eDiscovery vs. Retention Policy in Microsoft 365

17 Apr 2025

6 min read

Abhishek

Article at a glance

Microsoft 365’s eDiscovery and retention policies serve distinct but complementary purposes, and improper configuration can lead to data management challenges.

eDiscovery is designed for legal and compliance investigations, not as a primary data recovery solution. It can retrieve preserved data but may miss crucial content if legal holds or retention policies are not properly applied.

Retention policies can preserve content across a broad range of Microsoft 365 services but require careful configuration to ensure comprehensive coverage and minimize the risk of accidental data loss.

eDiscovery holds (also referred to as legal or litigation holds) and retention policies are two native data preservation features offered by Microsoft 365. While both can help retain information, they serve different purposes and operate in distinct ways.

In this article, we explore in detail how these two Microsoft 365 features differ, and when to use each.

1. What is retention policy in Microsoft 365?

Retention policies in Microsoft 365 are rules that help organizations govern business information, comply with regulatory and legal data retention requirements, and prevent data loss.

Retention policies can be set by administrators in the Microsoft Purview Compliance Portal. Policies can be tailored to retain content, delete content, or retain it for a defined period before deletion, and can be applied across a wide range of Microsoft 365 services.

1.1. Where can you apply retention policy to?

Retention policies can be applied to the following Microsoft 365 locations:

Exchange Online mailboxes

SharePoint Online sites

OneDrive for Business accounts

Microsoft 365 Groups

Yammer (enterprise mode)

Microsoft Teams (including channel messages, 1:1 and group chats, and shared files)

Skype for Business messages

2. What is eDiscovery in Microsoft?

Microsoft 365 offers two levels of eDiscovery solutions—eDiscovery (Standard) and eDiscovery (Premium)—designed to support legal and compliance investigations by enabling organizations to identify, preserve, analyze, and export Electronically Stored Information (ESI).

These tools are accessible via the Microsoft Purview Compliance Portal and allow administrators to conduct keyword searches, apply filters, export data, and manage investigations across various Microsoft 365 services.

Supported content sources include:

Exchange Online mailboxes and public folders

SharePoint Online sites

OneDrive for Business

Microsoft Teams (chats and channel messages)

Yammer (enterprise mode)

Legal holds (also called eDiscovery holds) can be applied to preserve data from deletion or modification during legal or regulatory investigations. These holds are typically tied to specific eDiscovery cases.

To learn more about eDiscovery, click here.

Pro tip

eDiscovery holds and retention policies require ongoing management to stay aligned with legal obligations. With SysCloud, organizations can automate backups of Microsoft 365 data, ensuring availability and quick recovery whenever needed.

3. eDiscovery vs. retention policy

The diagram below summarizes the basic differences between retention policy and eDiscovery in Microsoft 365.

Microsoft eDiscovery vs. retention policy

3. 1. eDiscovery vs. retention policy: comparison table

eDiscovery and Legal hold	Retention policy
Types
Microsoft 365 offers two eDiscovery solutions: eDiscovery (Standard) – Enables case management, legal holds, and content search. eDiscovery (Premium) – Adds review sets, analytics, tagging, and relevance scoring to streamline large-scale investigations.	Retention policies can: Policies that retain content for a specific duration Policies that delete content after a specific duration Policies that retain then delete content A single retention policy can do both retention and deletion.
Use cases
Used for legal or compliance investigations by preserving and exporting Electronically Stored Information (ESI) required in litigation or regulatory review.	Enables organizations to comply with regulations and internal policies, keeping important data while removing redundant or obsolete content.
Services covered
Content locations include: Exchange Online mailboxes & public folders SharePoint Online sites OneDrive for Business Microsoft 365 Groups Yammer (enterprise) Teams: – 1:1 & group chats (stored in user mailboxes) – Channel messages (stored in group mailboxes & SharePoint)	Retention policies apply to: Exchange email SharePoint Online OneDrive for Business Microsoft 365 Groups Teams chats & channel messages Teams private channel messages Skype for Business Yammer community/user messages Exchange public folders
Show more

4. What happens to the data that gets deleted after applying retention policy?

The diagram below illustrates the general lifecycle of deleted content in Microsoft 365 when a retention policy is in place. It shows how a file can pass through multiple recovery stages from deletion, through the Recycle Bin(s), to long-term retention mechanisms like the Preservation Hold Library, or a third-party backup solution like SysCloud.

The above illustration only represents the general workflow of a file that is deleted after applying the retention policy. SharePoint and Teams retention works a little differently.

Start enjoying faster and easier backups, today

Avoid costly data retention gaps and minimize time to recovery with SysCloud's cloud backup.Start 30-Day Free Trial