This chapter covers Records Management in Microsoft Purview, a critical topic for the SC-900 exam under Compliance Solutions (Objective 4.2). Records management ensures that organizations retain data as long as needed and dispose of it properly when no longer required, meeting legal and regulatory obligations. Expect approximately 10-15% of exam questions to touch on records management, retention labels, disposition reviews, and the differences between records and regular items. Mastering this topic is essential for understanding how Microsoft 365 helps organizations govern their data lifecycle.
Jump to a section
Think of an organization's records management like a public library's archive system. The library has a main reading room where patrons can browse current books and magazines (active data). But there's also a restricted archive in the basement for old, valuable, or legally required materials. The archivist (records manager) defines retention rules: newspapers are kept for 3 months, tax documents for 7 years, rare manuscripts permanently. Each item in the archive has a label with its category and retention period (retention label). When a patron returns a book, the librarian checks if it belongs to the archive. If yes, it's moved to the basement with a removal date stamped on it (disposition). If the removal date passes, the archivist reviews it (disposition review) and either destroys it (delete), transfers it to a museum (transfer), or extends its life. The archive also has a security guard (disposition approval) who must sign off before any item is permanently removed. This system ensures the library complies with legal requirements and doesn't keep unnecessary clutter. In Microsoft Purview, the same principles apply: retention labels classify content, retention policies enforce rules across locations, and disposition reviews provide human oversight before permanent deletion.
What is Records Management in Microsoft Purview?
Records management in Microsoft Purview is a set of features within the Microsoft 365 compliance center that enables organizations to manage their data lifecycle. It allows you to define retention and deletion rules for content, classify content as records, and perform disposition reviews before permanent deletion. The primary goal is to help organizations comply with legal, regulatory, and organizational policies regarding data retention.
Records management is built on two core concepts: retention labels and retention policies. Retention labels are applied to individual items (documents, emails, etc.) and can be published or auto-applied. Retention policies apply to containers (sites, mailboxes, etc.) and enforce rules at scale. Both can trigger actions like retaining content for a specified period, deleting it after a period, or both (retain then delete).
How Records Management Works Internally
When a retention label is applied to an item, the Microsoft 365 compliance service tags the item with metadata that includes the retention period, the action to take at the end of the period, and whether the item is a record. For items marked as records, additional restrictions are enforced: users cannot delete or edit the item during the retention period, and the item is preserved even if a user tries to permanently delete it (e.g., from the recycle bin).
The compliance service runs a background process (the Managed Folder Assistant) that evaluates items based on their retention labels. This assistant checks the creation date or the last modified date (depending on the label configuration) against the retention period. When the retention period expires, the assistant initiates the disposition action: if the label specifies deletion, the item is moved to the Preservation Hold library and then permanently deleted after a configurable grace period (default 7 days). If the label requires a disposition review, the item is moved to the Disposition review tab in the compliance center, where designated reviewers must approve or modify the action.
Key Components, Values, Defaults, and Timers
Retention Label: A label that defines retention and deletion rules. Can be published to users (manual application) or auto-applied using sensitive info types, trainable classifiers, or queries.
Retention Policy: Applies a single set of retention rules to entire locations (e.g., all Exchange mailboxes, all SharePoint sites). Cannot be applied to individual items.
Retention Period: Can be based on item age (creation or last modified) or a specific date. Default values: 1 day to 3650 days (10 years) or indefinite.
Disposition Review: A workflow that requires human approval before permanent deletion. Can be configured with up to 5 sequential stages, each with specific reviewers (individuals or groups).
Preservation Hold Library: A hidden, secure location in SharePoint where retained items are stored even if users try to delete them. Items remain there until the retention period ends and disposition is complete.
Managed Folder Assistant: A background process that runs every 7 days (configurable) to evaluate items and apply retention actions.
Default Retention Period for Records: If not specified, records are retained permanently (indefinite).
Disposition Review Grace Period: After the retention period expires, items wait 7 days before being moved to disposition review (configurable via PowerShell).
Configuration and Verification Commands
To manage records management via PowerShell, you use the Security & Compliance Center PowerShell module (Exchange Online PowerShell).
Get retention labels:
Get-ComplianceTag | Format-Table Name, RetentionAction, RetentionDurationCreate a retention label for records:
New-ComplianceTag -Name "Tax Records" -RetentionAction KeepAndDelete -RetentionDuration 2555 -RetentionType CreationAgeInDays -RecordType RegisteredNote: -RecordType Registered marks the label as a regulatory record (locked, cannot be removed by admins). For standard records, use -RecordType Standard.
Enable disposition review:
Set-ComplianceTag -Identity "Tax Records" -RetentionAction KeepAndDelete -RetentionDuration 2555 -RetentionType CreationAgeInDays -DispositionReviewEnabled $trueVerify disposition review items:
Get-ComplianceTag -Identity "Tax Records" | fl DispositionReviewEnabledCheck Managed Folder Assistant status:
Get-Mailbox -Identity user@domain.com | fl ElcProcessingEnabledHow Records Management Interacts with Related Technologies
Microsoft Purview Data Lifecycle Management (DLM): DLM is the broader umbrella that includes both records management and retention policies. Records management is the part that deals with classifying content as records and disposition reviews.
Microsoft Purview eDiscovery: Items subject to retention labels are preserved and discoverable via eDiscovery searches. Even if a retention label deletes an item, if there is an active eDiscovery hold, the deletion is blocked.
Microsoft Purview Auditing: All actions related to retention labels (apply, modify, dispose) are logged in the unified audit log. You can use Audit to track who applied a label or approved a disposition.
Microsoft 365 Groups: Retention policies can be applied to group mailboxes and sites, but records management labels are applied at the item level.
Sensitivity Labels: Sensitivity labels focus on protection (encryption, watermarking) while retention labels focus on lifecycle. They can be applied independently.
Step-by-Step Process of Applying a Retention Label and Disposition
An administrator creates a retention label in the Microsoft Purview compliance portal with a retention period of 7 years and a disposition action to delete after review.
The label is published to users or auto-applied via a policy.
A user manually applies the label to a document in SharePoint, or the system auto-applies it based on sensitive information detected (e.g., a credit card number).
The Managed Folder Assistant runs (every 7 days) and detects the labeled item. It calculates the retention end date based on the item's creation date + 7 years.
During the retention period, the item cannot be deleted or edited by users (if marked as a record). The item is moved to the Preservation Hold library if a user attempts to delete it.
On the retention end date, the item is moved to the Disposition review queue. The system sends email notifications to the designated reviewers.
A reviewer logs into the compliance center, navigates to Records management > Disposition, and reviews the item. They can approve deletion, extend retention, or relabel.
If approved, the item is permanently deleted within 7 days (default grace period). The deletion is logged in the audit log.
Exam Focus: What SC-900 Tests
SC-900 tests your understanding of the purpose and capabilities of records management, not the detailed configuration steps. You need to know:
The difference between retention labels and retention policies.
What a record is and its restrictions (cannot be edited or deleted).
The purpose of disposition reviews.
How records management supports regulatory compliance.
Common exam traps:
Confusing retention labels with sensitivity labels. Retention labels manage lifecycle; sensitivity labels manage protection.
Thinking that retention policies can be applied to individual items (they cannot; they apply to entire locations).
Assuming that records can be edited by administrators during retention (they cannot, even admins are blocked unless they remove the label, which requires special permissions).
Forgetting that items under retention are preserved in the Preservation Hold library, not deleted immediately.
Real-World Scenario
A multinational corporation must comply with the EU's General Data Protection Regulation (GDPR) and the Sarbanes-Oxley Act (SOX). They use Microsoft Purview records management to:
Auto-apply a retention label to all emails containing financial data (detected by sensitive info type) that retains them for 7 years and then deletes them after a disposition review.
Publish a retention label for HR records that retains employee contracts for 5 years after termination, with a regulatory record tag to prevent any edits.
Configure disposition reviews with a multi-stage approval process for legal documents, requiring both the legal team and the records manager to approve deletion.
In production, the compliance team monitors the Disposition tab weekly, uses audit logs to track label applications, and runs PowerShell scripts to verify label compliance across all tenants. A common misconfiguration is setting the retention period too short, causing items to be deleted before legal review. Another is forgetting to enable disposition review, leading to automatic deletion without human oversight, which violates internal policies.
Misconceptions
Myth: Retention labels and retention policies are the same thing. Reality: Retention labels are applied to individual items and can be manually or auto-applied; retention policies apply to entire locations (e.g., all mailboxes) and cannot be applied to individual items. Both can have retention and deletion actions, but labels support records classification and disposition reviews.
Myth: Once a record is marked, it can be deleted by an administrator. Reality: Records cannot be deleted or edited during the retention period by any user, including administrators. Only by removing the record label (which requires special permissions) can the item be deleted.
Myth: Disposition review is optional and not needed for compliance. Reality: Disposition review provides a human checkpoint before permanent deletion, which is often required by regulations to ensure that no legal hold or other retention requirement is still active.
Myth: Retention policies are applied immediately to all existing items. Reality: Retention policies are applied by the Managed Folder Assistant, which runs every 7 days by default. It may take up to 7 days for the policy to take effect on existing items.
Myth: Items under retention cannot be searched by eDiscovery. Reality: Items under retention are preserved and fully searchable via eDiscovery. In fact, retention ensures they are available for legal discovery.
Comparisons
Retention Labels vs. Retention Policies: Retention labels are granular (per item), support manual/auto-application, can mark items as records, and support disposition reviews. Retention policies are broad (per location), apply automatically to all content in the location, and do not support records or disposition reviews.
Records vs. Regular Items: Records are immutable during retention (cannot be edited or deleted), while regular items can be modified but not permanently deleted (they are preserved in the Preservation Hold library). Records also support disposition reviews, while regular items are deleted automatically after retention.
Manual vs. Auto-Apply Labels: Manual labels require user action to apply, giving users control but risking inconsistency. Auto-apply labels use conditions (sensitive info types, classifiers) to ensure consistent application, reducing human error.
Key Takeaways
Records management in Microsoft Purview controls the lifecycle of content, from creation to permanent deletion.
Retention labels can classify items as records, making them immutable during the retention period.
Disposition reviews provide human oversight before permanent deletion, often required for compliance.
The Managed Folder Assistant runs every 7 days to apply retention actions.
Items under retention are stored in the Preservation Hold library, preventing permanent deletion.
Records management integrates with eDiscovery, auditing, and sensitivity labels.
SC-900 tests conceptual understanding, not PowerShell commands.
FAQ
What is the difference between a retention label and a retention policy? A retention label is applied to individual items (documents, emails) and can be manually or auto-applied. A retention policy applies to entire locations (e.g., all SharePoint sites) and cannot be applied to individual items. Labels can mark items as records and support disposition reviews; policies cannot.
Can a record be deleted before the retention period ends? No. Records are immutable; they cannot be edited or deleted by anyone, including administrators, during the retention period. The only way to delete a record early is to remove the retention label, which requires special permissions (Retention Manager role).
What happens when a retention period expires? The action defined in the label (delete, retain, or review) is triggered. If disposition review is enabled, the item moves to the Disposition queue for approval. If not, the item is deleted after a grace period (default 7 days).
How long does it take for a retention label to take effect? The Managed Folder Assistant runs every 7 days. After a label is applied, it may take up to 7 days for the retention rules to be enforced on existing items. New items are evaluated sooner.
Can I use both a retention label and a sensitivity label on the same item? Yes. Sensitivity labels control protection (encryption, access restrictions), while retention labels control lifecycle. They are independent and can be applied simultaneously.
What is the Preservation Hold library? It is a hidden, secure location in SharePoint where items under retention are stored when a user tries to delete them. Users cannot access or modify items in this library. Items remain there until the retention period ends and disposition is complete.
Do retention labels apply to Teams messages? Yes. Retention labels can be applied to Teams channel messages and chat messages, but only when auto-applied via policies (manual application is not supported for Teams).
Quiz
1. Which of the following best describes the purpose of disposition review in Microsoft Purview records management? - A) To automatically delete items when the retention period expires. - B) To require human approval before items are permanently deleted. - C) To classify items as records. - D) To apply encryption to sensitive items. Answer: B. Disposition review ensures that a designated reviewer approves deletion, providing a compliance checkpoint. It does not automatically delete (A) or classify (C) or encrypt (D).
2. A user applies a retention label with a 5-year retention period to a document. What happens if the user tries to delete the document after 1 year? - A) The document is deleted permanently. - B) The document is moved to the recycle bin and can be recovered. - C) The document is preserved in the Preservation Hold library. - D) The user receives an error and cannot delete the document. Answer: C. If the label marks the item as a record, the user cannot delete it (D). But if it's a regular item under retention, the delete is allowed but the item is preserved in the Preservation Hold library. The question doesn't specify 'record', so the general behavior for items under retention is preservation. However, for SC-900, the key point is that items under retention cannot be permanently deleted; they are preserved.
3. Which of the following is a difference between a retention label and a retention policy? - A) Retention labels can be applied to entire locations; retention policies apply to individual items. - B) Retention labels support disposition reviews; retention policies do not. - C) Retention policies can mark items as records; retention labels cannot. - D) Retention labels are applied automatically; retention policies require manual application. Answer: B. Retention labels can include disposition reviews; retention policies cannot. A is reversed. C is false (labels mark records). D is false (labels can be manual or auto; policies are auto).
4. What is the default interval for the Managed Folder Assistant to process retention labels? - A) Every 1 day - B) Every 7 days - C) Every 30 days - D) Every 24 hours Answer: B. The Managed Folder Assistant runs every 7 days by default, though it can be configured differently.
5. An organization needs to ensure that emails containing credit card numbers are retained for 7 years and then automatically deleted without human intervention. Which solution should they use? - A) A retention policy applied to all mailboxes with a 7-year retention and delete action. - B) An auto-apply retention label with a 7-year retention and delete action, no disposition review. - C) A sensitivity label with encryption. - D) A manual retention label applied by users. Answer: B. An auto-apply label ensures all matching emails get the label, and the delete action without disposition review will automatically delete after 7 years. A policy would apply to all mailboxes indiscriminately, not just those with credit card numbers. C is for protection, not lifecycle. D relies on users, which is inconsistent.
Meta
meta_title: Records Management in Microsoft Purview SC-900 Study Guide
meta_description: Learn records management in Microsoft Purview for SC-900. Understand retention labels, disposition reviews, and compliance. Essential for exam success.
estimated_read_minutes: 25
Create Retention Label
An administrator navigates to the Microsoft Purview compliance portal, selects Records management, and creates a new retention label. They define the retention period (e.g., 7 years), the action at end of period (delete, retain, or review), and whether to mark items as records. They also set the retention type (based on creation age or last modified). This label is the core rule that will govern the lifecycle of content.
Publish or Auto-Apply Label
The administrator publishes the label to users (so they can manually apply it) or creates an auto-apply policy that automatically assigns the label to items based on conditions like sensitive info types (e.g., credit card numbers), trainable classifiers, or specific queries. The policy is assigned to locations (e.g., Exchange, SharePoint, OneDrive). The system then applies the label to matching items.
Label Applied to Item
When a user manually applies the label or the system auto-applies it, the item's metadata is updated with the retention rules. If the label marks it as a record, the item becomes immutable: users cannot edit or delete it. The item's retention end date is calculated based on the creation date (or last modified) plus the retention duration. This metadata is stored in the compliance backend.
Managed Folder Assistant Processes
The Managed Folder Assistant runs every 7 days by default. It scans items with retention labels and checks if the retention period has expired. If expired, it initiates the disposition action. If the label requires a disposition review, the item is moved to the Disposition queue. If deletion without review, the item is permanently deleted after a 7-day grace period. The assistant logs all actions in the audit log.
Disposition Review and Final Action
For items requiring disposition review, designated reviewers receive email notifications and can access the Disposition tab in the compliance center. They review the item details (content, retention period, context) and can approve deletion, extend retention, or relabel. If approved, the item is permanently deleted after the grace period. If extended, the retention period is reset. All decisions are audited.
In a large financial services firm, records management is critical for complying with regulations like SEC Rule 17a-4, which requires retention of broker-dealer records for at least 3 years, with the first 2 years in an accessible place. The firm deploys Microsoft Purview records management to auto-apply retention labels to all emails and documents containing trade confirmations. They use sensitive info types to detect CUSIP numbers and trade amounts. The labels are set to retain for 3 years and then delete after a disposition review. The disposition review involves a two-stage approval: first by the compliance officer, then by the legal team. The firm runs the Managed Folder Assistant weekly and uses PowerShell scripts to generate compliance reports. A common issue is that users accidentally apply the wrong label, causing premature deletion or extended retention. To mitigate, they restrict manual label application to a few trained users and rely on auto-apply for most content. Another challenge is performance: with over 100,000 mailboxes, the Assistant can take hours to process all items. They schedule it during off-peak hours. Misconfiguration often occurs when the retention period is set too short for certain records, leading to deletion before regulatory requirements are met. The firm uses audit logs to track label applications and conducts quarterly reviews of label effectiveness. They also integrate with eDiscovery to ensure that items under retention are searchable for legal cases. Overall, records management provides a systematic way to enforce data lifecycle policies, reduce storage costs, and meet compliance obligations.
For SC-900, you need to know the following about records management:
Objective 4.2: Describe the capabilities of Microsoft Purview Data Lifecycle Management and Records Management.
The exam tests your ability to identify the purpose and high-level features of records management. You will NOT be asked to configure PowerShell commands or detailed settings. Instead, focus on:
The difference between retention labels and retention policies.
What a record is and its restrictions (cannot be edited or deleted during retention).
The purpose of disposition reviews (human approval before deletion).
How records management supports regulatory compliance (e.g., GDPR, SOX).
Common Wrong Answers and Why Candidates Choose Them: 1. Confusing retention labels with sensitivity labels. Many candidates think retention labels control encryption. Reality: Sensitivity labels control protection; retention labels control lifecycle. 2. Thinking retention policies can be applied to individual items. Candidates may see 'policy' and assume it's like a label. Reality: Policies apply to entire locations (e.g., all SharePoint sites), not individual items. 3. Believing records can be deleted by administrators. Candidates may think admins have override powers. Reality: Records are immutable; only removing the label (with special permissions) allows deletion. 4. Assuming disposition review is automatic deletion. Candidates may think 'review' means the system automatically deletes after review period. Reality: Disposition review requires human approval; if no one approves, the item is not deleted.
Specific Numbers and Terms That Appear on the Exam: - Retention period: up to 3650 days (10 years) or indefinite. - Managed Folder Assistant runs every 7 days. - Items under retention are stored in the Preservation Hold library. - Disposition review can have up to 5 stages. - Regulatory records are locked and cannot be removed.
Edge Cases and Exceptions: - If an item has both a retention label and a legal hold, the hold takes precedence, and the item is not deleted even if the retention period ends. - Retention labels applied to Teams messages only work with auto-apply policies; manual application is not supported. - If a user deletes a site collection, items under retention in that site are preserved in the Preservation Hold library for up to 30 days.
How to Eliminate Wrong Answers: - If the option mentions 'encryption' or 'access control', it belongs to sensitivity labels, not retention. - If the option says 'applies to all items in a location automatically', it's a retention policy, not a label. - If the option says 'requires human approval to delete', it's a disposition review, not automatic deletion. - If the option says 'item cannot be edited', it's a record.
Use these patterns to quickly eliminate distractors and select the correct answer.
Records management controls the lifecycle of content from creation to permanent deletion.
Retention labels can classify items as records, making them immutable during the retention period.
Disposition reviews provide human oversight before permanent deletion, often required for compliance.
The Managed Folder Assistant runs every 7 days to apply retention actions.
Items under retention are stored in the Preservation Hold library, preventing permanent deletion.
Records management integrates with eDiscovery, auditing, and sensitivity labels.
SC-900 tests conceptual understanding, not PowerShell commands.
These come up on the exam all the time. Here's how to tell them apart.
Retention Labels
Applied to individual items (documents, emails).
Can be manually applied by users or auto-applied via conditions.
Can mark items as records (immutable).
Support disposition reviews (human approval before deletion).
Granular control per item.
Retention Policies
Applied to entire locations (e.g., all mailboxes, all SharePoint sites).
Automatically applied to all content in the location; no manual application.
Cannot mark items as records.
Do not support disposition reviews; deletion is automatic.
Broad, blanket control.
Mistake
Retention labels and retention policies are the same thing.
Correct
Retention labels are applied to individual items and can be manually or auto-applied; they support records classification and disposition reviews. Retention policies apply to entire locations (e.g., all mailboxes) and do not support records or disposition reviews.
Mistake
Once a record is marked, it can be deleted by an administrator.
Correct
Records cannot be deleted or edited during the retention period by any user, including administrators. Only by removing the record label (which requires special permissions) can the item be deleted.
Mistake
Disposition review is optional and not needed for compliance.
Correct
Disposition review provides a human checkpoint before permanent deletion, which is often required by regulations to ensure that no legal hold or other retention requirement is still active. It is a critical compliance feature.
Mistake
Retention policies are applied immediately to all existing items.
Correct
Retention policies are applied by the Managed Folder Assistant, which runs every 7 days by default. It may take up to 7 days for the policy to take effect on existing items.
Mistake
Items under retention cannot be searched by eDiscovery.
Correct
Items under retention are preserved and fully searchable via eDiscovery. In fact, retention ensures they are available for legal discovery.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
A retention label is applied to individual items (documents, emails) and can be manually or auto-applied. A retention policy applies to entire locations (e.g., all SharePoint sites) and cannot be applied to individual items. Labels can mark items as records and support disposition reviews; policies cannot.
No. Records are immutable; they cannot be edited or deleted by anyone, including administrators, during the retention period. The only way to delete a record early is to remove the retention label, which requires special permissions (Retention Manager role).
The action defined in the label (delete, retain, or review) is triggered. If disposition review is enabled, the item moves to the Disposition queue for approval. If not, the item is deleted after a grace period (default 7 days).
The Managed Folder Assistant runs every 7 days. After a label is applied, it may take up to 7 days for the retention rules to be enforced on existing items. New items are evaluated sooner.
Yes. Sensitivity labels control protection (encryption, access restrictions), while retention labels control lifecycle. They are independent and can be applied simultaneously.
It is a hidden, secure location in SharePoint where items under retention are stored when a user tries to delete them. Users cannot access or modify items in this library. Items remain there until the retention period ends and disposition is complete.
Yes. Retention labels can be applied to Teams channel messages and chat messages, but only when auto-applied via policies (manual application is not supported for Teams).
You've just covered Records Management in Microsoft Purview — now see how well it sticks with free SC-900 practice questions. Full explanations included, no account needed.
Done with this chapter?