Information Governance, MRM Policies.

%3CLINGO-SUB%20id%3D%22lingo-sub-1393435%22%20slang%3D%22en-US%22%3EInformation%20Governance%2C%20MRM%20Policies.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1393435%22%20slang%3D%22en-US%22%3E%3CP%3EHey%20Team%2C%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20trying%20to%20figure%20out%20some%20of%20the%20differences%20between%20MRM%20Policies%20and%20the%20Compliance%20%26gt%3B%26gt%3B%20Information%20Governance%20%26gt%3B%26gt%3B%20Retention%20Polices.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20read%20the%20documentaiton%20but%20am%20still%20not%20getting%20it%2C%20i%20understand%20Policy%20Application%20Precedence%20(or%20so%20i%20think)%20but%20am%20still%20unclear.%20Hopefully%20you%20guys%20can%20assist%20with%20my%20questions%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1)%20If%20a%20user%20has%20both%20a%20standard%20MRM%20policy%20applied%20via%20(EAC%26nbsp%3B%20or%20PS)%20and%20that%20user%20is%20also%20under%20the%20scope%20of%20a%20Information%20Governance%2C%20Retention%20Policy.%20Which%20Policy%20applies%20first%3F%20Or%20is%20that%20Policy%20Application%20Preference%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E2)%20How%20can%20I%20tell%20which%20policies%20are%20actually%20being%20applied%20to%20the%20mailbox%3F%20With%20MRM%20policies%2C%20I%20can%20look%20at%20the%20messages%20and%20check%20for%20an%20expiration%20date%2C%20but%20even%20when%20no%20MRM%20policy%20is%20applied%2C%20if%20I%20apply%20a%20retention%20policy%20from%20the%20Information%20Governance%20Tab%2C%20I%20cannot%20see%20anywhere%20in%20outlook%20if%20that%20policy%20is%20actually%20taking%20effect%20and%20expiring%20messages.%20nor%20does%20it%20show%20in%20ECP.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDo%20i%20have%20that%20wrong%3F%20Are%20Information%20Governance%20Policies%20not%20for%20expiring%20message%20content%3F%20They%20sure%20seem%20like%20they%20are%20to%20me.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%2C%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERobert%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1393435%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdmin%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1393692%22%20slang%3D%22en-US%22%3ERe%3A%20Information%20Governance%2C%20MRM%20Policies.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1393692%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F78937%22%20target%3D%22_blank%22%3E%40Robert%20Bollinger%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThere%20are%20some%20similarities%20between%20Exchange%20retention%20tags%20and%20policies%20and%20those%20which%20are%20controlled%20from%20the%20security%20and%20compliance%20center%20(SCC)%2C%20but%20essentially%20they%20are%20very%20different%20animals.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFirstly%2C%20Exchange%20tags%2Fpolicies%20obviously%20only%20apply%20to%20email%2C%20and%20not%20other%20M365%20services%20such%20as%20SharePoint%2C%20OneDrive%20and%20Teams.%20%26nbsp%3BThese%20policies%20are%20only%20used%20to%20delete%20or%20archive%20email%20depending%20on%20the%20policies%20and%20tags%20applied.%20%26nbsp%3BIn%20addition%2C%20there%20are%20personal%20retention%20tags%20that%20the%20users%20can%20apply%20themselves%20from%20Outlook%20or%20Outlook%20on%20the%20Web.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EInformation%20Governance%20policies%20from%20the%20SCC%20are%20the%20preferred%20recommendation%20from%20Microsoft%20now%20to%20immutably%20protect%20your%20M365%20data%20and%20prevent%20deletion.%20%26nbsp%3BEven%20if%20a%20user%20deletes%20something%20from%20Email%20or%20OneDrive%2C%20the%20content%20will%20be%20retained%20in%20another%20folder%20until%20such%20time%20the%20policy%20expires.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20two%20have%20no%20correlation%20at%20all.%20Does%20that%20explain%20things%20any%20clearer%20for%20you%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1393939%22%20slang%3D%22en-US%22%3ERe%3A%20Information%20Governance%2C%20MRM%20Policies.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1393939%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F616707%22%20target%3D%22_blank%22%3E%40PeterRising%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EInformation%20Governance%20policies%20from%20the%20SCC%20are%20the%20preferred%20recommendation%20from%20Microsoft%20now%20to%20immutably%20protect%20your%20M365%20data%20and%20prevent%20deletion.%20%26nbsp%3BEven%20if%20a%20user%20deletes%20something%20from%20Email%20or%20OneDrive%2C%20the%20content%20will%20be%20retained%20in%20another%20folder%20until%20such%20time%20the%20policy%20expires.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EI%20think%20thats%20the%20point%20i%20was%20missing%20%22Immutably%22.%20I%20was%20expecting%20to%20see%20either%20a)%20a%20new%20policy%20applied%20to%20a%20users%20mailbox%20(MRM)%20if%20they%20were%20assigned%20a%20policy%20from%20the%20Information%20Governance%2C%20Retention%2C%20since%20i%20was%20expecting%20to%20see%20a%20policy%20assigned%20there%2C%20then%20i%20was%20also%20expecting%20to%20see%20an%20expiration%20date%2Ftime.%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3ESo%20these%20IG%2FRetention%26nbsp%3BPolicies%26nbsp%3Bare%20more%20like%20%22background%22%20compliance%20policies%20instead%20of%20MRM%203.0%2C%20which%20also%20happen%20to%20apply%20to%20all%20office%20workloads.%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EIs%20that%20about%20right%3F%20if%20so%20is%20there%20a%20document%20that%20explains%26nbsp%3Bspecifically%26nbsp%3Bthat%20-%20i%20need%20to%20provide%20that%20to%20my%20boss%20which%20is%20why%20i%20am%20asking.%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EThanks%2C%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3ERobert%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1394321%22%20slang%3D%22en-US%22%3ERe%3A%20Information%20Governance%2C%20MRM%20Policies.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1394321%22%20slang%3D%22en-US%22%3EI%20don%E2%80%99t%20think%20I%E2%80%99ve%20seen%20a%20Microsoft%20doc%20which%20explicitly%20compares%20the%20two%20methods%2C%20but%20this%20doc%20is%20probably%20your%20best%20bet%20for%20a%20good%20understanding%20on%20the%20principles%20of%20retention%20in%20M365%2C%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fcompliance%2Fretention-policies%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fcompliance%2Fretention-policies%3Fview%3Do365-worldwide%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

Hey Team, 

 

I am trying to figure out some of the differences between MRM Policies and the Compliance >> Information Governance >> Retention Polices. 

 

I have read the documentaiton but am still not getting it, i understand Policy Application Precedence (or so i think) but am still unclear. Hopefully you guys can assist with my questions

 

1) If a user has both a standard MRM policy applied via (EAC  or PS) and that user is also under the scope of a Information Governance, Retention Policy. Which Policy applies first? Or is that Policy Application Preference? 

 

2) How can I tell which policies are actually being applied to the mailbox? With MRM policies, I can look at the messages and check for an expiration date, but even when no MRM policy is applied, if I apply a retention policy from the Information Governance Tab, I cannot see anywhere in outlook if that policy is actually taking effect and expiring messages. nor does it show in ECP. 

 

Do i have that wrong? Are Information Governance Policies not for expiring message content? They sure seem like they are to me. 

 

Thanks, 

 

Robert 

3 Replies
Highlighted

@Robert Bollinger 

 

There are some similarities between Exchange retention tags and policies and those which are controlled from the security and compliance center (SCC), but essentially they are very different animals.

 

Firstly, Exchange tags/policies obviously only apply to email, and not other M365 services such as SharePoint, OneDrive and Teams.  These policies are only used to delete or archive email depending on the policies and tags applied.  In addition, there are personal retention tags that the users can apply themselves from Outlook or Outlook on the Web.

 

Information Governance policies from the SCC are the preferred recommendation from Microsoft now to immutably protect your M365 data and prevent deletion.  Even if a user deletes something from Email or OneDrive, the content will be retained in another folder until such time the policy expires.

 

The two have no correlation at all. Does that explain things any clearer for you?

 

Highlighted

@PeterRising 

 

Information Governance policies from the SCC are the preferred recommendation from Microsoft now to immutably protect your M365 data and prevent deletion.  Even if a user deletes something from Email or OneDrive, the content will be retained in another folder until such time the policy expires.

 

I think thats the point i was missing "Immutably". I was expecting to see either a) a new policy applied to a users mailbox (MRM) if they were assigned a policy from the Information Governance, Retention, since i was expecting to see a policy assigned there, then i was also expecting to see an expiration date/time. 

 

So these IG/Retention Policies are more like "background" compliance policies instead of MRM 3.0, which also happen to apply to all office workloads. 

 

Is that about right? if so is there a document that explains specifically that - i need to provide that to my boss which is why i am asking. 

 

Thanks, 

 

Robert 

Highlighted
I don’t think I’ve seen a Microsoft doc which explicitly compares the two methods, but this doc is probably your best bet for a good understanding on the principles of retention in M365,

https://docs.microsoft.com/en-us/microsoft-365/compliance/retention-policies?view=o365-worldwide