Enforcing Data Retention Policies in Office 365

Organizations looking to comply with industry standards and government regulations, reduce litigation risks, and minimize the impact of security breaches need a strong data retention plan. Office 365 offers various data-retention features for some services, allowing administrators to set global or per-application data policies. While these features can help organizations implement comprehensive policies to retain or delete data, sometimes they are not available, and if they are available, they are not implemented consistently.

Enforcing Retention Policies

For the purposes of this report, data retention policies enforce rules for retaining or deleting an organization’s Office 365 content. Such retention policies should be part of a broader organization-wide data governance strategy, which typically encompasses the classification, management, auditing, and discovery of data.

Classification is the process of determining which content exists and marking or tagging it to note how the content should be handled as such. For example, e-mail containing sensitive customer information can be identified and marked as confidential.