Data management is a critical aspect of any organization’s compliance strategy. With increasing amounts of data being generated and stored in cloud-based platforms like Microsoft 365, it becomes more important than ever to ensure that data is properly classified and managed throughout its lifecycle. One way to achieve this is by using retention labels in Microsoft 365 Compliance. In this blog post, we will explore retention labels and how they can be used to manage data in Microsoft 365.
Retention labels are a powerful tool for managing data in Microsoft 365 Compliance. They allow organizations to classify data based on its level of sensitivity, regulatory requirements, or other factors, and then apply retention policies that govern how long that data should be retained or deleted. Retention policies can be based on a specific date, or they can be based on the retention label itself, making it easy to manage data across a wide range of content types.
Getting started
To get started with retention labels in Microsoft 365 Compliance, you can use the Security & Compliance Center to create a new retention label. Once you have created a retention label, you can then use it to create a retention policy. Retention policies define how long data should be retained or deleted based on the retention label that is applied to it.
One of the benefits of retention labels in Microsoft 365 Compliance is that they can be used to manage data across a wide range of content types. This includes email, documents, and other types of files. Retention labels can be applied manually by users, or they can be automatically applied using policies. For example, you could create a policy that automatically applies a retention label to any email that contains sensitive customer data.
Another benefit of retention labels is that they can be managed using PowerShell. PowerShell is a scripting language that can be used to automate many tasks in Microsoft 365 Compliance, including the creation and management of retention labels. This makes it easy to bulk create and publish retention labels across your entire organization.
Before we proceed with bulk creation of retention labels via CSV input file, it’s important to ensure that you have connected to the correct PowerShell environment. You can connect to the Security & Compliance Center PowerShell by following the instructions provided in this Microsoft documentation: https://docs.microsoft.com/en-us/powershell/exchange/exchange-online/connect-to-exchange-online-powershell/connect-to-exchange-online-powershell?view=exchange-ps
To create a retention label using PowerShell via CSV input file, you can use the Import-CSV cmdlet. Here is an example of how to create multiple retention labels via CSV input file:
powershell
# Import CSV file with retention label details
$RetentionLabels = Import-CSV -Path “C:\RetentionLabels.csv”
# Loop through each row in the CSV file and create the retention label
foreach ($RetentionLabel in $RetentionLabels) {
New-ComplianceRetentionLabel -Name $RetentionLabel.Name -Description $RetentionLabel.Description -RetentionDuration $RetentionLabel.Duration -RetentionUnit $RetentionLabel.Unit
}
The CSV input file should have the following headers: Name, Description, Duration, and Unit. Here is an example of how the CSV file might look:
CSV
Name,Description,Duration,Unit
Customer Data,Retention label for customer data,7,Year
Sensitive Information,Retention label for sensitive information,10,Year
Legal Documents,Retention label for legal documents,Forever
Once you have created your retention labels, you can then use them to create retention policies. You can use the New-RetentionCompliancePolicy cmdlet in PowerShell to create a new retention policy based on the retention label.
Here is an example of how to create a retention policy using PowerShell:
powershell
# Create a new retention policy
New-RetentionCompliancePolicy -Name “Customer Data Policy” -Workload Exchange -RetentionAction PermanentlyDelete -RetentionEnabled $true -RetentionComments “Retention policy for customer data” -RetentionHoldEnabled $false -RetentionLabels “Customer Data”
In this example, we are creating a new retention policy named “Customer Data Policy” for Exchange workloads. We are setting the retention action to “PermanentlyDelete”, which means that any content with the “Customer Data” retention label will be permanently deleted once the retention period has expired. We are also setting the retention comments to “Retention policy for customer data”.
Once you have created your retention policy, you can then apply it to your content. You can use the Set-RetentionCompliancePolicy cmdlet in PowerShell to apply the retention policy to a specific workload or to all workloads.
Here is an example of how to apply the retention policy to a specific workload:
powershell
# Apply retention policy to Exchange workload
Set-RetentionCompliancePolicy -Identity “Customer Data Policy” -Workload Exchange
In this example, we are applying the retention policy named “Customer Data Policy” to the Exchange workload.
To apply the retention policy to all workloads, you can use the following command:
powershell
# Apply retention policy to all workloads
Set-RetentionCompliancePolicy -Identity “Customer Data Policy” -AllWorkloads
In this example, we are applying the retention policy named “Customer Data Policy” to all workloads.
In conclusion, retention labels are a powerful tool for managing data in Microsoft 365 Compliance. They allow organizations to classify data based on its level of sensitivity, regulatory requirements, or other factors, and then apply retention policies that govern how long that data should be retained or deleted. With PowerShell, it’s easy to bulk create and publish retention labels across your entire organization, and to manage them efficiently. By using retention labels in conjunction with retention policies, organizations can ensure that their data is properly managed and remains compliant with relevant regulations and policies.
What’s next?
If hope this blogpost has given more insights in the way how to use PowerShell to setup retention labels. In my next blog i will be discussing how to enable tamper protection.
Please note that this blog is part of a series on Records management using the Microsoft Purview platform.