Retention Tags and Retention Policies

-

  Retention Tags and Retention Policies are super important in managing how long emails and other mailbox items are kept or deleted in Microsoft Exchange (on-prem or Microsoft 365).

🗂️ What is a Retention Tag?

Retention Tag is a rule that defines how long an email (or folder) is kept and what action to take after that time.

🔧 Each Retention Tag includes:

  • Retention period: e.g., 30 days, 1 year, 5 years, etc.

  • Action: What to do after that period:

    • ❌ Delete it permanently

    • 🗑 Move it to Deleted Items

    • 📁 Archive it

  • Scope: Where the tag applies:

    • Entire mailbox

    • Default folders (Inbox, Sent, etc.)

    • Specific folders

    • Individual items (emails)

📌 Example:

  • "Delete items in Deleted Items folder after 30 days"

  • "Archive Inbox items older than 2 years"

  • "Keep important emails forever"

📋 What is a Retention Policy?

Retention Policy is a collection of Retention Tags bundled together and applied to a user's mailbox.

✅ It defines the full lifecycle of mailbox items by applying:

  • One Default Policy Tag (DPT) for items without a tag

  • Optional Retention Policy Tags (RPTs) for default folders (like Inbox, Deleted Items)

  • Optional Personal Tags the user can apply manually

🔁 How It Works (Simplified Flow):

  1. Admin creates Retention Tags (e.g., "Delete after 5 years", "Archive after 2 years").

  2. Tags are combined into a Retention Policy.

  3. The policy is assigned to a mailbox.

  4. The Managed Folder Assistant (background service) processes items and applies the rules.

  5. Emails are deletedmoved to archive, or left untouched based on the tags.

🧠 Why Use Retention Tags & Policies?

  • 🛡️ Compliance: Retain business emails for legal or regulatory reasons

  • 🔒 Data security: Automatically delete old emails to reduce risk

  • 🧹 Mailbox management: Keep mailboxes clean and within size limits

  • 📦 Auto-archiving: Move older emails to archive mailboxes to save space

🔎 Types of Retention Tags:

Tag TypeApplies ToPurpose
Default Policy Tag (DPT)All untagged itemsSet a default retention rule
Retention Policy Tag (RPT)Default folders (Inbox, Deleted Items, etc.)Set folder-specific rules
Personal TagManually applied by usersLet users choose how to retain/delete certain items

✏️ Example Retention Policy (Typical):

Tag NameFolderActionPeriod
Inbox CleanupInboxMove to Archive2 years
Delete Old JunkJunk EmailDelete permanently30 days
Auto Delete DeletedItemsDeleted ItemsDelete permanently30 days
Default RetentionAll other itemsMove to Archive5 years

📌 Key Notes:

  • Users can override policies (if allowed) with Personal Tags.

  • Admins manage everything via Microsoft 365 Compliance Center or Exchange Admin Center.

  • Only one retention policy can be applied to a mailbox at a time.

🛠️ Where to Configure:

  • Microsoft 365 / Exchange Online:
    Use Microsoft Purview Compliance Portal (https://compliance.microsoft.com)

  • Exchange on-prem:
    Use Exchange Admin Center or PowerShell

Popular posts from this blog

Autodiscover

-
  "Autodiscovery" (or  Autodiscover , more precisely in Microsoft terms) is a service that automatically configures email clients, mainly Outlook, to connect to mailboxes without users having to enter all the settings manually. 💡  What is Autodiscover? Autodiscover  is a Microsoft Exchange service that provides configuration information to email clients (like Outlook or mobile devices) so they can set themselves up with minimal user input. 🔧  What Does Autodiscover Do? When a user enters just their  email address and password , Autodiscover helps the client automatically find: Mail server addresses (Exchange or Microsoft 365) Mailbox settings Calendar and contact URLs Offline address book (OAB) settings Outlook Anywhere settings Unified Messaging (if used) Internal and external URLs 🧠  How It Works (Simplified Flow): User opens Outlook and enters their email address + password. Outlook sends a request to the  Autodiscover service : Tries a few ...
Read more

Azure Active Directory (Azure AD)

-
  Azure Active Directory (Azure AD)  is Microsoft’s  cloud-based identity and access management service , which is the cloud counterpart to the traditional  on-premises Active Directory (AD) . While  Active Directory (AD)  is designed for managing users, groups, and devices within an organization's  internal network ,  Azure AD  extends this functionality to manage identities across cloud-based resources, applications, and services. Azure AD helps organizations manage user access to cloud services (like  Office 365 ,  Azure services ,  third-party apps , etc.) and provides features like  Single Sign-On (SSO) ,  Multi-Factor Authentication (MFA) , and more — all while maintaining security and compliance in the cloud. Key Differences Between Active Directory (AD) and Azure Active Directory (Azure AD): Deployment Location : AD  is  on-premises , running in an organization's internal network. Azure AD  is...
Read more

Active Directory (AD)

-
   Active Directory (AD)  is a  directory service  developed by Microsoft to manage and organize a network's resources, such as users, computers, printers, and other devices. It’s a central component in managing permissions, security, and access control across the entire network. AD allows admins to control who can access what within the network and apply policies and settings consistently. Here’s a more detailed breakdown of  Active Directory : Key Features of Active Directory: Directory Service : It acts as a  centralized database  for storing and managing directory information (like users, computers, groups, and resources). It uses  LDAP (Lightweight Directory Access Protocol)  for communication between client machines and the server. User Authentication and Authorization : Active Directory ensures  only authorized users  and  computers  can access the network resources. It enforces  user policies  (like ...
Read more