| Record (standard) | Declared via retention label with "Mark as record" enabled | Edit locked; deletion locked until retention period expires (disposition review can unlock) |
| Regulatory record | Declared via retention label with "Mark as regulatory record" - highest restriction | Edit AND delete locked; even admins cannot remove the record status - requires regulatory authority approval to delete |
Regulatory records are the strictest form of retention control in Microsoft Purview. Once a regulatory record label is applied, it cannot be removed by any administrator - not even Global Admin. This is by design for industries like financial services (SEC 17a-4 compliance) and healthcare (HIPAA records retention). Be extremely careful deploying regulatory record labels - apply thorough testing before production rollout.
Disposition Review
Disposition review allows human reviewers to inspect content at the end of its retention period before it is permanently deleted. This bridges compliance requirements with legal review processes.
Disposition review workflow:
- A retention label is configured with "trigger a disposition review" at the end of retention
- When items reach end of retention, a disposition review task is created in Purview Records Management - Disposition
- Assigned reviewers inspect the items and choose: delete, extend retention, apply a different label, or no action
- Items awaiting disposition are preserved until a reviewer takes action
- All disposition decisions are logged for audit purposes
Disposition reviews can have multiple stages - for example, a first review by department managers, then a second review by legal counsel before deletion. Multi-stage approval is configured in the retention label settings. Proof of disposal (a disposition certificate) is generated automatically when items are deleted after review, satisfying regulatory requirements for documented destruction.
Popular Posts
1Z0-830 Java SE 21 Developer Certification
Azure AI Foundry Hello World
Azure AI Agent Hello World
Foundry vs Hub Projects
Build Agents with SDK
Bing Web Search Agent
Function Calling Agent
Spring Boot + Azure Key Vault Hello World Example
Spring Boot + Elasticsearch + Azure Key Vault Example
Spring Boot Azure AD (Entra ID) OAuth 2.0 Authentication
Deploy Spring Boot App to Azure App Service
Secure Azure App Service using Azure API Management
Deploy Spring Boot JAR to Azure App Service
Deploy Spring Boot + MySQL to Azure App Service
Spring Boot + Azure Managed Identity Example
Secure Spring Boot Azure Web App with Managed Identity + App Registration
Elasticsearch 8 Security - Integrate Azure AD OIDC