Maintaining a Microsoft 365 Retention Policy with PowerShell
The Connect-IPPSSession cmdlet is needed to connect to the Security and Compliance endpoint to update a Microsoft 365 retention policy. Unhappily, the Security and Compliance module doesn’t support managed identities, which makes it harder to run Connect-IPPSSession securely in an Azure Automation runbook. In the end, we use a credential stored in the automation account. And then we had to disable WAM. All explained here. https://office365itpros.com/2025/08/12/connect-ippssession-azure/Creating a Microsoft 365 Retention Policy for Shared Mailboxes
After being asked whether licenses are needed to include shared mailboxes in Microsoft 365 retention policies, I investigated and found that licenses are not. This led to a consideration of the steps needed to create a special retention policy for shared mailboxes (with PowerShell, naturally) and how to avoid retention setting collisions with other policies. All explained in detail here. https://office365itpros.com/2025/08/05/shared-mailboxes-retention/
Retention Compliance Policy exemption group honoring
Hello, My company is starting down a path to enact a Data Lifecycle Management policy, starting with our EOL email. The desired state outcome is a policy that deletes all email older than 7 years, applied to all mailboxes, with certain exemptions to named users/individuals (execs, etc.). I created a mail-enabled security group for the named exempt individuals, sync'ed into EntraID. I was able to use powershell to create a retention compliance policy (in a disabled state for now) + corresponding retention compliance rule that is targeted to EOL, but I can't see to get the configuration to honor the exemption group I've specified. I'm typically PIM'ed up to Compliance Administrator to do these manipulations, though I've also tried with Global Admin to no avail. Whether via the powershell based attempts or via the Purview GUI, the exempt group listing just doesn't seem to take/appear after I've submitted the change to enact on it. Is there anything special needed to get the Purview system to honor a group specified for named users/mailboxes for exemption? I understand that it can take up to 7 days for a change to take hold, but I was under the impression that changes that are submitted should at least be visible via the admin interface of choice (powershell, Purview web GUI) once submitted. ThanksBe Careful with Retention Labels Configured with Created Date Expiration
Retention policies and retention labels have been around for about 8 years. Some of the older retention settings might use file created dates to remove items. No doubt basing retention on creation dates made perfect sense at the time, but experience shows that maybe basing retention on the last modified date can be better. All explored here together with a script to update retention labels in OneDrive. https://office365itpros.com/2025/07/22/retention-label-last-modified-date/
Hidden Group and Hidden Group Membership
Hi everyone! I have come across a requirement where the client would like to use an excel spreadsheet, a service account and application registration to manage group membership for a confidential group. They would like to create a group from which the members cannot leave, see other team members and cannot see the group itself. Now, I have the concept of the flow with me but for the life of me, I cannot get around to finding/configuring a group that meets the requirement. Have you guys come across this sort of scenario? Group Configuration: Users should not be able to view the group Users should not be able to view members of the group Users should not be able to leave the group Thanks in advance.
How many files have been deleted?
Is there a way to find out how many files have been deleted by a retention policy over a certain time frame? (across the entire tenant) As well the # of files, the total size or space freed up by these deletions? I've tried researching PowerShell cmdlets and other areas to find this information out but have come up empty. We'd like some initial information on how the implementation of Microsoft Purview Records Management is progressing.Excluding SharePoint Online sites from Retention Policy, for removal
I understand that when I have the Purview Retention Policy set to Never Delete, that I can't fully delete any SharePoint Online sites. If I add the sites I want to remove to the Exclude list of the Policy, how long does it normally take for that change to propagate before I have permissions to be able to delete those excluded sites?
Auto retention label policy does not work in SharePoint Online
I have created an auto retention label policy and ran and tested it in simulation mode two weeks back, but when I run the same policy with the same query in simulation mode, it does not give any matching result; always it comes with 0 matches found. However, when we test the same query in SharePoint Online search, it gives a result. The policy is completing on time; sometimes it takes hours to days to complete, but sometimes it completes on time as expected. What could be the reason? Are you also facing similar issues? Thanks!
