Tutorial / Cram Notes
A retention policy is a set of rules that dictate how long information must be kept and what to do with it after that period expires. Retention policies can be applied at various levels, including specific locations like Exchange mailboxes, SharePoint sites, or OneDrive accounts. This ensures that data is retained for a specified duration and cannot be permanently deleted by users before the retention period ends.
For example, a financial organization might have a retention policy to keep all email communications for seven years to comply with industry regulations. Any email that falls under this policy will be retained for seven years from its creation date, regardless of user actions such as deletion attempts.
Below is an example of what a simple retention policy might look like:
| Retention Policy Name | Description | Retention Period | Locations |
|---|---|---|---|
| Financial Records | Retains all financial communications and documents | 7 Years | Exchange, SharePoint, Teams |
Retention Labels
Retention labels, on the other hand, are more granular. They can be applied to individual items, such as emails or documents, and can carry different retention settings. Unlike retention policies, which are typically applied across set locations, retention labels give users or administrators the ability to classify data at the item level.
Continuing with the financial organization example, not every document requires a seven-year retention. Some might need to be kept indefinitely while others might only be relevant for three years. This is where retention labels come into play. An administrator can create different retention labels for different types of records and employees can apply them to content manually, or they can be applied automatically based on certain conditions.
An example of retention labels could include:
| Retention Label | Description | Retention Period | Action after Retention Expires |
|---|---|---|---|
| Keep Indefinitely | Applies to critical financial records that must be kept permanently | Indefinite | None (retain) |
| 7-Year Retention | Standard label for regular financial records | 7 Years | Review or delete |
| 3-Year Retention | For non-critical financial records that require shorter retention | 3 Years | Automatically delete |
Differences Between Retention Policies and Retention Labels
While both retention policies and labels help in retaining important information, they significantly differ in their application scope and flexibility:
- Scope: Retention policies are applied broadly to a location (e.g., a user’s entire mailbox), while retention labels are applied to individual items within that location (e.g., a specific email).
- Flexibility: Retention labels offer finer control as different labels with different retention settings can be applied within the same location.
- User Interaction: Retention labels can be applied by users manually (or automatically based on conditions), allowing for item-specific retention. Retention policies, once set by the administrator, do not require user interaction.
In the context of the SC-900 Microsoft Security, Compliance, and Identity Fundamentals exam, understanding the purpose, application, and differences between retention policies and labels is essential. Test takers should be familiar with how these tools contribute to maintaining the compliance posture of an organization, applying the right retention for different types of data, and the implications of retaining or deleting information according to organizational policies and regulatory requirements. Furthermore, they should be able to exemplify how these features integrate with the broader compliance framework within Microsoft 365.
Practice Test with Explanation
True/False: Retention policies in Microsoft 365 can be applied automatically based on specific conditions, such as when content contains certain sensitive information.
- True
Retention policies can be applied automatically by setting conditions like when content has certain keywords or contains sensitive information.
True/False: Once a retention label is applied to a document, it cannot be changed by users.
- False
Users with proper permissions can change the retention label applied to a document unless the label is locked.
What is the primary purpose of retention labels in Microsoft 365?
- a) To encrypt documents and emails
- b) To enforce document versioning controls
- c) To manage the lifecycle of content by ensuring that it is retained or deleted appropriately
- d) To prevent sharing of sensitive information
Answer: c) To manage the lifecycle of content by ensuring that it is retained or deleted appropriately
Retention labels are used to manage the retention and deletion policies of content within Microsoft
True/False: Retention labels can be applied manually by users or automatically by administrators configuring label policies.
- True
Retention labels can be applied both manually by end-users and automatically through label policies set up by administrators.
Multiple Select: Which of the following can be used as triggers for applying retention policies?
- a) Content types
- b) Sensitivity labels
- c) User actions
- d) Specific keywords or sensitive information
Answer: a) Content types, b) Sensitivity labels, d) Specific keywords or sensitive information
Retention policies can be triggered based on content types, sensitivity labels, and specific keywords or types of sensitive information. User actions are not a direct trigger but can indirectly cause a retention policy to apply if they result in tagged content.
True/False: Once a retention label is published, it can be applied to items in Microsoft Exchange, SharePoint, and OneDrive.
- True
After publishing a retention label, it can be applied to content across different Microsoft 365 services including Exchange, SharePoint, and OneDrive.
Single Select: When a retention policy is applied to an email, what happens to the email once the retention period expires?
- a) It is automatically encrypted.
- b) It is permanently retained.
- c) It is automatically deleted or retained depending on the policy settings.
- d) It is moved to a user’s personal archive.
Answer: c) It is automatically deleted or retained depending on the policy settings.
When the retention period expires, the email can either be automatically deleted or retained further according to the configured retention policy settings.
True/False: A retention policy can be configured to keep content forever.
- True
A retention policy can be configured with the option to retain content indefinitely.
True/False: Retention policies only apply to emails and documents stored within Microsoft 365 services.
- False
Retention policies can apply to a variety of content types including emails, documents, instant messaging conversations, and more, across multiple Microsoft 365 services.
Single Select: Who has the ability to manage and create retention labels in Microsoft 365?
- a) Any user within the organization
- b) Only Microsoft 365 administrators
- c) Members with compliance management roles
- d) Global readers
Answer: c) Members with compliance management roles
Typically, members who have roles associated with compliance management, such as Compliance Administrator or Records Management, can manage and create retention labels.
True/False: Retention policies ensure that data is only deleted after legal or regulatory retention requirements have been met.
- True
Retention policies are designed to help organizations meet their legal and regulatory data retention requirements by preventing the deletion of data before the end of the retention period.
Multiple Select: What actions can be taken on content at the end of its retention period in Microsoft 365 retention policies?
- a) Label content as important
- b) Permanently delete the content
- c) Retain the content and remove the label
- d) Do nothing
Answer: b) Permanently delete the content, c) Retain the content and remove the label
At the end of a retention period, the policy can be set to permanently delete the content or retain the content while optionally removing the applied retention label.
Interview Questions
What is a retention policy in Microsoft 365 compliance?
A retention policy is a set of rules that are applied to specific types of content to manage how long that content should be retained in your organization.
How does a retention policy work in Microsoft 365 compliance?
A retention policy can be used to retain content for a specific period of time or indefinitely, and it can also be used to delete content when it is no longer needed.
What is a retention label in Microsoft 365 compliance?
A retention label is a tag that you can apply to specific types of content to enforce retention policies.
How does a retention label work in Microsoft 365 compliance?
When a retention label is applied to content, the retention policy associated with that label is applied to that content.
What are the benefits of using retention policies and labels in Microsoft 365 compliance?
Retention policies and labels help organizations manage the lifecycle of their content and ensure that content is retained or deleted in accordance with regulatory requirements and organizational policies.
Can retention policies and labels be used to enforce legal holds?
Yes, retention policies and labels can be used to place content on legal hold, which prevents the content from being deleted or modified.
What types of content can be managed with retention policies and labels in Microsoft 365 compliance?
Retention policies and labels can be used to manage email messages, documents, and other types of content in Microsoft 365.
Can retention policies and labels be customized for specific business needs?
Yes, retention policies and labels can be customized to meet the specific retention and deletion requirements of an organization.
How does retention policies and labels support regulatory compliance in Microsoft 365?
Retention policies and labels can help organizations meet regulatory requirements for data retention and destruction by enforcing retention policies on specific types of content.
How can an organization get started with retention policies and labels in Microsoft 365 compliance?
Organizations can get started with retention policies and labels by defining their retention and deletion requirements, creating retention policies and labels to enforce those requirements, and applying those labels to content in their environment.
Can someone explain what Retention Policies and Retention Labels are in the context of the SC-900 exam?
How are Retention Policies and Retention Labels different from each other?
Thanks for the informative blog post!
This blog post helped clear up my confusion regarding data retention.
Can Retention Labels be automatically applied based on certain conditions?
What happens to emails when a Retention Policy is applied to a mailbox?
Our organization is having trouble with setting retention periods. Any advice?
Appreciate the detailed explanation on retention policies!