ComplianceSecurity and complianceIntermediate26 min read

What Is Retention label? Security Definition

Reviewed byJohnson Ajibi· Senior Network & Security Engineer · MSc IT Security

This page mentions older exam versions. See the Current Exam Context and Legacy Exam Context sections below for the updated mapping.

On This Page

Quick Definition

A retention label is like a rule sticker you put on a file or email. The sticker tells the computer how long to keep that item and whether to delete it or keep it forever once the time is up. You can apply labels manually or set them up to apply automatically based on rules. They help organizations follow legal rules and keep only what they need.

Commonly Confused With

Retention labelvsSensitivity label

A sensitivity label controls who can access data and how it can be used, such as encrypting a document or adding a watermark. A retention label controls how long data is kept and what happens when it expires. They are complementary but serve different purposes. You can have both on the same item.

A document with financial data might have a sensitivity label that says Confidential and requires encryption, and a retention label that says Keep for 7 years.

Retention labelvsRetention policy

A retention policy applies to an entire location (mailbox, SharePoint site, OneDrive account) and treats all items the same. A retention label applies to individual items and allows different rules for different items within the same location. If you need to keep all invoices for 5 years and all contracts for 7 years, you must use retention labels because policies cannot split by content type.

A retention policy on a SharePoint site keeps everything for 3 years. A retention label on an invoice document keeps only that invoice for 5 years.

Retention labelvsData loss prevention (DLP) policy

A DLP policy monitors and prevents the sharing of sensitive data (like credit card numbers or social security numbers) outside the organization. It does not control how long data is retained. Retention labels have no DLP capabilities; they only control lifecycle. An item might have both a DLP policy (to prevent sharing) and a retention label (to manage deletion).

A DLP policy blocks an email containing a credit card number from being sent externally, while a retention label on that same email keeps it for 3 years.

Retention labelvsLitigation hold

Litigation hold is a temporary legal hold that prevents any deletion of a user’s mailbox or SharePoint content during a lawsuit. It is applied by an administrator and typically covers all items. Retention labels are a permanent, rule-based retention that applies to specific items. Litigation hold overrides retention labels if the hold period extends beyond the label’s retention period.

A user on litigation hold cannot delete any emails even if they have a retention label that says delete after 1 year, because the hold suspends the deletion.

Must Know for Exams

Retention labels appear primarily in Microsoft 365 certification exams, including the MS-101 (Microsoft 365 Mobility and Security), SC-300 (Microsoft Identity and Access Administrator), and the newer SC-400 (Microsoft Information Protection Administrator). While the term is most strongly associated with these Microsoft-focused exams, it can appear in general IT compliance certifications like CompTIA Security+ (SY0-601 or SY0-701) under the domain of data governance and retention policies, though at a much higher level without Microsoft-specific details.

In the MS-101 exam, candidates need to know how to create, publish, and apply retention labels. The exam objectives include configuring retention policies and labels, understanding the difference between static and adaptive scopes, and knowing when to use a label versus a policy. Expect scenario-based questions where you must decide which tool (retention label, retention policy, or sensitivity label) meets a given compliance requirement.

In the SC-400 exam, retention labels are a major topic. Objectives include planning and implementing a retention label strategy, configuring auto-apply labels using trainable classifiers, and managing records using retention labels with the record or regulatory record option. You might be asked to troubleshoot why a label did not apply, or why a deleted item reappeared in the preservation hold library.

For CompTIA Security+, retention labels appear under the data lifecycle management domain. You will not be asked about Microsoft 365 specifics, but you will need to understand the concept of data classification labels that control retention and disposition. Questions might present a scenario about a company needing to keep financial records for seven years and ask which approach meets that requirement. Knowing the general concept of item-level retention labels versus container-level policies will help you eliminate wrong answers.

In all exams, a common question pattern involves distinguishing retention labels from sensitivity labels. Retention labels control how long data is kept and what happens when time expires. Sensitivity labels control who can access the data (encryption, permissions). This distinction is tested frequently.

Simple Meaning

Imagine you have a filing cabinet at home full of papers. Some papers are very important, like tax returns, which you need to keep for seven years. Other papers, like old supermarket receipts, you can throw away after a month. A retention label is like a color-coded sticker you put on each file folder. The blue sticker says keep for one year then shred it. The red sticker says keep for seven years then shred it. The green sticker says keep forever.

In the digital world, a retention label works the same way but for emails and documents. You or your company can apply a label to an email or a Word file. That label carries instructions. It tells Microsoft 365 or SharePoint how long to keep that item. When the time is up, the system either deletes the item permanently or just marks it as expired. This is important because companies have a lot of data. If they keep everything forever, they waste storage and might break privacy laws like GDPR. If they delete things too soon, they might lose something they needed for a lawsuit. Retention labels solve this by automating the decision. You set the label once, and the system handles the rest.

You can also make labels apply automatically. For example, you can create a rule that says any email with invoice in the subject line gets a retention label that says keep for three years. This way, employees do not have to remember to label everything themselves. The system does it for them. This is very useful in large companies where thousands of emails and documents are created every day.

Full Technical Definition

A retention label is an Azure Information Protection (AIP) and Microsoft Purview compliance feature used in Microsoft 365 (Exchange Online, SharePoint Online, OneDrive for Business, and Teams) to govern how long content is preserved and what action occurs upon expiration. Retention labels differ from retention policies in that labels are applied at the item level (each document or email gets its own label), while policies apply to a container (such as a SharePoint site or a user mailbox).

Retention labels support a variety of actions. The two primary actions are retain for a specified period and then delete, or retain forever. You can also set them to only delete after a period with no prior retention (effectively a deletion-only label). Labels can mark content as a record, which locks the file and prevents any modification or deletion by users, even by administrators, until the retention period expires. This is crucial for legal compliance and audits.

Technically, retention labels are stored in the Azure Active Directory tenant and are published through a label policy. The label policy specifies which users and groups see which labels in their Outlook, SharePoint, or OneDrive. When a user applies a label, the metadata containing the label GUID and retention date is written to the item. In Exchange Online, the label instructs the Managed Folder Assistant to move the item to the user’s Purges folder on the specified date. In SharePoint and OneDrive, the label triggers a timer job called the Compliance Job that runs every 24 hours to evaluate items with retention labels and take the appropriate action.

There are two types of retention labels: published labels and auto-apply labels. Published labels are manually selected by users in the Outlook or SharePoint interface. Auto-apply labels use machine learning, sensitivity labels, or content types to automatically assign a label. Auto-apply rules use KQL (Keyword Query Language) queries, sensitive information types (like credit card numbers), or trainable classifiers (like “contract” or “resume”). When a condition is met, the label is applied programmatically.

A critical technical detail is that retention labels override user deletion. If an item has a retention label that says keep for five years, a user cannot permanently delete that item until the five years are up. The item can still be deleted from the user’s view, but it is moved to the preservation hold library in SharePoint or the recoverable items folder in Exchange. Only retention label removal, which requires elevated permissions, can change this behavior. This makes retention labels a powerful tool for legal hold and eDiscovery, but it also requires careful planning to avoid accidentally locking data forever.

Real-Life Example

Think of a public library. The library has thousands of books, magazines, and newspapers. They do not keep every book forever. Bestsellers might stay on the shelf for two years. Reference books like encyclopedias might stay for ten years. Old newspapers might be thrown out after one week. The librarian uses color-coded stickers on each book’s spine to remember these rules. A red sticker means return the book to the archive after one year. A blue sticker means donate or recycle after three years. A gold sticker means keep it forever.

Now imagine that instead of a librarian, the library has a smart robot that checks every book’s sticker every night. When a book’s time is up, the robot automatically moves it to the donation bin or the recycle bin. This is exactly what a retention label does in an IT system. The label is the sticker. The robot is the Microsoft 365 compliance system that runs scheduled checks.

Here is where it gets more specific. Suppose you work in HR and you have a folder of employee contracts. Each contract has a legal requirement to be kept for seven years after the employee leaves. You could manually check each contract every year, but that is a lot of work. Instead, you create a retention label called Employee Contract – 7 Years and apply it to every contract file. The label carries the instruction: keep this file for seven years after the employee’s end date, then delete it. The system automatically tracks the date. If an employee left on January 15, 2024, the file will be deleted on January 15, 2031. You do not have to think about it again. This is why retention labels are so valuable in real offices.

Why This Term Matters

In the real IT world, data grows exponentially. Every email, every document, every Teams message takes up storage space and creates potential legal exposure. If a company keeps everything forever, they will eventually run out of storage and become a target in lawsuits because plaintiffs can request all that old data in discovery. If a company deletes everything too soon, they might violate regulations like HIPAA, GDPR, or SOX that require certain records to be kept for a minimum number of years.

Retention labels are the tool that balances these two needs. They allow IT administrators to enforce a data governance policy without relying on every employee to remember the rules. Once a label is set, the automation takes over. This reduces the risk of human error, like accidentally deleting a contract that should have been kept for seven years.

From a practical IT perspective, retention labels integrate directly with Microsoft 365, the most common productivity suite in enterprises. An IT professional working with Exchange Online, SharePoint, or Teams must understand retention labels to implement any kind of compliance policy. Without them, the organization is either over-retaining (wasting money and increasing risk) or under-retaining (breaking laws). In audits, regulators often ask to see the retention schedule and proof that it is enforced. Retention labels provide that proof through audit logs.

retention labels support records management. In many industries, certain documents must be declared official records that cannot be altered or deleted. Retention labels with the “regulatory records” setting enforce this with system-level locks that even administrators cannot bypass. This is critical for financial services, healthcare, and government sectors. Understanding how to configure and apply these labels is a core skill for any IT professional working in a regulated environment.

How It Appears in Exam Questions

Retention label exam questions often follow three main patterns: scenario-based decisions, configuration steps, and troubleshooting issues.

Scenario-based questions present a compliance requirement and ask which tool to use. For example, you might read: A company needs to automatically retain all contracts in SharePoint for seven years after the contract end date, and then permanently delete them. They also need to ensure that no user, including administrators, can delete a contract before the seven years end. Which should you use? The correct answer is a retention label configured to mark items as a record, with a retention period based on the contract end date. Wrong answers might include a retention policy (which applies to all content in a site, not item-level), a sensitivity label (which controls access, not retention), or a data loss prevention policy (which prevents sharing, not retention).

Configuration sequence questions ask you to put steps in order. For instance: You need to create a retention label that automatically applies to emails with confidential in the subject. Which order is correct? 1) Create the label with desired retention settings. 2) Create an auto-apply label policy using a KQL query for subject:confidential. 3) Publish the policy to the correct users. 4) Wait for the Managed Folder Assistant to process the labels. This tests understanding that the label must exist before the auto-apply policy references it.

Troubleshooting questions often involve a label not showing up or not applying. Example: Users in the sales department do not see the retention label named Sales Contracts in Outlook. They can see other labels. What is the most likely cause? The answer could be that the label was published only to specific groups but the sales team group was not included in the label policy scope. Another common issue: a user applies a retention label to a document in SharePoint, but the document can still be deleted by others. Why? Because the label was not set to mark items as a record. Without the record marking, users can still delete the item, though the deleted copy goes to the preservation hold library. The question might ask how to ensure deletion is blocked entirely. The fix is to edit the label and enable the setting “Mark items as a record.”

Another frequent tricky question: An administrator deletes a label from the compliance center. What happens to items that already have that label? The answer: They retain the label metadata and the retention rule continues to apply until the retention period expires. Deleting the label definition does not remove it from items that were already labeled. This catches many candidates who think deleting the label ends the retention.

Practise Retention label Questions

Test your understanding with exam-style practice questions.

Practise

Example Scenario

You are an IT support specialist for a medium-sized law firm. The firm has 200 employees who send and receive hundreds of emails every day. The firm’s legal team has a policy: all emails related to client cases must be kept for five years after the case closes. After five years, the emails should be permanently deleted. Currently, the firm has no automated system. Lawyers are supposed to manually move old emails to an archive folder, but most forget. The firm is now worried about compliance because if a lawsuit happens, they might not have the emails they need. Also, they are keeping too much old data, which wastes storage space and makes eDiscovery searches slow.

Your task is to implement a solution using retention labels. You open the Microsoft 365 compliance center and create a new retention label called Client Case Emails. You set the retention period to five years after the case closure date, and you configure the action to delete the email permanently at the end of that period. However, you realize that the system needs to know when the case closes. You cannot rely on employees to update a date field on every email. So, you decide to create an auto-apply label policy that uses a trainable classifier. The classifier is trained on sample emails that contain phrases like “settlement agreed” and “closing statement.” When an email meets the classifier’s criteria, the system automatically applies the Client Case Emails label and starts the five-year countdown from the date the label was applied.

After implementing this, you test it by sending a test email to a lawyer with the subject “Settlement agreed on Jones case.” You check the email in the lawyer’s mailbox and see that the label has been applied automatically. You also verify that the retention period is set correctly. A few weeks later, a lawyer tries to delete an old case email but finds that the delete button does not work for that item. He calls you frustrated. You explain that the retention label protects the email from deletion until the five-year period is up. The lawyer accepts this because it is required by policy. The firm is now compliant, and you have saved them from potential legal penalties.

Common Mistakes

Confusing retention labels with retention policies

Retention labels apply to individual items like a single email or document, while retention policies apply to an entire container like a mailbox or SharePoint site. Using a policy when you need item-level control will not work because the policy cannot track different retention periods for different items within the same container.

If you need different rules for different types of content in the same location, use retention labels. If the rule applies to everything in a location uniformly, use a retention policy.

Assuming deleting the label definition removes it from all items

When you delete a retention label from the compliance center, the label remains applied to any items that already had it. The retention rule continues to run until the period expires. Deleting the label definition only prevents new items from being labeled with it. This mistake leads administrators to believe they have removed a retention rule when they have not.

To remove a label from existing items, you must use a PowerShell script or manually change the label on each item. Deleting the label definition alone is not enough.

Thinking retention labels prevent all deletion of the item

A standard retention label (without record marking) does not prevent users from deleting the item. The item will be deleted from the user’s view but will be moved to the preservation hold library or recoverable items folder. Users will think the item is gone, but it is still retained. Only labels marked as records or regulatory records block the delete action entirely.

If you need to prevent users from deleting the item, configure the label to mark items as a record. Be careful because this is irreversible and can cause user frustration.

Assuming retention labels work the same in SharePoint and Exchange

Retention labels behave differently in different workloads. In Exchange, the Managed Folder Assistant processes labels and moves items to the Purges folder. In SharePoint, a timer job (Compliance Job) runs every 24 hours and the item stays in place until deletion. In Teams, retention labels only work on channel messages, not private chats, unless you use a retention policy. Assuming uniform behavior leads to incorrect expectations.

Read the documentation for each workload. Test the behavior in a lab environment before rolling out to production.

Setting the retention period based on the current date instead of a custom property

Many administrators set the retention period to a fixed number of years from the date the label is applied. This works but is often not accurate. For example, an employee’s contract should be kept for seven years after the employee leaves, not seven years after the contract was created or labeled. Using the wrong start point can cause premature deletion or over-retention.

Use a custom property like the employee’s end date or the contract expiration date as the start of the retention period. This requires configuring the label to use a specific date property in SharePoint or Exchange.

Exam Trap — Don't Get Fooled

{"trap":"The exam asks: A company wants to ensure that all documents in a SharePoint site are kept for three years and then deleted. Which should they use? A. A retention label B. A retention policy C.

A sensitivity label D. A data loss prevention policy","why_learners_choose_it":"Many learners choose retention label because they see the word label and think it applies to individual documents. But the key phrase is all documents in a SharePoint site.

That indicates a uniform rule for the entire container, not item-level rules. A retention policy is the correct answer because it applies automatically to all content in the site without requiring any manual or automatic labeling.","how_to_avoid_it":"Read the question carefully.

If the requirement is the same for all content in a location, it is a container-level need. Use a retention policy. If different types of content need different retention periods within the same location, use retention labels.

Remember: labels = item-level, policies = container-level."

Step-by-Step Breakdown

1

Create the retention label

In the Microsoft Purview compliance portal, go to Information Governance > Labels. Click Create a label. Give it a name, such as “Employee Contracts – 7 Years.” Choose the retention action: retain for a period, then delete; retain forever; or only delete after a period. Set the period and the starting point (when the label was applied, when the item was created, or based on a custom date property). Optionally, enable Mark items as a record or Mark items as a regulatory record.

2

Publish the label to users or locations

After creating the label, you must publish it so users can see it in Outlook, SharePoint, or OneDrive. Go to Label policies and choose Publish labels. Select the label you created. Choose which users or groups can see the label (using static or adaptive scopes). Choose the locations (Exchange, SharePoint, OneDrive, Teams). Complete the policy. It takes up to 24 hours for the label to appear to users.

3

Apply the label to an item (manual or automatic)

Users can manually apply the label by right-clicking a document in SharePoint or using the retention label dropdown in Outlook. Alternatively, configure auto-apply by creating an auto-apply label policy. This policy uses conditions such as keywords, sensitive information types, or trainable classifiers to assign the label automatically when content matches.

4

System processes the label and enforces retention

Once a label is applied, the system records the label GUID and the retention start date. For Exchange, the Managed Folder Assistant runs periodically (every 7 days by default) and moves labeled items to the Recoverable Items > Purges folder when the retention period ends. For SharePoint, the Compliance Job runs every 24 hours and either deletes the item or locks it depending on the label configuration. During the retention period, users can still edit the item (unless marked as record), but the item is protected from permanent deletion.

5

Monitor and audit label usage

Use the Microsoft 365 audit log to see when labels were applied, changed, or when retention actions were taken. This is important for proving compliance during an audit. You can also use Content Search to find all items with a specific label by searching for the label GUID. Regular monitoring helps ensure auto-apply policies are working correctly and no mislabeled content is at risk.

6

Review and update labels periodically

Compliance requirements change. A retention label set to 5 years might need to be extended to 7 years due to new laws. You can edit a label’s retention period, but changes only apply to items labeled after the change. Existing items continue with the old period. To update existing items, you must relabel them. Plan a periodic review of your label policies to align with legal and business changes.

Practical Mini-Lesson

Retention labels are a core tool in Microsoft 365 compliance, but they require careful planning to work correctly. Let us walk through a real-world deployment scenario so you understand the practical decisions an IT professional must make.

First, you need to inventory your data. You cannot just start creating labels randomly. You must know what types of content exist in your organization. Work with legal and HR to identify categories: contracts, invoices, employee records, emails from clients, project files, etc. For each category, determine the required retention period and the triggering event. For example, an invoice must be kept for 7 years after the payment date. An employee record must be kept for 5 years after the employee’s termination date. A project file must be kept for 3 years after the project end date.

Next, decide whether to use published labels (manual application) or auto-apply labels. Manual labels are easier to set up but rely on user training. If users forget to label, the policy fails. Auto-apply labels are more reliable but require more configuration. You can use keywords, regular expressions, or trainable classifiers. For instance, to label all invoices, you can create an auto-apply rule that looks for the word Invoice in the subject line and a date format in the body. For employee contracts, you might use a sensitive information type for employee IDs or a classifier trained on contract templates.

One major decision is whether to mark items as records. If you mark an item as a record, users cannot delete or edit it. This is great for compliance but can frustrate users who need to update a file. For example, an employee contract might need to be updated when the employee gets a raise. If it is marked as a record, you cannot change it. The solution is to create a new version or use a different label for active contracts versus archived contracts. A practical approach: use a label for active items (no record marking) and then apply a second label with record marking when the contract expires.

Another practical challenge is the delay in label application. Auto-apply labels do not apply instantly. In Exchange, it can take up to 7 days. In SharePoint, the timer job runs every 24 hours. Users might create a document and immediately try to delete it before the label is applied. Plan for this window. Also, understand that labels do not retroactively apply to existing content unless you run a manual labeling script or use the auto-apply policy’s ability to scan existing content (which is available for some scenarios but not all).

Finally, monitor the system. Use the compliance center’s label analytics to see the count of items with each label. Look for anomalies, like a label that should have deleted items but the count is not going down. This might indicate that the retention period is not starting correctly or that the items are on hold. The audit log will show you if items were deleted or moved. Regular monitoring helps you catch misconfigured policies before they cause legal problems.

Memory Tip

Think of retention labels as sticky notes that say Keep Until [Date] and Delete after that. They stick to the item, not the shelf.

Covered in These Exams

Current Exam Context

Current exam versions that test this topic — use these objectives when studying.

Legacy Exam Context

Older materials may mention these exam versions, but learners should use the current objectives for their target exam.

SY0-601SY0-701(current version)
MS-101MS-102(current version)

Related Glossary Terms

Frequently Asked Questions

What is the difference between a retention label and a retention policy?

A retention label is applied to individual items (emails, documents) and allows different retention rules for different items in the same location. A retention policy applies to an entire location (mailbox, SharePoint site) and treats all items the same. Use labels for item-level control and policies for container-level control.

Can I remove a retention label from an item after it has been applied?

Yes, but only if you have the necessary permissions. An admin with the Records Management role can remove or change labels. However, if the item is marked as a record or regulatory record, label removal is restricted. Also, removing a label does not undo the retention already applied; the item will still be retained until the original retention period expires.

How long does it take for a retention label to apply to an item?

It depends on the workload. In Exchange Online, the Managed Folder Assistant runs every 7 days, but can be triggered earlier. In SharePoint, the Compliance Job runs every 24 hours. Auto-apply labels evaluate content during these cycles. Manual labels apply almost immediately when the user selects them.

What happens to an item with a retention label if I delete the item?

If the item has a retention label (without record marking), the user can delete it from their view, but it is moved to the preservation hold library (SharePoint) or Recoverable Items folder (Exchange). It remains there for the duration of the retention period. If the label marks the item as a record, the delete action is completely blocked.

Can I use retention labels in Teams?

Yes, retention labels can be applied to individual channel messages in Teams, but not to private chat messages. For private chats, you must use a retention policy at the container level. Labels are supported for Teams messages with the same functionality as Exchange items.

Do retention labels work with external users or shared mailboxes?

Retention labels work on shared mailboxes if the shared mailbox is licensed. For external users, labels cannot be applied to content in external tenants unless the content is stored in your tenant. Labels are tenant-scoped, so external users cannot see or apply labels unless they have been granted access through collaboration settings.

Summary

A retention label is a Microsoft 365 compliance tool that applies rules to individual emails, documents, or messages to control how long they are kept and what happens when that time is up. It is an item-level solution, meaning you can have different retention rules for different items within the same folder or mailbox. This makes it much more flexible than a retention policy, which applies the same rule to everything in a location.

Retention labels are critical for any organization that needs to follow legal or regulatory requirements for data retention. Without them, companies risk either deleting data too early (breaking laws like GDPR or HIPAA) or keeping data too long (wasting storage and increasing legal risk in lawsuits). By automating the decision of when to delete, retention labels reduce human error and simplify compliance audits.

In certification exams, retention labels appear most often in Microsoft 365 exams like MS-101 and SC-400. You will be tested on the difference between labels and policies, when to use records marking, and how to configure auto-apply rules. The most common mistakes include confusing labels with policies, assuming label deletion removes the rule from items, and misunderstanding how labels interact with user deletion. A strong memory hook is to think of retention labels as sticky notes that say “keep until date X, then delete.” They are stuck to the item itself, not the folder.

For IT professionals, mastering retention labels means you can design a data governance system that meets legal requirements, saves storage money, and avoids legal penalties. It is a recurring topic in compliance audits and a standard expectation for anyone managing Microsoft 365 environments.