Office 365 Retention Policy Questions from the Field

Reading Time: 3 minutes

The idea of this blog post was borne from the “firehose” of questions I receive relating to retention policies thru my blog, social media, and from customers I work with in the Security & Compliance space. In the spirit of community and sharing, this post is my running list of common questions I’ve received over the recent past on Retention Policies in SharePoint and OneDrive and my answers.

If you have Retention Policy questions not listed here, let me know! If it makes the cut, I’ll add it to the list. 🙂

The questions in no particular order…


Q: What content is retained by a Retention policy on a SharePoint site? 

Answer: documents (all file types) from all libraries on a site, list items (including attachments), calendar items, site pages 


Q: Does content deleted on a site protected by a Retention policy go into the recycle bin? 

Answer: Yes. Content will automatically go into the SharePoint site’s recycle bin and will follow normal Recycle bin processing from that point. Content stored in the recycle bin counts toward your site’s storage quota. Due to the retention policy, the deleted content will also go into the Preservation Hold Library on the site.


Q: When does content retained in the Preservation Hold Library (PHL) get deleted? 

Answer: This is controlled by a periodic back-end timer job whose schedule you have no insight into. If the retention period has elapsed, any items in the PHL will be automatically moved to the second-stage recycle bin (not visible to anyone but a site collection admin) where they will be permanently deleted after 93 days. (**This is a recent change as it used to be permanently deleted from the PHL and not go into any recycle bin)


Q: What is the best way to find content being retained by a Retention policy? 

Answer: Content Search (and eDiscovery search) are the Compliance Admin tools to help you verify what’s being retained and to satisfy any regulatory requests/legal holds your organization may have.  


Q: Is content searchable in the Preservation Hold library from the SharePoint front-end search? 

Answer: Yes, but only by a site collection administrator. Search results will include content stored in the Preservation Hold library since a Site Collection Administrator has access to the library. In a user’s OneDrive, content in the PHL doesn’t appear in search results from a search done from SharePoint or OneDrive. Note: a Group Owner is also a site collection administrator, however content from the PHL doesn’t appear in search results for them. (a good thing)  


Q: Can I use the Preservation Hold library as a backup? 

Answer: No. This is not a point-in-time snapshot of a site’s content, but a log of all changes and deletions made to content across the site. 


Q: Does space consumed by the Preservation Hold library count toward my Site Collection storage quota? 

Answer: Yes. This is included in the storage consumed by the Site Collection it’s in. This is something you must take into consideration as long-range retention policies (which many are) can consume a significant amount of site collection space over time.


Q: Can I have a Disposition Review on content deletion when it’s under a Retention Policy? 

Answer: No. A Disposition Review is only allowed on content retained via a Retention label (published by a Label Policy). Content deleted via a Retention policy will automatically go to the second-stage recycle bin for 93 days and will then be permanently deleted. 


Q: Can I have a Retention label and a Retention Policy published to the same location? 

Answer: Yes. On the same piece of content, the Retention label will apply over a Retention policy because a Label is considered an explicit retention and it takes precedence over an implicit retention (Retention Policy). 


Q: When a Retention Policy is published to a Microsoft Teams channel messages, does it apply to both standard and private channels within the Team?

Answer: No. Not yet. Only standard channel posts are included when you publish the retention policy to the Microsoft Team. The content for a standard channel is retained in the Team’s Group mailbox recoverable items partition.


Q: When a Retention Policy is published to a Microsoft Teams SharePoint site, does it apply to both standard and private channel files within the Team?

Answer: No. You need to specify multiple SharePoint sites for the retention policy:

  1. The main SharePoint site backing the Microsoft Teams to include all standard channel content stored in SharePoint.
  2. The SharePoint site URL for EACH private channel’s site collection to include each private channel’s content stored in SharePoint.

Q: If a Retention Policy has been configured to retain and ‘Do Nothing’, what happens to content in the PHL after the retention period?

Answer: The back-end timer job will delete the content out of the PHL during it’s clean-up process.


Keep the questions coming… 🙂

-JCK

Credit: Photo by Laurent Peignault on Unsplash

45 comments

  1. Hi Joanne. Very helpful as usual. I’m wondering what happens to items in the PHL where the retention policy is retain and then ‘do nothing’. In which case, are the items automatically deleted from the PHL at the end of the retention? Also, as a Group Owner and thereby site collection administrator I believe I can access the PHL and retrieve items, say that were inadvertently deleted by a user. I have done this using views including the original location column. Actually, it would be really helpful to search the PHL so I’m surprised this doesn’t work for me as Group Owner even though I can access the PHL. BTW I found your ‘what’s in it for me’ article for Ignite 2018 most informative. Are you preparing similar for Ignite 2019? Many thanks.

    1. Hi Keith,
      In answer to your first question, if a retention policy is for retention with ‘do nothing’ at the end of the retention period, the PHL is cleared out.
      The decision to allow a Group Owner to see the PHL in the Site Contents but not in Search is something you’ll have to ask the Microsoft engineering team. 🙂
      Thanks for the feedback on the Ignite 2018 presentation. If I can get some cycles, I will try and put something together for 2019 – I had a lot of positive feedback on it and helped to look at the announcements thru a different lens.
      Thanks!
      -JCK

      1. Hi Keith – another follow-up. If you add yourself as an explicit Site Collection Administrator you will be able to search and return results within the PHL. My preference would be for a Group Owner to not see it in the Site Contents nor be able to return the results in search and have that capability only available to an explicitly-named SCA. Interacting with the PHL is an administrative function and “most” Group Owners won’t understand the purpose of this library and it shouldn’t be treated like a regular library.
        -JCK

  2. Hi,

    Do you know about a workaround for deleting retention labels marked as a record? The labels themselves seem to be protected so they cannot be edited or deleted as soon as the ‘mark as record’ box is checked. I can delete the policy, but it would be good to be able to remove labels used for testing.

    1. Hi Eliz, No workaround. There is currently no way to remove them, even thru PowerShell. They are there forever.

      I don’t know if Microsoft is planning on adding capabilities for that, but it’s not there today.
      -JCK

  3. I am confused by your answer If a Retention Policy has been configured to retain and ‘Do Nothing’, what happens to content in the PHL after the retention period?

    Answer: The back-end timer job will delete the content out of the PHL during it’s clean-up process.

    The info panel next to the “No” tick box on the question “Do you want us to delete it after this time” it seems it just sits there forever and it becomes manually deletable..

    Perhaps your “Do Nothing” option is a different setting…

    1. Hi Carl,
      In this scenario, any content in the PHL will go thru the clean-up process to be deleted after the retention period is complete. The content in the SharePoint site won’t be deleted, just the PHL content. The content in the SharePoint site will remain after the retention period since no instruction was sent to delete it. The content can be manually deleted after that or left in place since there will be no retention policy retaining it anymore. Keep in mind, depending on the retention policy settings, if you were to modify a document and you were basing the retention on ‘last modified’, then retention would start all over again for that document.
      Hopefully this clarified my answer.
      -JCK

  4. Looks like we can apply a retention policy via outlook rule to filter down to specific emails via the gui. But I don’t see a powershell command like set-retentionpolicy or new-inboxrule that supports this. Am I missing something?

    1. Hi JD,
      Those are not the retention policies published thru the S&C Center. They are Exchange retention policies (ootb) and any Retention Labels you have published to your Exchange environment – end-users can manually apply one of those Retention Labels to an email. I’ve never configured retention policies using an Outlook rule and instead prefer to use the central repository of retention policies in the S&C to publish to exchange since these same policies can ALSO be published to other workloads (SharePoint, OneDrive). There are numerous PowerShell cmdlets for that, however I don’t know what’s available for what you’re trying to do.
      Hopefully that clears up the difference.
      -JCK

      1. I created the labels in S&C and then published the policy to Exchange. I think the reason I’m stuck using these retention policies in rules is because of the need to filter on emails with attachments and in the sent folder which outlook marks as a client side only rule. The thing I’m failing to find is a way to auto apply with this level of granularity. Thank you for your input!

  5. We are using broad retention policy for the purpose of clean up / content deletion (ex: delete 3 years after last modified) AND we are using retention labels to mark selected content with a longer more defined file plan label (ex: keep these documents for 8 years). We have some worried folks who want a simple way to “see that content will be / just was “deleted by the retention policy” as they may have missed marking it with a defined retention label. Any suggestions on how best to reveal this information, routinely to end users, or possibly to group / site owners?

  6. Hi,
    We have setup a “Forever” retention policy in Office 365 covering SharePoint and OneDrive files. Does this mean that we can retrieve any file that was ever created in SharePoint or OneDrive? even files from user accounts that have been deleted?

    Thanks for any advice.

    1. Hi Antony, Yes. If there’s a retention policy on a user’s OneDrive and they leave, their OneDrive SharePoint site will NOT be deleted due to the retention policy. It will still be discoverable by an eDiscovery or Content Search.
      -JCK

  7. Hi Jo, really helpful article, thanks! Does the GUID remain the same for a document that is in the recycle bin and the PSL copy?

    1. Hi A Copland, if by PSL you mean PHL (Preservation Hold Library) then they are completely separate documents (it’s a copy) so the GUID would be different.
      -JCK

  8. Hi Joanne-

    What happens when you restore a file that has been deleted by a retention label or policy? Does the that file’s label or policy get excluded the next time the job runs? Does the label or policy get reapplied?

    Thanks,

    Matt

    1. Hu Matt, I’ll have to do some testing to be able to definitively answer each question above. This will take some time.

      I would say if you restored a file and it still had the retention label on it, the next time the backend process runs, it will delete it again. On the retention policy side, if you only restored it and didn’t modify it once restored, i *think* it would delete it the next time the backend process runs.

      -JCK

  9. Is it possible to exempt file extension from the Retention, e.g. Video files, Image files, that would use a lot of storage and might not be relevant e.g. for an investigation?

    1. Hi Franck,
      You could do it by having an auto-apply condition in the retention policy or label policy that excluded the filetypes you wanted… you would put “NOT filetype:aspx” (without the quotes) in your condition. THis is the only way I believe you could automatically exclude them. Similarly, you can use this syntax to perform a search against content.
      -JCK

  10. Hi Joanne,

    great post btw 🙂

    A question regarding Teams and Retention Policies:

    Lets assume you have a retention policy that contains “Groups” as scope with 1 Year retention based on the modified date. So all Teams / Groups Mailboxes and SPO Sites (even the Private Channels) are protected by the Retention Policy. What happens now if you delete the Team?

    1. Will the SPO Site collection(s) be kept until the last items modified date retention expires and then deleted on a Site Collection level?
    2. Will the SPO Site collection(s) be kept forever and only the content will be kept until the 1 year expires?

    Will access to the SPO Site be prevented after the Teams has been deleted?

    1. Hi Daniel,
      If you delete a team whose content is under a retention policy, the following will happen:
      1. It will be removed from the Teams UI and so end-users will no longer see it there
      2. The Office 365 Group backing the Team will be in the ‘Deleted Groups’ and will be deleted after 30 days ( I believe)
      3. The site collection will remain in tact (you will still be able to browse to it) and the content within it will be kept for the duration of the retention period. The site collection will not be deleted assuming you will still have the retention policy published to the Group. If you navigate to the SP Admin Center, there will be a message on the Site Collection stating “The site has a compliance policy set to block deletion”.
      I would recommend trying this yourself by setting up a test with a “Test” team.
      -JCK

      1. Hi Joanne
        I’m getting a different experience when the Office 365 Group is permanently deleted (say using the admin centre) having applied retention policies to the specified Teams (channels) and Office 365 Group (but not SharePoint sites) and a retention label policy to the Office 365 Group.
        Firstly, as an owner of the Office 365 Group, I get ‘access denied’ to the site collection when trying to browse to it.
        Secondly, the retention policies do not protect the site collections associated with the private channels. I get a ‘404 error’ when trying to browse to it.
        Please can confirm this is correct and, if so, what should we do to get / continue having browse (or any) access to the site(s)?
        Thanks
        Keith

      2. Hi Keith,
        To be honest, I don’t feel comfortable providing guidance on your specific scenario. There’s way too many variables at play for me to assist thru this channel. To be clear, I have not done extensive testing on deleting Teams, Groups, etc. on sites that have retention policies enabled on them and particularly with those Teams that *also* have private channels. On the Team I did delete, for the time being I’m still able to directly access the SP site, however I’m not sure what will happen once the Group gets deleted after the 30 days. I’m assuming in your case the Team was deleted in error? My first reaction would be to try and restore the Group (however if you’ve permanently deleted it, that may not be an option in your case). I’d advise talking to Microsoft about next steps as they will be able to help troubleshoot. Sorry I can’t help you more.
        -JCK

      3. Hi Joanne

        Apologies for the complex scenario. Please could you update this post when your Office 365 Group is permanently deleted (either through the admin centre or after 30 days) to say whether you can browse to / access the site. It undermines the value of applying retention policies if the site and its content becomes inaccessible when its Office 365 Group / Teams is (permanently) deleted.

        Thank you

        Keith

      4. Hi Keith,
        Until I’ve tested it extensively, I’m uncomfortable putting anything in that post on what will exactly happen if content that is under retention has its Group/Team deleted. I’m tempted to put something in there like “please do not delete a Group/Team if there is a retention policy in effect for it”. In your opinion is this a reasonable thing to expect? i.e. a Retention policy would assume there is content that needs to be kept and that content is kept in the container being deleted. I’m not sure what the correct back-end behavior should be – perhaps not allow it to be deleted in the first place? Just throwing out ideas.
        -JCK

      5. Hi Joanne

        I think it reasonable to expect a retention policy applied to a specific Office 365 Group to preserve the group and its associated site, and a retention policy applied to a specific Teams (channels) to preserve the teams and its associated group and site or sites, say if the teams has some private channels. Perhaps this is on user voice?

        In the meantime, keep the number of owners to a minimum and train them, remove the ability for teams members to create private channels, and do not permanently delete Office 365 Groups in less than 30 days, so mistakes can be corrected. For example, I’ve seen an owner mistakenly ‘delete the team’ when the meant to ‘hide’ it.

        Keith

  11. hi Joanne – quick question as you have recommended using “NOT filetype:” in the advanced settings of a retention policy. does this mean that “NOT FileExtension:” could also be used? Is there an advantage to using one over the other? We’re trying to ensure that the PHL does not become cluttered with temp files so ideally i’d like to use “NOT FileExtension:TMP” – Thanks

  12. Hi Joanne,

    quick question: I apply a Retention Label to all Office 365 Groups for a duration of 10 Years. Then I create a new Team and this gets the Retention Policy so the SPO Sites content is under retention for 10 Years. When will the site collection be deleted:

    1. Never
    2. After the last document in the site collection hits the 10 years retention limit

    Thank you
    Daniel

    1. Hi Daniel,
      You’re potentially referring to 2 types of retention so I just want to clarify… a retention label gets published to a Group and then the granular content within the site can optionally have that label applied (either users can set it manually on a document or it can be automatically set (if you have the license to do so)). For clarity, let’s call that type of policy a “Retention label policy”. Your second reference of “Retention Policy” is a retention model where everything in the container is under a retention and the end-user is unaware it is there.
      In either case, the container (site collection) will NEVER be deleted at the end of the 10 years. Retention applies to the granular items: documents, emails, etc. and not the container they live in.
      Hope that helps.
      -JCK

  13. Hi Joanne,

    I wanted to check with you if you have faced the scenario described below and if yes, is there a way to get out of it?

    Scenario:

    I have defined a retention policy on SharePoint Online sites to retain content for 10 years and after the retention period is complete, delete the files – ‘Delete Only’ policy. Now, I have a site which has migrated content which dates back to 1997 and I have noticed that all the files older than 10 years are getting deleted by the retention policy.

    Is there any way to stop this?

    I tried the following approaches, but the file deletion is still in progress:

    1. I updated the policy from ‘Delete-Only’ mode to ‘Retain-Only’ mode. I used PowerShell for this because the web interface of Office 365 Security & Compliance Center does not allow this change.

    2. Since step #1 did not work, I excluded the site from the retention policy, but even then the deletion is still in progress.

    P.S: There are around 100,000 files on this site.

    1. Hi Vinod,
      The retention policy is doing exactly what it was configured to do by the sounds of it. If you’re looking to restore this content, i would open up a ticket with Microsoft on the proper course of action. I’m not comfortable advising you on this.
      -JCK

  14. Hi Joanne,

    If an F1/F3 onedrive user under ‘S&C keep forever onedrive retention’ consumed all available space (2GB).. then deleted all 2GB from onedrive and recycle bin.. should that free up 2GB of space for that user? So far it seems that retention is preventing that 2GB of data from being deleted from the hidden preservation hold area.. which is not allowing the user to add anymore data… even though the user does not see any files in onedrive (looks empty).

    Thanks,
    Phil

    1. Hi Phillip, I’ve never ran into this but it makes sense. The PHL does contribute to the storage quota so if it’s reached 2GB for the site and that’s your quota, it’s full. If you are required to keep the “retain forever” then you will have to give the user more space in his OD site.
      -JCK

  15. Hello Joanne, I have a retention policy that says retain Teams channel chats for 5 years and then delete. Say, I go apply a label to a specific O365 group that says ‘if the label is applied to a group, delete it within 1 day from when its applied’. Are the Team channel chats still e-Discoverable once group gets deleted?

    What I need to happen is, at some point I go delete the group. I just want teams chats to be gone as well and not be e-Discoverable.

  16. Hello Joanne, we have a retention policy in place for Teams channel messages like this: Retain for 5 years and delete. We have another scenario where we have to get rid of channel messages asap, say, once I delete the O365 group.

    Given the retention policy in place, is it even possible to achieve this? I was hoping I can add a label ‘explicitly’ to a group/team/mailbox. The label says: Delete tagged content in 1 day of application. But looks like I cannot add a label to those ‘containers’.

    1. Hi crs,
      Couple of things:
      – because you have a retention policy applied to Teams channel messages, you need to address this before deleting the group. You should exclude the Team you’re about to delete from the retention policy. This will take awhile to take effect (i.e. it’s not immediate). Only after that, should you delete it.
      – you can’t apply a retention label to a group/team/mailbox
      – I would challenge your initial retention policy requirement if you’re allowed to delete the content prior to the retention period ending in the other ‘scenario’ you describe. Is this an exception? If so, you will have to have a workaround like I mentioned above.
      Hope this helps.
      -JCK

  17. Has anyone successfully applied a retention policy to a private channel, and seen the Preservation Hold Library appear in the site contents?

  18. Hi Joanne,
    Is it possible to have a Sensitive Info Type (containing Keywords), which can automatically apply both Sensitivity & Retention labels when the keyword is found.
    Regards,
    Matt

    1. Hi Matt, they’re configured in different areas of the Compliance Admin Center but individually yes you can.
      -JCK

  19. Hi Joanne,

    I have a OneDrive requirement that files must be deleted from OneDrive via a retention policy if the “Last Modified” date is older than 90 days.

    Question 1: To achieve this I would setup a retention policy for OneDrive only?
    Select “No, just delete content that’s older than:
    90 Days
    Delete the content based on: When it was last modified.

    Question 2: When a file is deleted via the retention policy above does it go into the first or second stage recycle bin, PHL or is it permanently deleted?

    Question 3: If a user copies a file from a network share with a last modified date older than 90 days is that file flagged for deletion (assuming the retention policy above is in place)?

    E.g. I copied a file with a “Date Modified” of 12/22/2014 to OneDrive. I did notice a “Date Created” column of the one drive file says the date I copied it to OneDrive. Maybe does it evaluate this date as well?

    Just trying to avoid users copying older content to work on in OneDrive and the retention policy deleting it immediately.

    I’ve been trying to mock this scenario up in my own M365 environment but retention policies can take up to a week before they kick in (Makes it challenging to work with and see the outcomes of settings).

    Please delete my previous Reply and use this one.

    Thank you in advance!

    Stephan

    1. Hi Stephan, I’ve decided to answer your questions in the form of a blog post as I have limited time, I want to expand the reach of the answers. It is scheduled for publish on Monday morning (August 24). Please watch for it – hopefully it’s answered all of your questions. 🙂
      -JCK

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.