Gem of a New Feature
Microsoft often hypes a preview feature that isn’t really worth the limelight. And sometimes, they introduce a gem without any fanfare. Such is the case of Retention Policy Lookup, which appeared in the Microsoft Purview compliance portal for my tenant over the weekend.
In a nutshell, policy lookup allows a compliance administrator to see what Microsoft 365 retention policies apply to users (mailboxes), SharePoint Online sites (including OneDrive for Business accounts), or Microsoft 365 groups (messages and documents). The reason why this is an important advance is that it solves a problem that becomes increasingly difficult as an organization develops and applies more retention policies.
Types of Retention Policies
Microsoft 365 retention policies come in three flavors:
- Label publishing policies make sets of retention labels available to end users. A user might come within the scope of multiple label publishing policies, each of which controls from one to many labels. Applications like SharePoint Online resolve all applicable policies to expose the full set of available labels to individual users.
- Retention policies apply general retention settings to target locations (users, sites, and groups). For example, keep all SharePoint content for three years. Retention policies can be org-wide (apply to all locations for one or more workloads, like Exchange Online), or non org-wide (apply to specific locations within workloads, like five selected SharePoint Online sites).
- Auto-label policies use search criteria to find specific information and apply a retention label to matching items. Using an auto-label policy to find and label Teams meeting recordings is an example of such a policy.
All contribute to making sure that messages, documents, and lists have suitable retention labels. User-applied labels have precedence over auto-applied labels, and retention policies act as a sweep to cover anything without a more specific label.
Figuring Out What’s Stopping Deletion
All’s well, except when users, sites, or groups come within the scope of multiple policies. Then it becomes difficult to understand what policies affect the ability to delete an item. Take the example of a SharePoint Online site flagged in the SharePoint admin center as having a compliance policy which blocks deletion. You know that a retention policy affects the site (Figure 1), but not which retention policy blocks deletion.
Until now, you could try to figure out what retention policies apply to a location by checking the set of policies to look for org-wide policies first (because they have the broadest coverage) followed by non-org wide policies. If you have Office 365 E5 or Microsoft 365 E5 policies, you might have to check retention policies with adaptive scopes. And finally, you’d have to figure out if the location stores any items with retention labels. Some of this work is possible using PowerShell with cmdlets like Get-RetentionCompliancePolicy, but the complexity of figuring out exactly what retains some content grows exponentially as the number of retention policies increases.
The new policy lookup feature solves the problem. Available in the Information governance section of the Microsoft 365 compliance center, the new option supports lookup for users, sites, and groups and reports back the set of retention policies which have the selected location within their scope. Policy lookup is available only for currently active mailboxes. It doesn’t lookup retention for inactive or soft-deleted mailboxes.
As an example, I checked the site shown in Figure 1 to see what retention policies might block its deletion. Figure 2 shows the result of the lookup. It would be nice if the UI showed the type of each policy, but it’s easy enough to check what each policy does. In this case, the first two are label publishing policies and the last two are auto-label policies.
The existence of a label publishing policy or auto-label policy in the list doesn’t mean that any of the labels used by these policies exist in the target location. To be sure, you’d need to check the labels applied to items in the location and remove any which might block deletion because their retention periods have not lapsed.
For retention policies, you can remove the location from the list of locations covered by the policy to allow deletion to proceed. However, this is not something that happens quickly because you need to allow time for the host workload to process the change made to the policy and recognize that the location no longer needs to be retained. The same is true if you lookup a location for the set of policies after making a change. It can take several days before a retention policy disappears from the list shown by the lookup.
Some Actions Would be Nice Too
Like any preview feature, some gaps exist that you might like to see filled. I have already noted that I’d like to see the retention policy type shown in the list of policies returned by a lookup. It would be nice to be able to generate a list of items in a location with labels published or auto-applied by a selected policy. For retention policies, it would be good to be able to have a single-click removal of a selected location from the scope of a selected policy.
After all, it’s great to know what policies exist to cover a user, site, or group. It’s so much better when you can do something with that information. Isn’t that what software exists to do?
Insight about topics like retention policies doesn’t come easily. You’ve got to know the technology and understand how to look behind the scenes. Benefit from the knowledge and experience of the Office 365 for IT Pros team by subscribing to the best eBook covering Office 365 and the wider Microsoft 365 ecosystem.