Forum Discussion
Microsoft Purview best practices
I am wondering what the best way to accomplish this would be.
We are working at stepping down our email retention periods from 10 years to 5 years. We currently have a 10-years policy that uses a dynamic 365 group for assigned users. The group runs a query that finds anyone in our organization with a Business Premium license. That's working great.
Our next step is to go to a 5-year policy. But we have several users that need to be placed in a 7-year policy. Microsoft has removed the option to use both the include and exclude settings in a retention policy.
My question is, Are we over thinking the way to do this?
Or should we just be doing this:
Create one 5-year policy that is set to the entire organization.
Then create a 365 dynamic group with the users who need the 7-year policy assigned to it.
Then create a 7-year policy and assign the 7-year policy group to it.
Then also place that group in the Exclude listing of the 5-year policy.
Will that work and is it best practice.?
I can't afford to make a mistake on this and I can't remember if I created the dynamic group with the query for licensed users for a reason or if I was just being too detailed.
No worries. I did not put the proper detail in the ticket at the start. But yes we are just using these policies to keep the amount of emails down in any mailbox to 5 years. Without taking away from the user the ability to delete emails whenever they want.
So, if shortest wins in our scenario, then will the process I wrote in the original post be the correct way to get this done?
Yes, that should do then. The only part I would worry about is that you are switching from "targeted" to tenant-wide policy for the 5-year delete, double- and triple-check this will have the desired result across all mailboxes. If possible try to come up with a way to only target the users that do need the 5-year policy, as tenant-wide ones will affect things like Inactive mailboxes.
You can also consider using "Exchange" retention labels. They do not work for actual "retention" scenarios, but are perfectly adequate for "cleanup" ones, and give you a bit more flexibility (you can target specific folders). You can set up a "default" policy that will apply to all mailboxes, and another one with the 7-year retention. Though you cannot use dynamic groups there.
This is where it gets confusing. I've read that page as well and it also states that the shortest deletion period wins. Since our policies are simple delete policies (when an email reaches 5 years in age it is deleted, same with the 7-year policy) I read this as meaning that the 5-year policy will win out. In other words, we are setting policies that say you can't delete anything before it reaches 5 years. Anyone can delete an email when they want. We are just doing 'house cleaning' policies that will limit how much email will be allowed to be kept in a mailbox.
I hope this makes sense.
Right, well you didn't mention that those are "delete" policies, so I assumed wrong above, sorry about that. Yes, "shortest deletion" wins. You can however use a policy with "retain then delete" type of action, which will ensure that items are retained for X years, and once the period ends, will be deleted.
If you are using purely "delete" policies, without the retain component, user will actually NOT be prevented from deleting items, even before the period expires. And for such policies, the shortest period wins.
You do not need to exclude them from the other policy. The rules of retention dictate that the longest retention period wins, so even if you have multiple policies assigned, the 7-year one will apply. Read here for details:
