This chapter provides a comprehensive deep dive into retention labels and policies in Microsoft 365, a critical topic for the MS-102 exam. Retention labels and policies are the primary mechanisms for enforcing data lifecycle management, including retention and deletion, across Exchange, SharePoint, OneDrive, and Teams. Expect approximately 10-15% of exam questions to touch on this area, often focusing on priority resolution, adaptive vs. static scopes, and the interaction with records management. Mastery of these concepts is essential for the 'Security Threats' domain (Objective 3.3) and for real-world administration.
Jump to a section
Imagine a large corporate filing room with thousands of documents. Retention labels are like color-coded stickers placed on each document folder that dictate exactly how long that folder must stay in the room and what happens when time is up. For example, a red sticker means 'keep for 7 years then shred' — the folder is automatically moved to a locked shredding bin on the exact day. A blue sticker means 'keep for 3 years then move to archive' — after 3 years, the folder is relocated to a long-term storage room. Retention policies, on the other hand, are like general rules posted on the wall that apply to entire sections of the filing room. For instance, a policy might say 'all folders in the 'Finance' section must be kept for 5 years' — but if a specific folder already has a red sticker saying '7 years', the sticker overrides the section rule. The filing clerks (the system) check every folder daily, read the sticker, and take action exactly when the date arrives. They also ensure that no folder can be thrown away early if its sticker says 'keep' — the clerk will physically block any attempt to remove it. This is exactly how retention labels and policies work in Microsoft 365: labels apply item-level rules, policies apply location-level defaults, and the system enforces both with a priority hierarchy.
What Are Retention Labels and Policies?
Retention labels and policies are the core of Microsoft 365's information governance framework. They allow organizations to retain data for a specified period (to meet legal or regulatory requirements) and then either delete it automatically or trigger a disposition review. They also support records management by marking content as a regulatory record, preventing modification or deletion.
Retention policies apply settings to an entire location (e.g., all mailboxes in Exchange) or to specific groups/sites via adaptive or static scopes. Retention labels, by contrast, are applied manually by users or automatically via auto-labeling policies. Labels can also be published so users can apply them manually. The key distinction: policies are broad, labels are granular.
How Retention Works Internally
When a retention setting is applied to content, the system uses a 'preservation hold' mechanism. This is similar to a litigation hold but specifically for retention. The content's metadata is updated with a 'retention hold' flag that prevents permanent deletion. The actual deletion (or other action) is performed by a background process called the 'Managed Folder Assistant' (in Exchange) or the equivalent in SharePoint and OneDrive.
For Exchange, the Managed Folder Assistant runs every 7 days by default, but can be invoked manually. It evaluates each item against its retention settings. If the item's age exceeds the retention period, the assistant marks it for deletion. However, if the item is under a litigation hold or has a retention label with a different period, the assistant respects the longer hold.
For SharePoint and OneDrive, the retention timer runs on a 'retention date' computed when the label is applied. The system uses a timer job that runs every 1 day to check for items whose retention date has passed. Deletion moves items to the Preservation Hold library (a hidden, secure location) where they are permanently deleted after the retention period ends.
Key Components, Values, Defaults, and Timers
Retention period: Can be based on content age (creation date, last modified date, or label assignment date) or on a specific date. Minimum period is 1 day, maximum is 3649 days (approx. 10 years) for some workloads, but can also be indefinite (retain forever).
Action at end of period: Delete, start a disposition review, or do nothing (for labels that are only for classification).
Disposition review: A manual review process where designated reviewers must approve deletion. Multiple stages are supported.
Default retention policy for Exchange: If no policy is assigned, Exchange retains items indefinitely (no deletion). However, the default MRM policy (Default MRM Policy) applies a 30-day deletion for deleted items, but this is separate from compliance retention.
Adaptive vs. static scopes: Adaptive scopes use dynamic queries (e.g., all users in a department) evaluated at runtime. Static scopes are fixed lists of users/groups/sites. The exam tests the difference.
Priority: When multiple policies apply, the policy with the longest retention period wins (unless a label is applied, which takes precedence over policies). For labels, if multiple labels apply, the one with the longest retention wins, but labels are usually exclusive.
Configuration and Verification Commands
Policies and labels are configured in the Microsoft Purview compliance portal under 'Data Lifecycle Management' > 'Microsoft 365'. They can also be created via PowerShell using the Security & Compliance Center PowerShell (Exchange Online PowerShell).
To create a retention label:
New-ComplianceTag -Name "ProjectX-7YearRetain" -RetentionDuration 2557 -RetentionType RetentionAgeInDays -RetentionAction DeleteTo publish a retention label (make it available to users):
New-RetentionCompliancePolicy -Name "PublishProjectXLabel" -ExchangeLocation All -RetentionComplianceAction "Publish"
New-RetentionComplianceRule -Name "ProjectXRule" -Policy "PublishProjectXLabel" -RetentionComplianceTag "ProjectX-7YearRetain"To create an adaptive scope:
New-AdaptiveScope -Name "FinanceUsers" -Type User -Filter "Department -eq 'Finance'"To verify retention settings on a mailbox item:
Get-Mailbox -Identity user@contoso.com | Get-MailboxFolderStatistics -IncludeAnalysis | Select RetentionPolicyInteraction with Related Technologies
Litigation hold: Overrides retention? No. Both can apply. The longer retention period wins. Litigation hold is a separate mechanism that preserves all content indefinitely.
eDiscovery holds: Similar to litigation hold, they prevent deletion. They can coexist with retention policies. The system will not delete content under any hold until all holds are released.
Records management: When a retention label is marked as a regulatory record, it prevents any modification or deletion by anyone, including administrators. This is enforced at the storage level.
Auto-labeling: Uses sensitive information types or trainable classifiers to automatically apply retention labels. The auto-labeling policy runs in simulation mode first, then enforces.
Teams: Retention policies apply to channel messages and private chat messages. They are stored in Exchange (for chat) and SharePoint (for files). Deletion after retention period removes the message from the user's view but may remain in the underlying mailbox for compliance purposes until the retention period expires.
Common Misconfigurations
Forgetting that retention policies and labels can conflict: The system uses 'longest retention wins', but if one policy says delete and another says retain, the retain wins (deletion is blocked until the retain period ends).
Not understanding that publishing a label does not automatically apply it; users must apply it manually unless an auto-labeling policy is configured.
Assuming adaptive scopes are evaluated at creation time: They are evaluated at runtime, so changes to user attributes (e.g., department change) are reflected immediately.
Overlooking the 7-day timer for Exchange Managed Folder Assistant: Changes may take up to 7 days to take effect unless manually invoked.
Exam Tips
Know the difference between a retention policy and a retention label. The exam will ask which to use in a given scenario.
Memorize the priority order: Label > Policy > Default mailbox policy (MRM).
Understand adaptive scopes: They use dynamic membership based on attributes like department, country, or custom attributes.
Be aware of the 'Preservation Hold' library in SharePoint: Deleted items are moved there, not permanently deleted, until retention expires.
Know that for Teams, retention policies apply to private channels and shared channels, but not to external users' copies.
Identify Compliance Requirements
Begin by determining the regulatory, legal, or business requirements for data retention and deletion. For example, a financial institution may need to retain trading records for 7 years under SEC Rule 17a-4. Document the required retention periods, the types of content (e.g., emails, documents, Teams messages), and whether disposition review is needed. This step informs the creation of retention labels and policies. In MS-102, you must be able to map requirements to the correct retention settings.
Create Retention Labels
In the Purview compliance portal, navigate to Data Lifecycle Management > Microsoft 365 > Labels. Create a label with a specific retention period (e.g., 2557 days for 7 years) and action (e.g., delete). Optionally, mark it as a regulatory record. Each label is a reusable configuration that can be published or auto-applied. Use PowerShell as shown earlier for bulk creation. The label's retention duration is calculated from the content's creation date, last modified date, or label assignment date, depending on configuration.
Create Retention Policies
Retention policies apply labels or default settings to locations. Go to Data Lifecycle Management > Microsoft 365 > Policies. Choose whether to create a static or adaptive scope policy. For adaptive, define a query (e.g., all users in Sales department). For static, select specific users, groups, or sites. Then, choose to either publish existing labels (users can apply them) or apply a default label to all content in the location. The policy can also specify a retention period without a label (system-managed).
Configure Auto-Labeling Policies
To automatically apply retention labels based on content sensitivity, create an auto-labeling policy under Data Classification > Auto-labeling. Select a label, then define rules using sensitive information types (e.g., credit card numbers) or trainable classifiers. Run in simulation mode first to test, then enable enforcement. Auto-labeling policies can target all locations or specific ones. Note: Auto-labeling for retention is separate from sensitivity labels for protection.
Monitor and Verify Enforcement
After deployment, monitor the retention actions. In Exchange, force the Managed Folder Assistant to run immediately with `Start-ManagedFolderAssistant -Identity user@contoso.com`. In SharePoint, check the Preservation Hold library for items pending deletion. Use the Purview portal's Activity Explorer to see label assignments and policy matches. Verify that disposition reviews are assigned to the correct reviewers. Common issues: labels not appearing for users (publishing delay up to 24 hours), or items not being deleted because of conflicting holds.
Enterprise Scenario 1: Financial Services Compliance
A global investment bank must comply with SEC Rule 17a-4, requiring retention of all electronic communications for 7 years with no deletion or modification allowed. The bank uses regulatory record labels applied via auto-labeling to all emails containing trade confirmations. They create an adaptive scope policy that applies to all users in the 'Trading' department. The label is set to 'retain for 7 years, mark as regulatory record, and then delete.' The system ensures that even administrators cannot delete these emails. The challenge: ensuring that the auto-labeling policy correctly identifies all trade confirmations without false positives. They run simulation mode for 30 days to tune the sensitive info types. Performance is fine for 50,000 mailboxes, but the Managed Folder Assistant must be scheduled to run during off-peak hours to avoid load.
Enterprise Scenario 2: Healthcare Records Management
A hospital network uses retention policies to manage patient records. They have a 6-year retention requirement for medical records (per HIPAA). They create a static scope policy for all SharePoint sites in the 'MedicalRecords' site collection, applying a default label that retains content for 6 years and then starts a disposition review. The disposition review requires two approvals: the department head and a compliance officer. The challenge: handling exceptions where research data must be retained longer. They publish a separate 'ResearchRetain' label that overrides the default. The system's priority ensures the longer label wins. They also use adaptive scopes for doctors who move between departments, ensuring the policy follows them automatically.
Common Pitfalls in Production
Conflicting policies: A user might be covered by two policies—one from a group and one from a department. The system uses the longest retention, but administrators often forget that deletion is blocked until the longest period expires. This can cause data to be retained longer than expected.
Delay in application: Labels published to users may take up to 24 hours to appear in Outlook. Users complain they can't find the label. Solution: pre-stage labels and communicate the rollout.
Misunderstanding adaptive scopes: An adaptive scope using 'Department -eq 'Finance'' will dynamically include new finance users. But if a user's department changes, the scope updates at next evaluation (within 24 hours). This is often mistaken for real-time.
Retention of Teams messages: Teams messages are stored in Exchange mailboxes. If a user leaves the organization, the mailbox is deleted, but the retention policy still applies to the mailbox's soft-deleted state for up to 30 days. After that, the data may be lost. To avoid, convert the mailbox to a shared mailbox or use litigation hold.
MS-102 Objective Mapping
This topic maps primarily to Objective 3.3: 'Implement and manage data lifecycle governance in Microsoft 365'. Within that, the exam focuses on:
Configuring retention labels and policies (30% of questions)
Understanding priority and conflict resolution (25%)
Adaptive vs. static scopes (20%)
Records management and disposition (15%)
Auto-labeling and interaction with sensitivity labels (10%)
Common Wrong Answers
'Retention policies always override retention labels' — This is false. Labels applied to individual items always take precedence over policies. The exam may present a scenario where a policy applies a 3-year retention but a user applies a 5-year label; the label's 5-year wins.
'Adaptive scopes are evaluated only when the policy is created' — Wrong. Adaptive scopes are dynamic and re-evaluated periodically (every 24 hours). Candidates confuse them with static scopes.
'Deleting a retention label removes the retention from items that had it' — Incorrect. The retention setting is embedded in the item's metadata. Deleting the label does not remove the hold; the item retains its retention until the period expires. The label is just a template.
'Retention policies apply to all content in a location regardless of age' — Partially true, but the exam tests that the retention period is calculated from the content's creation date or last modified date, not from the policy creation date.
Specific Numbers and Terms to Memorize
Default Managed Folder Assistant run interval: 7 days
Maximum retention period: 3649 days (10 years) for most workloads, but indefinite is possible.
Minimum retention period: 1 day
Adaptive scope evaluation interval: 24 hours
Preservation Hold library: hidden in SharePoint, used for items under retention that are deleted.
Regulatory record: prevents any modification or deletion, even by admins.
Disposition review: can have up to 5 stages.
Edge Cases and Exceptions
What happens when a retention policy and a litigation hold apply? Both are preserved. The longer retention wins. Litigation hold is indefinite, so it effectively overrides any finite retention.
Can a retention label be applied to a folder? Yes, but it applies to all items in the folder, not the folder itself. The folder's label is inherited by new items.
What if a user manually deletes an item that has a retention label? The item goes to the Recoverable Items folder (Exchange) or Preservation Hold library (SharePoint) and is retained until the retention period expires.
Do retention policies apply to external users' copies? No, only to content in the organization's tenant. External copies are not governed.
How to Eliminate Wrong Answers
When you see a question about priority, ask: 'Is there a label applied to the item?' If yes, the label wins over any policy. If no, then compare policies: the one with the longest retention wins. If both have the same retention, the one with the most restrictive action (delete vs. retain) wins. Also, remember that adaptive scopes are dynamic; static scopes are fixed. The exam loves to present a scenario where a user moves to a new department; the correct answer is that an adaptive scope policy automatically applies to the user, while a static scope would need manual update.
Retention labels override retention policies at the item level.
Adaptive scopes use dynamic queries based on user or site attributes; static scopes use fixed lists.
The Managed Folder Assistant runs every 7 days for Exchange; use Start-ManagedFolderAssistant to force immediate processing.
Regulatory record labels prevent any modification or deletion of content, even by administrators.
Retention periods can be based on creation date, last modified date, or label assignment date.
Disposition reviews allow manual approval before deletion, with up to 5 stages.
Auto-labeling policies can be run in simulation mode before enforcement.
These come up on the exam all the time. Here's how to tell them apart.
Retention Policy
Applies to an entire location (e.g., all mailboxes) or a scope (adaptive/static).
Cannot be manually applied by users; it's automatic.
Typically used for broad compliance needs (e.g., retain all email for 7 years).
Lower priority than labels; if a label is applied, the label's settings win.
Configuration is simple: choose location and retention period.
Retention Label
Applies to individual items (emails, documents, Teams messages).
Can be applied manually by users or automatically via auto-labeling policies.
Used for granular control (e.g., retain specific documents with regulatory record).
Higher priority than policies; overrides any policy settings on the item.
Configuration is more complex: must create label, then publish or auto-apply.
Mistake
Retention labels and retention policies are the same thing.
Correct
They are different. A retention policy is a container that applies retention settings to a location (e.g., all mailboxes) or a scope. A retention label is a tag that can be applied to individual items, either manually or automatically. Labels override policies.
Mistake
If I delete a retention label, all items that had that label lose their retention.
Correct
Deleting a label does not remove the retention hold from items that already have it. The retention is embedded in the item's metadata. The label is just a template for applying settings. The item retains its settings until the retention period expires.
Mistake
Adaptive scopes are evaluated only when the policy is first created.
Correct
Adaptive scopes are dynamic. They are re-evaluated every 24 hours (or when a user changes attributes). This means if a user changes department, the scope automatically updates to include or exclude them.
Mistake
Retention policies apply to all content immediately with no delay.
Correct
There is a propagation delay. For Exchange, the Managed Folder Assistant runs every 7 days by default. For SharePoint, a timer job runs every 1 day. Changes may take up to 24 hours for labels to appear to users.
Mistake
A regulatory record label can be removed by an administrator.
Correct
No. A regulatory record label locks the item so that no one, including global admins, can modify or delete it. This is enforced at the storage level. The only way to remove it is to wait for the retention period to expire and then delete the item through the disposition process.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
A retention label is applied to individual items (e.g., a specific email or document) and can be manually assigned by users or automatically via auto-labeling. A retention policy applies to an entire location (like all mailboxes in Exchange) or to a scope (adaptive or static). The key difference is granularity: labels are item-level, policies are location-level. In terms of priority, labels always override policies. For example, if a policy says retain for 3 years but a user applies a label that says retain for 5 years, the label's 5-year retention wins.
Adaptive scopes use dynamic membership based on attributes of users, groups, or sites. For example, you can create an adaptive scope that includes all users whose Department attribute equals 'Finance'. When a new user joins Finance, they are automatically included in the scope. The scope is evaluated every 24 hours, so changes in attributes are reflected within that timeframe. This is different from static scopes, which require manual addition or removal of members.
Yes, but only if the label is not a regulatory record. A standard retention label can be changed or removed by a user or administrator, provided the item is not under any other hold. However, removing the label does not remove the retention hold that was already applied; the item retains its retention settings until the retention period expires. If you need to change the label, you can apply a different label, and the new label's settings will apply (subject to longest retention wins). For regulatory records, the label cannot be removed or changed.
The retention policy continues to apply to the user's mailbox or OneDrive. When the user's account is deleted, the mailbox is placed in a soft-deleted state for 30 days. During this time, retention policies still apply. After 30 days, the mailbox is permanently deleted, but if the retention period has not expired, the content may be preserved in the Preservation Hold library (for SharePoint) or the Recoverable Items folder (for Exchange). To prevent data loss, it is recommended to convert the mailbox to a shared mailbox or apply a litigation hold before deleting the user.
The maximum retention period is 3649 days (approximately 10 years) for most workloads. However, you can also choose 'Retain forever' (indefinite) for labels and policies. The minimum is 1 day. For regulatory records, the retention period must be finite; indefinite is not allowed for records. Note that for Exchange, the maximum is also 3649 days, but you can set a custom date instead of a duration.
For Exchange, you can run the Managed Folder Assistant manually using the PowerShell command `Start-ManagedFolderAssistant -Identity user@contoso.com`. This forces the assistant to process the mailbox and apply any pending retention actions. For SharePoint, there is no manual trigger; the timer job runs every 1 day. To speed up, you can wait for the next cycle or modify the item's retention date via PowerShell (not recommended). For auto-labeling, the policy runs on a schedule (default every 7 days), but you can trigger a full scan using the 'Run now' option in the Purview portal.
Yes. Retention policies for Teams apply to standard channels, private channels, and shared channels. However, the messages in private channels are stored in the mailbox of each member, so the policy applies to those mailboxes. For shared channels, messages are stored in the host tenant's mailbox. Files shared in channels are stored in SharePoint, so SharePoint retention policies apply. It is important to configure retention for both Exchange (messages) and SharePoint (files) to cover all content.
You've just covered Retention Labels and Policies — now see how well it sticks with free MS-102 practice questions. Full explanations included, no account needed.
Done with this chapter?