Office 365: Certificate of Destruction

Reading Time: 2 minutes

Blog post: 1 minute read.

I’m spending some time learning about the new unified Retention policies in Office 365. I really like the unified approach for retention and deletion policies as it is a “one-stop shop” to encompass all services across O365 including:

  • Exchange email
  • SharePoint sites
  • OneDrive accounts
  • Office 365 groups
  • Skype for Business
  • Exchange public folders

Over the past few years I’ve learned a lot about the Information Management discipline and how the new O365 collaboration services are disrupting their world in a big way. Information Management teams will need to translate their organization’s retention schedule into the capabilities of the Retention Labels/Policies feature in the Security & Compliance center in Office 365. Depending on the regulatory requirements of an organization, this task will range in complexity.

It is commonly advised by Records and Information Management (RIM) professionals that any and all retention periods applied to organizational information should be reviewed and approved for use by competent legal counsel, which represents the organization, and is familiar with the specific legal and regulatory requirements of the organization.

If the content doesn’t need to be retained indefinitely (no longer needed for any legal, user, historical or other purpose) and the retention period has elapsed, the content can be destroyed. The content is in fact being deleted in O365 as defined in the retention policies, however I’ve recently learned from our Information Management team that the process to destroy business content should follow an approval process and include an official certificate of destruction to formally assert that the content (business record) has been destroyed. (This may be requested by a litigation, government investigation or audit)

I do not see any feature in Office 365 for either an approval process or a certificate of destruction and I’m wondering if this gap between the Information Management world and the O365 world will be addressed thru a feature update.

I have added an idea in the UserVoice channel below to address this. Please give it a read, talk to your Information Management teams in your own organization about their perspective on this and give the idea a vote if you feel it’s worthy. 🙂

Office 365 Security & Compliance UserVoice – Certificate of Destruction


I’d love to hear your viewpoint on this requirement and how your organization is addressing it.

Thanks for reading!


One comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.