Create Retention Policy in Microsoft 365

If you’re just starting your journey in Microsoft 365, or if you’ve never set it up, retention policies are very important. These policies are important to preserve data should it be deleted. Without a retention policy in-place, data will be unrecoverable after it’s removed from a user’s recycling bin or trash.

One important difference in the way that M365 handles retention versus some other cloud providers is that retention policies still apply after an account has been deleted. That means that data retained by a retention policy will stay after the owner’s account is removed.

As of this writing, organizations with M365 E5/A5 and E3/A3 licenses are licensed to use retention policies. See Microsoft 365 licensing guidance for security & compliance – Service Descriptions | Microsoft Docs for more details.

Create Retention Policies

To cover all M365 services, you will need to create two retention policies. The two policies are pretty much broken down into Teams and everything else. If your organization does not use Teams, you can disregard that section.

  1. Launch the Microsoft 365 Compliance Center by going to
  2. Select Show All from the left navigation bar and select Information governance.
  3. Click Retention.
  1. Click New retention policy.
  2. Give your policy a Name, optional Description and click Next.
  1. Configure the retain and delete setting per your organization’s requirements. For a simple “keep things for 10 years” policy, just change the middle field to 10. Once configured, click Next.

NOTE: The “Retain content based on” box is important, especially when considering OneDrive and SharePoint. The policy can retain data based on file creation date, or last modified. Pay attention to this setting when creating the policy.

  1. Select the locations you wish to retain with this policy. I recommend enabling everything except Skype for Business (see SfB section at end of this post) and the last options for Teams (since Teams has to be configured separately). This will retain all data held within M365. Once your locations are configured, click Next.
  1. Click Create this policy to create the policy. Microsoft documents that it will take about 24 hours for the policy to be completely in effect.

Teams Retention Policy

To configure the retention policy for Teams, perform steps 1-8 from above. On step 7, disable all default options and enable the two Teams options.

Skype for Business

I recommend not enabling retention on SfB unless it’s absolutely necessary. There is a technical challenge in that you cannot select all users. So, in order to enable retention, you will have to manually enable it for all accounts either through the GUI or via PowerShell. You will also have to remember to enable it every time a new user account is created. This is impractical for an organization of any size. SfB is also going away in favor of Teams.


All content provided on this blog is for information purposes only. Windows Management Experts, Inc makes no representation as to accuracy or completeness of any information on this site. Windows Management Experts, Inc will not be liable for any errors or omission in this information nor for the availability of this information. It is highly recommended that you consult one of our technical consultants, should you need any further assistance.



Contact Us

On Key

More Posts

WME Security Briefing 27 May 2024

Kinsing Hacker Group Exploits Docker Vulnerabilities Overview Recent investigations have shown that the hacker group Kinsing is actively exploiting Docker vulnerabilities to gain unauthorized access to systems. The modified hacker group targets misconfigured Docker API ports deployed with cryptocurrency mining malware.

Read More »
WME Cybersecurity Briefings No. 010
Cyber Security

WME Security Briefing 20 May 2024

Advanced Persistent Threats: North Korean Hackers Launch Golang Malware Overview A new malware strain, called Titan Stealer, is currently actively circulating in the threat landscape, targeting a variety of personal data and linked to North Korean state-sponsored cyber espionage

Read More »
WME Cybersecurity Briefings No. 009
Cyber Security

WME Security Briefing 08 May 2024

Exploitable vulnerability in Microsoft Internet Explorer, used to deploy VBA Malware Overview Cybersecurity researchers discovered a severe exploitation targeting a bug that had already been patched in the Microsoft Internet Explorer browser. Their report added that

Read More »
WME Cybersecurity Briefings No. 008
Cyber Security

WME Security Briefing 03 May 2024

Security Bulletin: MITRE Corporation Targeted by Nation-State Cyber Attack Overview The MITRE Corporation, a prominent security and cybersecurity researcher in the USA, has fallen prey to compromise in its environment because of a sophisticated cyberattack from

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.