Permanently deleting data with Retention Policies

Brass Contributor

Is there a way to permanently remove content when it has retention applied? The scenario for this is that the customer has sensitive information that is not allowed to be uploaded to M365 but has been uploaded to M365 in error and now needs to be permanently removed.  

 

An example would be a document in a SharePoint site collection with a retention policy applied. Is there a way to delete and remove the document from the preservation hold library? My understanding is that retention is site collection scoped so removing the retention for the whole site collection to be able to permanently delete one item doesn't seem viable. Possibly we need to raise a support ticket for Microsoft to completely remove content?

 

6 Replies

If I understand correctly the above, then the answer is NO. As long as there is at least one label/policy acting on the item with a "retain" action, it cannot be deleted. This is detailed in the "principles or retention" here: https://docs.microsoft.com/en-us/microsoft-365/compliance/retention-policies#the-principles-of-reten...

@Vasil Michev This aligns with what I thought was the case but we have a customer with this requirement for retention and ability to permanently delete asking for a process whereby in this scenario the data can be permanently removed. I suspect there will be a way this can be done by Microsoft at the 'back-end' (hopefully...) 

I really doubt Microsoft will touch anything related to customer's data. You already have the tools in place to configure automatic disposal of data as needed, but you will have to get rid of the org-wide retain policy in that specific scenario.

@Vasil Michev Are you to provide some more detail on what 'get rid of the org-wide retain policy' would entail and what the impact would be? I'm not sure this would be feasible as I think it would remove retention on the rest of the content for which we need to keep the retention applied. 

 

It may be the case that this scenario simply can't be catered for. 

 

Well it will remove retention, but content will remain in place. Meaning you can delete the content you don't want to keep, then re-apply a org-wide or more targeted retention policy. Will definitely be a bit more complicated than just flipping a switch, but there' no other way I can think of.

@Vasil Michev The issue with this will be the content that could potentially be deleted whilst the retention is temporarily removed, which is probably a worse scenario that having sensitive content retained (but contained which I think will be how to get it agreed)

Thanks for all your input on this, its much appreciated, I think it will be a case of walking the customer through the options, constraints and risks to decide how they want to approach it.