Categories
In this article
Exchange Online retention at a glance
Read more
Given the fact that Microsoft is not responsible for backing up your data, it is the sole responsibility of IT administrators to make sure retention policies are in place to overcome data loss events and ensure legal compliance.
Note: Microsoft does not back up your Exchange Online data. Native retention is for compliance and lifecycle management, not data recovery.
Regulatory compliance: Regulated industries such as healthcare, legal, and finance are required to retain data such as emails or documents for multiple years. The Sarbanes-Oxley Act, for example, specifies the standards for financial document record-keeping.
Storage optimization: The mailbox storage limit for Exchange Online is 50 GB per mailbox in the Business Basic, Standard, and E1 subscriptions, and 100 GB per mailbox in the E3 and E5 subscriptions. Employees should not be forced to delete data once the storage limits are reached and at the same time, remove data that’s no longer needed. Implementing retention policies can thus save storage costs by only retaining essential data.
Data retrieval in case of accidental deletion:
When users delete emails or other mailbox items in Exchange Online, those items don't disappear right away after 44 days if a retention policy or legal hold is created. When retention settings are applied to Exchange Online data, a timer job periodically evaluates items in the Recoverable Items folder. If an item doesn't match the rules of at least one retention policy or label to retain the item, it is permanently deleted (also called hard deleted) from the Recoverable Items folder. For more information on how the Recoverable Items folder retains different versions of the data, click here.
The sole purpose of the Recoverable Items folder is to quickly recover deleted items within a short period of time. It does not serve as a long-term effective retention strategy. Moreover, once the Recoverable Items folder reaches the storage quota, it cannot store any more items.
4.1.2.1. Retention tags and retention policies
Note: You can only apply one retention policy to a mailbox.
Default Policy Tag (DPT) | Retention Policy Tag (RPT) | Personal Tag | |||
---|---|---|---|---|---|
Description | |||||
Applies to untagged mailbox items, i.e., those that don't have a retention tag, directly or by inheritance from the folder. | Applies to default folders such as Inbox, Deleted Items, Sent Items, and so on, that are automatically created in a mailbox. | Users can automate tagging by using Inbox rules to either move a message to a folder that has a particular tag or to apply a personal tag to the message. | |||
Where is it applied | |||||
Automatically applied to the entire mailbox | Automatically applied to a default folder | Manually applied to items and folders | |||
Who applies it | |||||
Administrator | Administrator | User | |||
Show more |
To learn more about the different retention tags, click here.
4.1.2.2. Actions involved when you deploy MRM
Delete and allow recovery:
Move items to an archive automatically:
Permanently delete:
As of 2025, MRM settings are now managed through the Microsoft Purview portal, specifically under the Exchange (legacy) section in Data Lifecycle Management.
Step 1: Create a retention tag
Sign in to the Microsoft Purview portal and navigate to Data Lifecycle Management from the left-hand navigation panel. Under the Exchange (legacy) section, click on MRM Retention tags to view or create tags.
Step 2: Configure the retention policy
Step 3: Assign the retention policy to mailboxes
Open the Exchange Admin Center and sign in with your administrator credentials. From the left navigation pane, go to "Recipients" and click on "Mailboxes", then select the user you want to assign the policy to.
To learn about personal tags and how users can self-assign these tags, click here.
Click here to learn more about MFA.
Click here to learn more about the Default Retention Policy in Exchange Online.
To learn more about how to create retention holds, click here.
Microsoft has put together a comprehensive table explaining different scenarios to help you identify when to use what.
To learn more about how to create and apply retention policies and retention labels, read this article.
Included | Not included |
---|---|
|
|
Retention features are part of the Purview portal which is only available in the advanced E3 and E5 subscriptions of Microsoft 365. These plans are priced higher than the standard Microsoft 365 plans.
Important Update: Microsoft now enforces a soft limit of 1.5 TB for auto-expanding archives. Although it was previously marketed as “unlimited,” mailbox growth beyond this point is no longer supported. This limit applies per archive mailbox and includes all content moved there through retention policies, user rules, or manual actions.
For step-by-step instructions on how to turn on auto-expanding archiving, click here.
To understand unlimited archiving in detail, click here.
4.3.1.1. Can you use the archiving feature as a retention method for Exchange Online?
The auto-expanding feature prevents you from recovering or restoring an inactive mailbox. Click here to know more.
5.3.2.1. Litigation holds vs. retention policies
Retention policies | Litigation holds | ||
---|---|---|---|
Retention policies are used to protect valuable data from data loss such as accidental deletion. | Litigation hold is a functionality of the eDiscovery feature that is helpful in preserving data for legal compliance. | ||
Retention policies can be automated for new users. | Litigation holds have to be manually applied to every new user. | ||
Retention policies allow you to set time limits on data preservation, after which specific actions will be implemented. | Time-based holds must be turned on and off manually, after which no automatic actions will be implemented. | ||
Show more |
To get a complete understanding of why holds are different from retention policies and labels, check out this article.
4.3.2.2. Does litigation hold qualify as a backup solution?
To learn more about eDiscovery Holds, and how it does not serve as a backup solution, check out this article.
While the native settings offered by Microsoft are helpful in retaining your data, they do not serve as a backup solution. Microsoft is not responsible for backing up your data and they recommend using third-party apps for backup. Don’t take our word for it; here is an extract from their Services Agreement (Section 6.b).
WE STRIVE TO KEEP THE SERVICES UP AND RUNNING; HOWEVER, ALL ONLINE SERVICES SUFFER OCCASIONAL DISRUPTIONS AND OUTAGES, AND MICROSOFT IS NOT LIABLE FOR ANY DISRUPTION OR LOSS YOU MAY SUFFER AS A RESULT. IN THE EVENT OF AN OUTAGE, YOU MAY NOT BE ABLE TO RETRIEVE YOUR CONTENT OR DATA THAT YOU’VE STORED. WE RECOMMEND THAT YOU REGULARLY BACKUP YOUR CONTENT AND DATA THAT YOU STORE ON THE SERVICES OR STORE USING THIRD-PARTY APPS AND SERVICES.
Easy restoration: Third party tools such as SysCloud, help you easily restore specific or all emails in just a few clicks.
Save license costs: Third-party solutions allow you to retain safe copies of organizational data even after employee exits and account deletions, thus saving license costs.
With simple GUIs, no technical or coding expertise is required to backup and restore data.
Fast backups: Take faster backup even for large teams.
Protection against ransomware and phishing: Cloud security concerns have sky-rocketed in the pandemic. Tools like SysCloud secures data being backed up from ransomware and phishing.
4.3.4.2. SysCloud vs. native Exchange Online retention
Features | SysCloud | Native microsoft retention methods | |||
---|---|---|---|---|---|
Outlook | |||||
Export mailbox as PST | |||||
Export mailbox as MBOX | |||||
Export email as EML | |||||
Show more |
Secure, automate, and restore your Exchange Online data effortlessly with SysCloud’s powerful backup solution.
11 Apr 2025
8 min read
8 Apr 2025
20 min read
28 Mar 2025
12 min read
We don’t spam. Unsubscribe anytime.
In this article