Adding Data Retention to Your Business Info in Microsoft 365
Way back in the ancient days of 2010, the world output of data was two zettabytes. A
zettabyte is a billion terabytes. In 2022 it was 74 zettabytes. Your business has probably
had a similar explosion of data. These days, computers capture and record almost
Data isn’t the only thing that has been exploding. Laws requiring businesses to keep
data have also been spreading rapidly. You need an easy way to keep the data you
must and dispose of the data you no longer need. Microsoft 365 data retention
capabilities can do that for you.
Retention Policies and Retention Labels
The difference between retention policies and retention labels is one of scope.
Retention policies apply to large containers like sites and mailboxes. Retention labels
work at a smaller level, like folders, documents, and emails.
If you want your retention settings to apply to an MS Exchange mailbox, use a retention
policy. If you want it to apply to a particular email, use a retention label.
In this example, if you move emails to a different mailbox and they don’t have retention labels, the email will not keep the retention policy of the old mailbox.
It will now have the retention policy of the new mailbox. But if you had a retention label on the particular email, its retention setting would not change because of the move.
Retention policies are used on:
- Exchange email
- SharePoint sites
- OneDrive accounts
- Microsoft 365 Groups
- Skype for Business
- Exchange public folders
- Teams channel messages
- Teams chats
- Teams private channel messages
- Yammer community messages
- Yammer user messages
Retention labels are used for items like:
- Tax forms
- Financial statements
- Sensitive information that needs special treatment
Retention labels give you more control at the item-level. You can start the retention
period from when the item is created, such as when an email is created. Or, you can set
the retention label to start on an event, such as when an employee leaves the company.
Employees can set retention labels manually. Or you can have the retention labels set
automatically. For example, you might set an automatic label for messages in Microsoft Teams. The retention label would attach to a message based on any of the following
- The message contains keywords you constructed a query to find.
- The message contains set types of sensitive information.
- The message matches a trainable classifier.
On SharePoint, you can set a default retention label for a library, folder, or document set. Files within any of these will inherent the default retention label of the container it’s
Adaptive Scopes vs Static Scopes
Retention policies and labels have either an adaptive scope or a static scope. What’s
the difference? Static scope labels are more concrete. There are only three options with
static scopes. Adaptive scope labels use queries.
With the static scope, you choose either:
- All instances for a specified location, meaning “organization-wide”
- Include specific instances for the location, meaning “includes”
- Exclude specific instances for the location, meaning “excludes”
There’s a problem with this process. What if an employee at the vice-president level is
set to include, but you set employees at the officer level for exclusion? Say the retention
period for officer-level employees is five years, but seven years for vice-presidents. One
day, the officer is promoted to vice-president. You’ll need to go in and change the
retention labels for that employee. There is a better way.
With adaptive scope, you could create a retention policy query that looks to the Azure
Active Directory for the job title. When the newly promoted employee’s job title changes
to vice-president, the retention policy for that employee would automatically change
everywhere. That relieves you of the need to go in and make all those changes.
Unfortunately, there are places where you must use static scopes. For example, Skype
for Business and Exchange public folders does not support adaptive scopes.
Which Retention Policies or Retention Labels Take Precedence?
With all these retention policies and retention labels, what if one policy says to do one
thing while another label says to do something else? Don’t worry. Microsoft 365 has you
covered with its four principles of retention:
- Retention wins over deletion
- The longest retention period wins
- Explicit wins over implicit for deletions
- The shortest deletion period wins
Retention wins over deletion example: Consider the following example of retention wins over deletion. There’s a retention policy for Exchange to keep emails for three
years, then delete. There’s a retention label on a particular email that says to retain for
five years. Microsoft 365 keeps the email for five years since the retention period wins
over the deletion. But in a more complex case, this rule might not be enough.
The longest retention period wins: There’s a retention policy to keep documents in SharePoint libraries for three years. This policy covers all SharePoint sites. Their Human Resources SharePoint site that has a document library with a retention policy of
seven years. Which wins, the three-year or seven-year policy? Under this principle, it
will be the seven-year policy for the human resources site.
Explicit deletions win over implicit deletions: What this policy really means is that labels win over policies where there’s a contradiction. Labels are explicit because they apply to the particular item. Policies are implicit because they apply to the container of items, then indirectly to the items themselves.
If you have a label that says delete after five years, but there’s a policy that says delete
after three years, you can’t delete until five years have passed.
The shortest deletion period wins: If you have two policies applying to the same
account, and one says to delete after seven years while the other says delete after ten
years, which wins? Microsoft 365 deletes after seven years.
Microsoft 365 retention policies can save you from dangerous issues like retention requirements and eDiscovery. But these policies and labels aren’t something most workers are used to working with. Without training, these robust retention methods go to waste.
At eSoftware Associates, we help companies like yours every day. We make sure users get the most of their Microsoft 365 plan. Sometimes, we see customers that have invested in other programs because they don’t know the full power of Microsoft 365. Let us save you from that costly mistake. Schedule a free consultation and quote today.