Merge pull request #49970 from MicrosoftDocs/NEW-purview-understand-retention

New purview understand retention

Author: JamesJBarnett

learn-pr/paths/purview-implement-retention/index.yml

@@ -3,7 +3,7 @@ uid: learn.wwl.purview-implement-retention
 metadata:
   title: 'Implement and manage retention in Microsoft Purview (SC-401)'
   description: 'Retention is key to meeting compliance requirements and managing the lifecycle of organizational data. Microsoft Purview enables organizations to apply retention policies and labels that preserve or delete data based on business, legal, or regulatory needs. This learning path aligns with exam SC-401: Microsoft Information Security Administrator.'
-  ms.date: 03/25/2025
+  ms.date: 04/11/2025
   author: wwlpublish
   ms.author: riswinto
   ms.topic: learning-path
@@ -25,7 +25,7 @@ products:
 subjects:
 - security
 modules:
-- learn-m365.m365-compliance-information-governance
+- learn.wwl.purview-understand-retention
 - learn.wwl.purview-implement-manage-retention
 trophy:
   uid: learn.wwl.purview-implement-retention.trophy

learn-pr/wwl-sci/purview-understand-retention/decide-apply-retention.yml

@@ -0,0 +1,15 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.purview-understand-retention.decide-apply-retention
+title: Decide when to apply retention
+metadata:
+  title: Decide when to apply retention
+  description: "Decide when to apply retention."
+  ms.date: 04/11/2025
+  author: wwlpublish
+  ms.author: riswinto
+  ms.topic: unit
+azureSandbox: false
+labModal: false
+durationInMinutes: 5
+content: |
+  [!include[](includes/decide-apply-retention.md)]

learn-pr/wwl-sci/purview-understand-retention/includes/decide-apply-retention.md

@@ -0,0 +1,45 @@
+Retention helps organizations control how long data is kept and when it can be deleted. However, not all content needs the same retention approach. Understanding when to use retention, what it can and can't do, and how it compares to other tools like data loss prevention (DLP) is key to using it effectively.
+
+## When retention is needed
+
+Retention is useful in many scenarios where data must be preserved for a period of time or removed after it's no longer needed. These needs might be driven by legal, regulatory, operational, or internal business requirements.
+
+For example:
+
+- A company might need to retain employee records for seven years after separation, in case of future audits or legal disputes.
+- A finance department might need to retain year-end reports for five years to meet regulatory requirements.
+- A project team might want to delete temporary planning documents after one year to reduce data clutter and minimize risk.
+
+Retention can also help prevent accidental or intentional deletion of important information. When a retention rule is in place, content is preserved even if a user tries to delete it.
+
+## Retention vs data loss prevention
+
+Retention and data loss prevention (DLP) both help protect information, but they do so in different ways.
+
+- **DLP** is focused on preventing sensitive information from being shared or exposed. It looks at how users interact with content. Based on the action, it can block or warn about risky behavior such as copying, pasting, uploading, or sending sensitive data.
+- **Retention** is focused on controlling how long data is kept. It ensures that content is preserved for a required time and deleted when it's no longer needed.
+
+These tools are often used together. For example, DLP might prevent users from sharing sensitive documents externally, while a retention policy ensures those same documents are preserved for three years to meet internal business requirements.
+
+## Scoping retention to specific users, sites, or content types
+
+Retention doesn't have to apply to everyone or everything in your environment. Microsoft Purview lets you target retention settings to the locations and content that require them.
+
+You can:
+
+- Apply retention to specific mailboxes, OneDrive accounts, or SharePoint sites
+- Target content based on sensitivity labels, file types, or custom metadata
+- Use adaptive scopes to dynamically target users, groups, or sites based on Microsoft Entra ID attributes
+
+This flexibility makes it possible to apply different retention rules to different teams, regions, or types of content. A policy might apply to all users in the HR department, while another targets project sites tagged with a specific classification.
+
+## What retention doesn't do
+
+Retention is designed to control how long content is kept. It's not a tool for:
+
+- Blocking access to content
+- Encrypting or protecting content in transit
+- Monitoring or detecting data movement
+- Preventing sharing or accidental exposure
+
+Retention doesn't stop users from reading or editing content. It simply ensures the content is preserved or removed based on the configured rules. For other protection needs, retention should be used alongside tools like sensitivity labels, DLP, and encryption.

learn-pr/wwl-sci/purview-understand-retention/includes/introduction.md

@@ -0,0 +1,12 @@
+As data moves across Microsoft 365, not all content needs to be treated the same way. Some files need to be preserved for audits or investigations, while others should be deleted once they're no longer useful. Without clear rules, important information might be deleted too early, or sensitive data might remain long after it's needed.
+
+Microsoft Purview retention helps organizations manage content lifespan across mail, files, and messages. It supports operational, regulatory, and security needs by preserving data that matters and removing what doesn't. Knowing when and how to apply retention is key to protecting data and reducing risk.
+
+In this unit, you:
+
+- Identify common scenarios where retention helps protect or manage data
+- Compare how retention and data loss prevention support different types of data protection
+- Learn how to target retention based on users, locations, or content types
+- Recognize what retention does and doesn't control
+
+By the end, you'll understand how to use retention to support data protection and compliance across Microsoft 365.

learn-pr/wwl-sci/purview-understand-retention/includes/retention-labels-retention-policies.md

@@ -0,0 +1,53 @@
+Retention helps organizations define how long content should be kept and when it can be deleted. Not all retention settings work the same way. Microsoft Purview uses two main methods to apply retention: retention labels and retention policies. Each plays a different role in managing data and supporting compliance and security goals.
+
+Understanding how these tools work, and when to use them, helps ensure your organization meets its requirements for protecting and managing data.
+
+## How retention differs from deletion
+
+When you delete content in Microsoft 365, it typically moves to a recycle bin or deleted items folder. Eventually, it might be permanently removed from the service.
+
+Retention works differently. Retention settings preserve content for a defined period, even if a user deletes it. That content remains discoverable to authorized personnel during its retention period and is only permanently deleted based on the rule that was configured.
+
+Retention can also delete content automatically when it's no longer needed. This reduces exposure from old or unnecessary content that might still contain sensitive information.
+
+## What are retention labels?
+
+Retention labels are applied to individual items such as emails, documents, or Teams chats. These labels can be applied manually by users or automatically using retention label policies. Label policies allow you to publish labels so users can apply them, or configure rules that apply labels automatically based on conditions such as sensitive info types or keywords.
+
+Each label defines how long the content should be retained and what happens after that time expires. For example, a label might retain a document for seven years and then delete it. Another label might mark content as a record to prevent changes or early deletion.
+
+Retention labels provide flexibility. They allow you to apply different retention settings based on the type or purpose of the content. A financial report might require a longer retention period than a casual chat conversation. Labels can be configured to support both needs.
+
+## What are retention policies?
+
+Retention policies are used to apply retention settings across a broader location. Instead of labeling individual items, a policy can apply a default retention rule to all content within a location, such as all mailboxes or all SharePoint sites.
+
+Retention policies are helpful when:
+
+- A general rule applies across a location
+- All content needs to be covered, even if it's unlabeled
+- You want to minimize the need for users to take action
+
+Retention labels and policies can be used together. For example, a policy might apply a general rule to all content in a site, while certain files receive more specific retention settings through labels.
+
+## Key retention settings
+
+When configuring a retention label or policy, you choose what action should be taken and when it should occur. Microsoft Purview supports several configurations:
+
+- **Retain-only**: Keeps content for a defined period. No automatic action is taken when the period ends.
+- **Delete-only**: Deletes content after a defined period, without preserving it beforehand.
+- **Retain then delete**: Retains content for a set time and deletes it automatically when that time expires.
+
+Retention labels can also **mark content as a record**. When this option is used, the content becomes immutable. Users can't edit, move, or delete the item while the label is applied. This setting is often used for content that must be preserved without modification for legal or regulatory purposes.
+
+Retention can also be scoped dynamically using **adaptive scope**. Adaptive scopes allow you to apply a label or policy to a dynamic set of users, sites, or groups based on Microsoft Entra ID attributes. For example, you might apply a retention label only to users in the legal department or to sites with a specific region tag. The full setup for adaptive scopes is covered in a later unit, but it's helpful to know that this option exists when planning a retention strategy.
+
+## How retention works with classification, labeling, and data loss prevention
+
+Retention doesn't replace classification, sensitivity labels, or data loss prevention. These tools are designed to work together to support a secure and compliant environment.
+
+- **Classification** helps identify content that might need protection or special handling.
+- **Sensitivity labels** apply encryption and access restrictions to protect data in use or in transit.
+- **Data loss prevention policies** monitor and block the sharing of sensitive information.
+
+Retention helps ensure that content is kept or removed based on defined rules. Together, these tools support data protection throughout the entire content lifecycle, from creation to deletion.

learn-pr/wwl-sci/purview-understand-retention/includes/retention-overview.md

@@ -0,0 +1,30 @@
+In Microsoft 365, it's easy to create and share data. Without the right controls, it's as easy for that data to linger indefinitely or disappear before it should. Whether the goal is to meet regulatory requirements, reduce exposure to stale content, or preserve business records, Microsoft Purview provides retention policies to help manage the lifespan of data in a secure, predictable way.
+
+Retention in Microsoft Purview lets organizations decide how long to keep content and what happens when that time is up. You can retain content to make sure it's available for legal or operational reasons. You can delete content to reduce risk. Or you can do both. Retain it for a defined period, then delete it when it's no longer needed.
+
+## Protecting data through retention
+
+While retention is often used for compliance, it also plays a key role in data security. It protects important information from being deleted, either by accident or on purpose. Once a retention rule is in place, content is preserved even if a user tries to remove it. This is especially important when the content might be subject to audits, investigations, or legal holds.
+
+Retention also helps prevent risk from forgotten or outdated files. Without rules to remove stale content, organizations are left with documents that are no longer in use but still contain sensitive information. These files might sit on SharePoint sites or in OneDrive accounts long after they're needed. If there's no business or legal reason to keep them, removing them helps reduce exposure to future threats.
+
+## Understanding the data lifecycle
+
+Retention is one part of managing the data lifecycle. The data lifecycle refers to how information is handled from the time it's created until the time it's deleted. In Microsoft Purview, lifecycle management includes several steps:
+
+- Classifying content
+- Protecting sensitive data
+- Applying retention rules
+- Disposing of content when it's no longer needed
+
+Retention plays a central role by ensuring that data is kept for as long as needed, and removed when it's no longer necessary.
+
+## Examples of how retention supports security and governance
+
+Retention policies are used to solve common, real-world problems related to data security and compliance:
+
+- A manager deletes a Teams message thread about an ongoing HR investigation. Retention keeps that content preserved until the required time period ends.
+- A marketing team stores outdated customer reports in SharePoint. A retention policy deletes those files automatically after three years. This reduces the amount of sensitive data left unmonitored.
+- A company is required to keep employee tax forms for seven years. Retention policies ensure that these files are held for the full required duration, even if someone attempts to clean up their mailbox.
+
+These examples show how retention supports both compliance and security goals. It helps control how long data exists and ensures it isn't removed too soon or kept longer than necessary.

learn-pr/wwl-sci/purview-understand-retention/includes/summary.md

@@ -0,0 +1,15 @@
+Not all content needs to be kept forever. Without retention, sensitive or important information might be deleted too soon, or left behind longer than it should be. In this unit, you explored when to use retention and how to apply it effectively.
+
+You learned how to:
+
+- Identify when retention is appropriate for business, legal, or operational needs
+- Understand the difference between retention and data loss prevention, and how they work together
+- Apply retention selectively by scoping it to specific users, groups, or content
+- Recognize the limitations of retention and what it isn't designed to do
+
+Using retention in Microsoft Purview helps organizations protect key data, reduce exposure to unnecessary content, and meet their regulatory obligations, all without relying on manual oversight or inconsistent decisions. When applied strategically, retention supports a more secure and manageable data environment.
+
+## Resources
+
+- [Govern your data with Microsoft Purview](/purview/manage-data-governance?azure-portal=true)
+- [Learn about retention policies and retention labels](/purview/retention?azure-portal=true)

learn-pr/wwl-sci/purview-understand-retention/index.yml

@@ -0,0 +1,42 @@
+### YamlMime:Module
+uid: learn.wwl.purview-understand-retention
+metadata:
+  title: Understand retention in Microsoft Purview
+  description: Understand retention in Microsoft Purview
+  ms.date: 04/11/2025
+  author: wwlpublish
+  ms.author: riswinto
+  ms.topic: module
+  ai-usage: ai-assisted
+  ms.service: purview
+title: Understand retention in Microsoft Purview
+summary: |
+  Microsoft Purview retention helps organizations manage how long data is kept and when it can be deleted. Learn how to apply retention strategically to meet compliance requirements, reduce risk, and protect important information throughout its lifecycle.
+abstract: |
+  In this unit you learn how to:
+  - Identify common use cases for applying retention
+  - Explain how retention supports data protection alongside tools like data loss prevention
+  - Apply retention settings to specific users, sites, or content types
+  - Recognize what retention does and doesn't control
+prerequisites: |
+  None
+iconUrl: /training/achievements/generic-badge.svg
+levels:
+- intermediate
+roles:
+- administrator
+- auditor
+products:
+- m365
+- microsoft-purview
+subjects:
+- data-management
+units:
+- learn.wwl.purview-understand-retention.introduction
+- learn.wwl.purview-understand-retention.retention-overview
+- learn.wwl.purview-understand-retention.retention-labels-retention-policies
+- learn.wwl.purview-understand-retention.decide-apply-retention
+- learn.wwl.purview-understand-retention.knowledge-check
+- learn.wwl.purview-understand-retention.summary
+badge:
+  uid: learn.wwl.purview-understand-retention.badge

learn-pr/wwl-sci/purview-understand-retention/introduction.yml

@@ -0,0 +1,15 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.purview-understand-retention.introduction
+title: Introduction
+metadata:
+  title: Introduction
+  description: "Introduction."
+  ms.date: 04/11/2025
+  author: wwlpublish
+  ms.author: riswinto
+  ms.topic: unit
+azureSandbox: false
+labModal: false
+durationInMinutes: 1
+content: |
+  [!include[](includes/introduction.md)]

learn-pr/wwl-sci/purview-understand-retention/knowledge-check.yml

@@ -0,0 +1,51 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.purview-understand-retention.knowledge-check
+title: Module assessment
+metadata:
+  title: Module assessment
+  description: "Knowledge check"
+  ms.date: 04/11/2025
+  author: wwlpublish
+  ms.author: riswinto
+  ms.topic: unit
+azureSandbox: false
+labModal: false
+durationInMinutes: 5
+quiz: 
+  title: "Check your knowledge"
+  questions:
+  - content: "Your organization needs to preserve employee records for a fixed period after separation. Which Microsoft Purview feature is best suited for this task?"
+    choices:
+    - content: "Sensitivity labels"
+      isCorrect: false
+      explanation: "Incorrect: Sensitivity labels are used to apply protection settings, not manage data retention timelines."
+    - content: "Data Loss Prevention (DLP) policies"
+      isCorrect: false
+      explanation: "Incorrect: DLP policies help prevent data sharing violations but don't control how long content is retained."
+    - content: "Retention policies"
+      isCorrect: true
+      explanation: "Correct: Retention policies allow organizations to preserve data for a required period, such as keeping employee records after separation."
+
+  - content: "An organization wants to automatically delete project documents two years after project completion. Which retention setting should they configure?"
+    choices:
+    - content: "Retain-only"
+      isCorrect: false
+      explanation: "Incorrect: Retain-only keeps content for a period without deleting it afterward."
+    - content: "Delete-only"
+      isCorrect: true
+      explanation: "Correct: Delete-only retention settings automatically remove content after a specified time."
+    - content: "Retain then delete"
+      isCorrect: false
+      explanation: "Incorrect: Retain then delete first preserves content, which might not be necessary in this case."
+
+  - content: "What is one way to scope a retention policy to apply only to specific users or locations?"
+    choices:
+    - content: "Use adaptive scope based on Microsoft Entra ID attributes"
+      isCorrect: true
+      explanation: "Correct: Adaptive scopes let you apply retention to users, groups, or sites based on Microsoft Entra ID attributes."
+    - content: "Tag files with keywords in SharePoint"
+      isCorrect: false
+      explanation: "Incorrect: While metadata can help classify content, adaptive scope is the correct method for targeting policies."
+    - content: "Apply a DLP rule to the content"
+      isCorrect: false
+      explanation: "Incorrect: DLP rules don't control retention settings or policy scope."