Retention policies

Modified on Tue, 27 Aug, 2019 at 11:45 AM

Overview: this article is not designed to be an extensive discussion of this topic - "retention policies" can become a full-time job in larger organizations, and is often intertwined with compliance management roles. This article will give you taste of retention policies in the following scenario: auto-delete content from a specific mailbox.


With sufficient admin rights, go to https://protection.office.com or navigate to Admin > Security and Compliance

Our task is to auto-delete emails older than 1 month from a mailbox that sends low-sensitivity emails (there are no legal requirements to retain them, and no business reason to retain them). We simply want to prevent the Sent Items blocking up the mailbox quota. We'll tackle this in 2 steps:

  • Create a retention label that applies to content older than 1 month
  • Auto-apply that label to a specific Exchange mailbox recipient and email address


Step 1: create the retention label

(For more info, see this Microsoft article: https://docs.microsoft.com/en-us/office365/securitycompliance/retention-policies)

In Office 365 Security and Compliance navigate to Classification > Retention labels

Create a new label

  • Give the label a name, such as "Delete emails older than 1 month" (Next)
  • Unless you need specific "File plan descriptors", just click Next
  • Label settings: Retention [on], Retain [1 month], Delete the content automatically (Next > Create this label)


Step 2: auto apply the label to a specific email sender/mailbox

Click the Label polices tab and click Auto-apply a label

  • Choose the label that you just created (Next)
  • Select "Apply label to content that contains specific words or phrases, or properties" (Next)
  • Type in the following:
    from:sendername@mycompany.com (this applies the policy to email sent by sendername@mycompany.com)
    (For full reference see https://docs.microsoft.com/en-gb/office365/securitycompliance/keyword-queries-and-search-conditions)
    (Next)
  • Type a name for this policy, such as "Delete sendername@mycompany.com sent after 1 month" (Next)
  • Select "Let me choose specific locations" and only enable Exchange email
    • Under the Include column, click Choose recipients, and choose the recipient that this policy applies to (Next)
       
  • Click Auto-apply


It can take about 24 hours to apply a new policy



What next?

Retention policies and labels are more geared up to retain (keep) data and mark data as sensitive under GDPR or other laws. Due to the complexity and power of labels and policies, many organizations will choose to outsource this as a paid management task or employ their own in-house staff to oversee compliance management. Feel free to get in touch if you have a requirement.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article