How To Set Up An Email Retention Policy In Microsoft 365

Share This Post

Email Retention

In the UK, many businesses must retain data for a specific time by law. And even if the law doesn’t tie a company, it’s an excellent business practice to have in place. 

Email is such an essential part of businesses in this day and age. Communicating by email is an integral part of business; many are coming in and out of mailboxes daily. Why not get an email retention policy?

Even if you don’t think you need one now, many opportunities may be necessary for the future. 

You may think, why shouldn’t I use an Email Archive

Well, even if you know which emails to keep and which to not, you’ll have people working for you, and I bet you don’t see how they’re handling their emails.

Perhaps they’re deleting their emails thinking they’re just freeing up some space, or maybe they don’t need that particular email anymore. It could even be for malicious reasons, perhaps they’re leaving the business, and they’ve decided that they’re going to empty their email mailbox.  So what happens if, in a few weeks or years, you need to dig out an important email and it’s nowhere to be found?

This is where email retention comes in and saves the day.  

Email retention policies can help ensure that emails like this are still within your Microsoft 365 ecosystem. 

Another side of the Retention Policies is that you can choose to delete data over a certain age to leave space for new data that is still relevant to the business. 

Email retention policies ensure that your emails are kept for a certain length, even if users delete them from their mailboxes.

One thing to remember is that an email retention policy is not a backup.

The difference between them is that if you wanted to install an entire mailbox from a certain point in time, you wouldn’t be able to do that with an archive. There are also issues where you wouldn’t be able to dig out old emails if an employee sent email years previously; you would not have much luck with a backup. You need an archive. 

Archives and backups are very different and not to be confused. 

How To Set It Up

The first thing you need to do is to log onto the admin portal, if you don’t have access to this, you either need to be granted it by another admin or the people who have access already need to carry this out. 

Once you have launched the admin portal, you need to go to the compliance centre on your admin menu.  From the compliance centre, you can then find the section ‘data lifecycle management and then go into the Microsoft 365 option. 

From there, you can find the tab for Retention policies, and you need to click on there. 

There won’t be any retention policies if this is the first time you’re setting one up. so, therefore, you need to ‘+ new retention policy 

To set up a policy, you need to name it, and then you can add a description o you see fit. this, however, isn’t necessary to create one. 

To continue, select ‘Next’ for now, we will keep this static, and as you can see in my diagram, you can select and unselect the different locations where you would like to set up the policy.  You can also do this with Teams channels. For this blog, we are just going to focus on email retention. 

As shown above, we then switch the unwanted locations off. 

We will have this for All recipients and with no exclusions. You can restrict and specify to who you would like to have the policy apply if necessary. 



This next section is critical as it decides how we want to delete or retain data. 

As you can see, the top option is asking us how long we wish to retain data. If your compliance states you must retain it for 10 years, then you select that option and so forth. You can even choose a specific timeframe for your customisation 

The next option decides when to start the retention period from. There are two options: one begins after the email is last modified, or one is initially created. 

Another thing to watch out for is what happens after the retention period. You can either automatically delete the email or do nothing, which means that if the emails are manually deleted, that is fine; however, they will only be deleted if done manually. 

Another option is to retain the emails forever. This will set no time period of retention and will not lose the emails. If they are deleted, they will be able to be discovered forever. 

And the last option is only to delete items at a certain age. This isn’t nothing to do with retaining the emails. It just simply means that after emails reach a certain age anyway. 

Review and finish screenshot

Once you have submitted all your settings for your retention policy, it will take around 24 hours for the procedure to become active.  But as you can see, this is a straightforward yet effective method to implement into your business. 

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore

How to use Microsoft to do

The ULTIMATE Microsoft To Do Tutorial

How do you handle your to-do lists? Do you write tasks on scraps of paper? Or do you pop them in a notebook? Perhaps you have a digital application such as Todoist!  If you’re a Microsoft 365 user, you already pay for a task management system! It is called Microsoft To Do.  We all have

Zero Trust Holy Grail

Is Zero Trust Security The Holy Grail OF Cyber Security?

USA president, Joe Biden, thinks that Zero Trust is the way to go in your cyber security journey, but, what is Zero Trust, and what does it mean for your business?  When it comes to your business, I’m sure you’ve got a strategy in place for how you’re going to win new business, market your

Scroll to Top