Updated: February 2018 [Video added]
Updated: April 2018 [SharePoint items added]
Retention. It’s not the most exciting topic in the world of Office 365, but it is a very important one. It’s the feature that ensures your organization is keeping things for as long as you should and, just as important, disposing of things as soon as you should. My focus within Office 365 is on understanding the new Retention features and how they work across Office 365 collaboration services.
Retention policies are administered from the Security and Compliance Center in Office 365 within the Data governance section. Whether the policy has been defined via a published label (Label Retention across O365) or with a label by creating one directly within this Retention section, they will all appear on this page. A Retention policy can include content from not only Exchange mailboxes, public folders, Skype conversations, SharePoint sites and OneDrive for Business content but also Office 365 Group mail and files. A retention policy is the only feature that can both retain and delete content across Office 365. As content is spread across these services, this is a “one-stop shop” for retention. A very good thing.
Check out the official Microsoft link describing what a retention policy is and when you might want to have one: Overview of retention policies.
[Update April 2018] Retention policies and labels apply to both documents and items. Added an ‘Applies to Items too!’ section.
[Update February 2018] Here’s a short video I put together on how Retention Policies and Retention Labels work together to determine the retention for a specific site/document/item. They are not mutually exclusive – you can have a retention label and a retention policy both published to the same location. This will require lots of planning by your Information Management team!
Follow along for a quick walk-thru of adding a retention policy for an Office 365 Group’s site and the ‘magic’ behind the scenes.
#1 – Setting it up
Steps to create a location-based retention policy: (“over-arching” from the video)
- Navigate to the Security and Compliance Center. (https://protection.office.com)
- Under Data Governance … Retention … click Create(+).
- Follow a 4 step wizard:
- Enter a policy name and description.
- Decide if you want to retain content for a period of time and/or delete it after a certain length of time. Content can be either retained forever or for a specified period of time based on when the content was either created or last modified. You can specify advanced retention options whereby retention is applied to content containing certain keywords or phrases or sensitive information. There will be more capabilities added for this in the future with searchable managed properties.
- Choose whether you want to preserve content from all locations (Exchange email and public folders, Skype for Business, O365 Groups, SharePoint and OneDrive for Business document libraries) or select locations. Note: you provide the Site Collection URL and not a web URL when specifying a SharePoint site to apply the policy to. (Another great reason for a Flat SharePoint architecture!)
- Optionally turn on preservation lock. This will make the policy locked preventing it from being turned off. This is what give O365 the SEC 1784 compliance certification!
A message will display stating that it can take up to 1 day for the retention policy to be applied to the locations you specified. In my experience so far it’s applied much sooner than that. However, until it’s published it will have a status of On (Pending).
#2 – Preservation Hold Library
Important thing to know about a retention policy is if there is no specific label associated with it (it is an over-arching policy), the end-user working with the content really has no idea the policy is in effect from a content editing perspective. They can continue to add/change content as they normally would, all the while the retention policy is working silently in the background ensuring the content is being preserved in another hidden location.
This hidden location? The Preservation Hold library.
You will notice although this library appears as a list in ‘Site Contents’, it behaves like a library behind-the-scenes.
When I edit the document in either of the above sites, it will allow me to edit the document, but adds an item into a special library created on the site called the Preservation Hold Library (/sites/yoursitename/PreservationHoldLibrary).
It creates the library in the site (or subsite) you are making the change in and it only creates the library when it is required (I.e. the first time a change is made and an item needs to be inserted into the library, it will create the library if it doesn’t already exist). You must be a site collection administrator to see this library.
Here is the metadata on a Preservation Hold Library (I’ve highlighted the ones that are key to the preservation policy):
Note: if a retention label has been applied to a document/item, you will NOT be able to delete it if the label is configured to retain for a certain period of time.
The end-user will receive a message (image) when they try to delete it preventing them from deleting it. Changes to a document will still appear in the Preservation Hold library.
#3 – Policy is deployed… now what?
Any content added to the site after the retention policy was put into effect will be preserved after deletion. Changes on new content aren’t copied to the Preservation Hold library the first time it’s edited, only when it’s deleted. (Unless you have versioning turned on)
For example, on my O365 group I uploaded a document (my resume in the screenshot below) after the policy was deployed. I made 2 separate edits (saved each time) and then deleted the document. Only after I deleted the document did these 3 items get added to the Preservation Hold library on the site.
If an item exists at the time the policy was put into effect, the first time you make a change to the document it will insert an item into the Preservation Hold Library list (what the item was before the change). Subsequent edits on the document will not insert an additional item into the list, however if the document is ever deleted, all versions of the document will be inserted into the list as separate items.
For example, if this is the version history on a document at the time of deletion:
… when the document is first edited, a snapshot of the document and its metadata as it existed prior to the change is inserted as an item in the Preservation Hold Library (the last item identified as 40 minutes ago in the diagram below). Once the document is deleted, all previous versions are inserted as items into the Preservation Hold Library:
Applies to Items too!
Retention policies (and labels) also apply to SharePoint items. If you have an over-arching retention policy applied to a list item, it follows the same rules as a document for when it’s inserted into the Preservation Hold Library. For each item entry, it stores an excel document in the library to include the metadata for the item. If the item had attachment(s), they are stored as separate documents in the Preservation Hold Library.
#4 – Removing a Preservation Hold
Content in the Preservation Hold Library will be removed when one of these things happen:
- A policy administrator has changed the rules for what’s covered by the policy and the content no longer complies.
- The policy has been disabled.
- The policy retention end date has been reached.
- If retention is based on a label, the label was removed/changed.
The retained content is not deleted immediately – this is done by a timer process.
#5 – Legacy features
Things are changing. What we used to use for Retention and Deletion is no longer recommended. Instead, Microsoft is recommending you create a Retention policy for these things: (excerpt from the Microsoft link above)
- Holds created for eDiscovery in the Security & Compliance Center (eDiscovery hold)
- In-Place Hold and Litigation Hold (eDiscovery hold)
- Retention tags and retention policies, also known as messaging records management (MRM) (Deletion only)
SharePoint Online and OneDrive for Business:
- Holds created for eDiscovery in the Security & Compliance Center (eDiscovery hold)
- Holds created in the eDiscovery Center (eDiscovery hold)
- Document deletion policies (Deletion only)
- In place records management (Retention)
- Site closure and deletion policies (Deletion only)
- Information management policies (Deletion only)
Also, if you have any legacy preservation policies defined, they will still preserve the content in the Preservation Hold Library.
It is clear Microsoft is serious about Data Governance across all Office 365 services. Looking at the list of things we shouldn’t be using anymore in the Legacy features above, we need to work with Information Management teams to clear a path thru this new world of retention to help organizations get from where they are now to where they need to be.
I continue to watch this space closely as more capabilities are introduced over time.
Thanks for reading.