In our last Microsoft 365 (M365) article we began to touch on retention capabilities within M365. A core retention capability within M365 is that of retention policies, which provide the ability to:
- decide whether to retain and/or delete information assets
- apply a single policy to the entire Agency or specific locations and users
- apply a policy to all content in a location or to content meeting certain conditions
Retention Policies are a great feature for organisations with relatively simple retention and disposal requirements. Policies work as a behind the scenes feature, and are applied to content matching policy settings without any end user intervention.
When a retention policy is applied to locations or information assets, people can continue to edit and work with information assets. However if a document is deleted or modified a copy of the document is retained in the Preservation Hold Library (PHL) in SharePoint or the Recoverable Items Folder (RIF) in Exchange. It is important to note that if content is deleted or modified:
- for deleted items the original document/email is moved to the Recycle Bin and deleted after 93 days (SharePoint, OneDrive, Teams) or Deletions folder and deleted after a default 14 days (Exchange)
- where a copy is taken, the copy will have its own GUID and it is not clear whether any relational link is created between the copy and the original (including audit history of the original)
- recycle bins are not indexed therefore any searches, including eDiscovery searches, will not be able to discover information assets within a recycle bin. However the PHL and RIF are indexed and searchable
PHL exist at a site collection level within SharePoint (or SharePoint backend solutions like Teams and OneDrive). The libraries are only created when the first item needs to be copied to the library, rather than when the retention policy is created. PHL are only viewable by Site Collection Administrators (or other admin roles with access to Site Collection Administrator permissions). Microsoft MVP Joanne Klein has written a helpful explainer on the Preservation Hold Library, including a table which documents PHL behaviours when particular site actions are performed.
The RIF in Exchange is hidden from end users, but content is discoverable via eDiscovery searches. Administrators with appropriate controls can perform actions on user RIF using the Exchange Management Shell. Users RIF storage quota, when a retention policy is applied to the mailbox, is automatically set to between 90GB and 100GB. If the auto-expanding archiving feature in Exchange Online is enabled, the storage quota for the RIF in the user’s archive will be unlimited.
When configuring a retention policy rules can be set to keep content forever, or dispose of content a certain period after the following retention triggers:
- the content was created
- the content was last modified
Retention Policy Gaps
Retention policies are unable to accommodate retention triggers that are event-based (e.g. date of termination, expiry of contract, date of birth, etc). While Retention Policies present a promising feature for managing simple retention requirements, the lack of disposition review process for Retention Policies leaves gaps in compliance if proof of defensible destruction is a requirement.
In the next part of our series we’ll look at Retention Labels in M365.
About the Author
Adelaide Copland has worked as an information specialist and CM/TRIM application administrator since 2014. Adelaide has experience in Microsoft 365 implementations, process improvement, records training delivery, development of policies and procedures, strategy and establishing digitisation programs.