This chapter covers Microsoft 365 retention labels and their role in compliance, a key topic for the MS-900 exam under Domain 3.4 (Security and Compliance). Retention labels are a fundamental tool for data lifecycle management, enabling organizations to automatically retain or delete content based on business and legal requirements. Expect 5–10% of exam questions to touch on retention labels, often comparing them to retention policies or testing your understanding of label application methods and behavior across workloads.
Jump to a section
Think of an organization's content as a massive library with millions of books. Each book has a specific shelf life based on its type: tax records must be kept for 7 years, marketing brochures for 3 years, and draft notes for only 30 days. The library uses color-coded labels (retention labels) attached to each book's spine. These labels not only indicate how long the book stays on the shelf but also what happens when time expires—some books are automatically shredded (deleted), others are moved to a locked archive (retained forever), and some are flagged for librarian review (disposition review). The labels are applied automatically based on the book's subject (sensitivity labels) or manually by the librarian. Crucially, the labels are persistent: even if a book is moved to a different shelf (e.g., from SharePoint to OneDrive), the label travels with it. The library's system enforces these rules at the shelf level, ensuring no book stays past its expiration or is removed prematurely. This mirrors how Microsoft 365 retention labels are applied to items, travel with them across workloads, and enforce actions like deletion or retention based on a configured period.
What Are Retention Labels and Why Do They Exist?
Retention labels are a Microsoft 365 compliance feature that allows organizations to apply retention and deletion rules to individual items (documents, emails, etc.) based on their classification. Unlike retention policies, which apply to all content in a location (e.g., all items in a SharePoint site), retention labels can be assigned to specific items, providing granular control. They exist to meet regulatory requirements (e.g., SEC, GDPR, HIPAA) that mandate keeping certain records for a specified period and deleting them securely afterward.
How Retention Labels Work Internally
When a retention label is applied to an item, the label's settings travel with the item across Microsoft 365 workloads (Exchange, SharePoint, OneDrive, Teams). The label contains two key configurations:
Retention period: How long to keep the item from a specified start point (e.g., content created, last modified, or labeled).
Action at end of period: Options include:
Delete the item permanently.
Retain the item forever.
Trigger a disposition review (manual approval before deletion).
The label is stored as metadata on the item. In SharePoint and OneDrive, this metadata is a site column called ComplianceAssetId. In Exchange, it's a property on the mailbox item. The Microsoft 365 Compliance Center’s retention engine runs a background process (every 7 days by default, but can be triggered manually) that scans items with labels approaching their end-of-period date and executes the configured action.
Key Components and Defaults
- Label types: - Static labels: Manual or auto-applied based on conditions (e.g., sensitive info types, trainable classifiers). - Auto-labeling policies: Apply labels automatically to items matching specific criteria across all tenants. - Start point options:
- When content was created - When content was last modified - When the label was applied - Default retention period: If not specified, the label retains forever (no deletion). - Maximum retention period: 30 years from the start point, but can be extended via preservation lock. - Preservation lock: Locks a label so no one (including admins) can reduce the retention period or change the action. This is crucial for regulatory compliance.
Configuration and Verification
To create a retention label: 1. Go to Microsoft 365 Compliance Center > Information governance > Labels. 2. Choose “Create a label” and define retention settings. 3. Publish the label (make it available for manual application) or set up auto-labeling.
To verify label application:
In SharePoint: Check the item’s properties for the ComplianceAssetId column.
In Exchange: Use Get-MailboxFolderStatistics or Search-Mailbox with compliance properties.
PowerShell: Get-ComplianceTag -LabelName "YourLabel" shows label details.
Interaction with Related Technologies
Sensitivity labels: Often confused with retention labels. Sensitivity labels protect content (encryption, permissions) and apply markings (headers, footers). Retention labels only manage lifecycle. They can be applied independently or together.
Retention policies: Apply to all content in a location (e.g., all Exchange mailboxes). Retention labels apply to individual items. Both can coexist; if a label and policy conflict, the label takes precedence for that item.
Microsoft 365 Records Management: Labels can mark items as records (regulatory records) or just regular items. Records have additional restrictions (e.g., cannot be modified or deleted even by admins).
Microsoft Purview Compliance Portal: Central management interface for all retention settings.
Common Exam Traps
Trap 1: Thinking retention labels and sensitivity labels are the same. They are not; sensitivity labels are for protection, retention labels for lifecycle.
Trap 2: Assuming retention labels can be applied to entire sites. That's a retention policy. Labels are per-item.
Trap 3: Believing that once a retention period expires, the item is immediately deleted. The deletion job runs periodically (every 7 days), so there's a delay.
Trap 4: Confusing disposition review with automatic deletion. Disposition review requires manual approval; automatic deletion happens without review.
Specific Numbers and Values
Default evaluation cycle: 7 days.
Maximum retention period: 30 years (except with preservation lock, which can extend indefinitely).
Minimum retention period: 1 day.
Number of labels per tenant: Up to 1,000 (static labels) plus up to 1,000 auto-labeling policies.
Number of items per label: Unlimited.
PowerShell Examples
# Create a retention label
New-ComplianceTag -Name "TaxRecords7Years" -Comment "Retain tax records for 7 years" -RetentionAction Delete -RetentionDuration 2555 -RetentionType CreationAgeInDays
# Get all retention labels
Get-ComplianceTag | Format-Table Name, RetentionAction, RetentionDuration
# Apply a label to a SharePoint item
Set-PnPListItem -List "Documents" -Identity 1 -Values @{"ComplianceAssetId" = "TaxRecords7Years"}How Labels Behave Across Workloads
Exchange: Labels apply to individual emails. When an email with a label is moved to a personal archive, the label persists. The retention period can be based on sent/received date.
SharePoint: Labels apply to documents. If a document is copied, the copy does not retain the label (unless explicitly applied). Moving within the same site preserves the label.
OneDrive: Same as SharePoint.
Teams: Labels apply to individual messages (in channel or chat). Retention for Teams is often managed via policies, but labels can override.
Disposition Review Process
When a label with disposition review is configured, items nearing the end of retention period are listed in the Compliance Center > Records management > Disposition. A reviewer must approve or delete each item. If not reviewed within the configured period (default 30 days), the item is automatically deleted (unless the label specifies otherwise).
Preserving Labels During Migration
If content is migrated into Microsoft 365 (e.g., from on-premises), labels can be applied programmatically via PowerShell or third-party tools. The ComplianceAssetId column must be populated with the label GUID.
Summary of Key Exam Facts
Retention labels are per-item, not per-location.
They travel with the item across workloads.
They can trigger deletion, retention, or disposition review.
Sensitivity labels are for protection; retention labels are for lifecycle.
Auto-labeling uses sensitive info types, trainable classifiers, or keywords.
Preservation lock prevents label modification.
Default evaluation cycle is 7 days.
Maximum retention period is 30 years (unless locked).
Disposition review requires manual approval.
Labels can coexist with retention policies; label takes precedence.
Define retention label requirements
Identify business, legal, and regulatory requirements for content retention. Determine which types of content need labels, the retention period (e.g., 7 years for tax records), and the action at end of period (delete, retain, or disposition review). Also decide the start point for the retention period (creation, modification, or label application). Document these requirements before creating labels in the compliance portal.
Create the retention label
In Microsoft 365 Compliance Center, navigate to Information governance > Labels > Create a label. Provide a name and description. Choose the retention period (in days) and action. Optionally enable disposition review. You can also set the label as a record (regulatory or non-regulatory). Save the label. Note that labels are stored as compliance tags in the backend.
Publish or auto-apply the label
To make the label available for manual application, publish it by creating a label policy that specifies which users and locations (Exchange, SharePoint, OneDrive, Teams) can see the label. For automatic application, create an auto-labeling policy that targets content containing sensitive info types, trainable classifiers, or keywords. Auto-labeling can be run in simulation mode first to test accuracy.
Apply the label to content
Users manually apply labels from the Office apps (e.g., Outlook, SharePoint) by selecting the label from the sensitivity bar or via the details pane. Alternatively, auto-labeling applies labels automatically when content matches conditions. Labels can also be applied programmatically via PowerShell or Graph API. Once applied, the label metadata is stored on the item.
Monitor label disposition and enforcement
The retention engine runs every 7 days to evaluate items with labels nearing the end of their retention period. For labels with disposition review, items appear in the Disposition tab in Compliance Center for manual approval. For labels with automatic deletion, items are permanently deleted after the period. Use audit logs to track label application and actions. Verify enforcement by checking item properties.
Scenario 1: Financial Services Firm – Regulatory Compliance
A financial services firm must retain all trade-related emails for 7 years per SEC Rule 17a-4. They create a retention label "SEC_Trade_Emails" with a 7-year retention period starting from the date the email was sent, and action set to "Delete" after 7 years. The label is auto-applied using a sensitive info type that detects trade confirmation numbers. Over 50,000 emails per day are labeled. The firm also enables preservation lock on the label to prevent any administrator from reducing the retention period. The compliance team uses the disposition review feature for executive communications to ensure manual approval before deletion. A common problem: emails are sometimes missed because the sensitive info type regex is not perfect. They supplement with a trainable classifier trained on sample trade emails.
Scenario 2: Healthcare Provider – Patient Records
A hospital must retain patient records for 10 years after the last patient encounter. They use a retention label "Patient_Record" with a retention period of 10 years from the last modified date. The label is manually applied by doctors and nurses when they upload documents to SharePoint. The label also marks the item as a regulatory record, preventing any modification or deletion even by site admins. The hospital has 1 TB of patient data across 500 site collections. The retention engine runs weekly, but because the retention period is long, few items are deleted. A misconfiguration occurred when a junior admin accidentally published the label to all users, causing patient records to be labeled by unauthorized staff. They resolved by creating a separate label policy scoped to the medical records team only.
Scenario 3: Legal Firm – Matter Hold Retention
A law firm needs to preserve all documents related to an ongoing lawsuit. They create a retention label "Legal_Hold" with "Retain forever" action. The label is manually applied by paralegals to relevant documents. Because the label retains forever, items are never deleted. However, the firm also has a separate retention policy that deletes documents after 5 years. The label overrides the policy for labeled items. A common issue: when the lawsuit ends, they need to remove the hold. They do so by replacing the label with a different one that has a finite retention period. They use PowerShell to bulk-update the label on thousands of documents.
What MS-900 Tests on Retention Labels (Objective 3.4)
The exam focuses on the fundamental differences between retention labels and retention policies, the ability to apply labels automatically or manually, and the concept of preservation lock. You should know that retention labels are per-item, while retention policies are per-location. Expect questions that ask: "Which compliance feature allows you to apply different retention settings to individual emails in a mailbox?" Answer: retention label.
Common Wrong Answers and Why Candidates Choose Them
Retention policy: Candidates choose this because they confuse location-based with item-based. They remember that Exchange has mailbox policies and think retention policies apply to individual items. Wrong: retention policies apply to all items in a location.
Sensitivity label: Candidates confuse retention with protection. They see "label" and think of sensitivity. Wrong: sensitivity labels are for encryption and markings, not lifecycle.
Data loss prevention (DLP) policy: DLP prevents data leaks, not retention. Candidates may think DLP can also retain data. Wrong.
Preservation lock: Candidates think it's a type of label. Actually, preservation lock is a setting on a label that prevents changes. It's not a label itself.
Specific Numbers and Terms That Appear on the Exam
Maximum retention period: 30 years (unless preservation lock is used).
Default evaluation cycle: 7 days.
Preservation lock: Once enabled, cannot be removed.
Disposition review: Requires manual approval.
Record vs. regulatory record: Records can be modified by admins; regulatory records cannot be modified or deleted by anyone.
Edge Cases and Exceptions
Teams messages: Retention labels can be applied to individual messages, but the default is to use retention policies for Teams. Labels override policies.
Shared mailboxes: Labels work on shared mailboxes the same as user mailboxes.
Content migration: Labels can be applied after migration; they are not automatically inherited from on-premises.
How to Eliminate Wrong Answers
Read the question carefully: if it says "for all content in a SharePoint site," the answer is retention policy. If it says "for specific documents based on classification," it's retention label. If it mentions encryption or headers, it's sensitivity label. If it mentions preventing data leakage, it's DLP. Knowing the fundamental mechanism—per-item vs. per-location—will help you eliminate two options immediately.
Retention labels are per-item; retention policies are per-location.
Labels travel with content across Exchange, SharePoint, OneDrive, and Teams.
Default evaluation cycle for retention actions is 7 days.
Maximum retention period is 30 years without preservation lock.
Preservation lock is irreversible and prevents label modification.
Sensitivity labels protect content; retention labels manage lifecycle.
Disposition review requires manual approval before deletion.
Auto-labeling uses sensitive info types, trainable classifiers, or keywords.
Labels can be applied manually, automatically, or programmatically.
If a label and policy conflict, the label takes precedence for that item.
These come up on the exam all the time. Here's how to tell them apart.
Retention Label
Applied to individual items (documents, emails).
Travels with the item across workloads.
Can trigger disposition review.
Supports auto-labeling based on conditions.
Up to 1,000 labels per tenant.
Retention Policy
Applied to all content in a location (e.g., entire SharePoint site).
Stays with the location, not individual items.
No disposition review; items are retained/deleted automatically.
Applied to all content in the location, no conditions.
Up to 1,000 policies per tenant.
Mistake
Retention labels and sensitivity labels are the same thing.
Correct
They are different. Retention labels manage lifecycle (retain/delete). Sensitivity labels protect content (encrypt, mark). They can be used together but serve distinct purposes.
Mistake
Retention labels apply to all items in a location automatically.
Correct
Retention labels are per-item. To apply to all items in a location, use a retention policy. Labels must be manually applied or auto-applied based on conditions.
Mistake
Once a retention period expires, the item is deleted immediately.
Correct
The retention engine runs periodically (every 7 days). Deletion occurs during the next cycle after expiration, not exactly at the expiration moment.
Mistake
Preservation lock can be removed if needed.
Correct
Preservation lock is irreversible. Once enabled, no one can reduce the retention period or change the action. It is meant for regulatory compliance.
Mistake
Retention labels can be applied to entire sites via auto-labeling.
Correct
Auto-labeling applies to items matching conditions, not to entire sites. To apply a label to all items in a site, you would need a retention policy, not a label.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
A retention label applies to individual items (e.g., a specific document or email) and travels with the item across workloads. A retention policy applies to all content in a location (e.g., an entire SharePoint site or all Exchange mailboxes). Use labels for granular control, policies for blanket coverage.
A preservation lock is a setting on a retention label that prevents anyone (including global admins) from reducing the retention period, changing the action, or deleting the label. It is irreversible and used for regulatory compliance to ensure records are kept for the required time.
The retention engine runs a background process every 7 days. Items whose retention period has expired are processed during the next cycle. So deletion or disposition review may occur up to 7 days after the exact expiration date.
Yes, retention labels can be applied to individual Teams messages (channel or chat). However, Teams often uses retention policies for simplicity. Labels override policies for labeled messages. You must publish the label to Teams users.
The retention label takes precedence for the item it is applied to. The policy still applies to other items in the location. If the label retains forever and the policy deletes after 5 years, the labeled item is retained forever.
Yes, you can modify the retention period and action, as long as you have not enabled preservation lock. However, changes only apply to items labeled after the change. Existing items retain the original settings unless you relabel them.
You've just covered Retention Labels and Compliance — now see how well it sticks with free MS-900 practice questions. Full explanations included, no account needed.
Done with this chapter?