top of page

MICROSOFT PURVIEW - RETENTION FOR ONEDRIVE

  • Feb 2
  • 7 min read

Audience: Solution designer; Support Engineers; Information Management Advisor


OneDrive for Business is brilliant until it isn’t. If left unchecked, it becomes the digital equivalent of that kitchen drawer you never tidy-up - crammed full of drafts, duplicates, ancient versions, reference documents, and files with names like Report final_v7_JSFINAL.docx. Multiply this by a few thousand users and you’ve got a governance headache large enough to qualify as seismic activity.

 

Most organisations don’t have the luxury of an army of Information Managers spelunking through every forgotten OneDrive. Even if they did, nobody wants to spend their day discovering orphaned PowerPoints from 2010.

 

This is where Microsoft Purview Retention Policies step-in as the quiet, reliable, and unglamorous machinery that continually keeps sweeping up the detritus, helping you keep OneDrive under control at scale.


Why Retention Policies Matter

Data growth in OneDrive is exponential and Microsoft’s default approach of making all new content creation tools use a default save-location in OneDrive panders to the nature of people - saving everything and not looking at where it is. Unfortunately, human-nature also means users rarely go back to clean things up.

 

Retention settings provide automated, organisation‑wide guardrails that:

  • Support regulated retention needs (e.g., minimum retention periods).

  • Help reduce risk by deleting old or irrelevant content.

    Microsoft’s own guidance emphasises this as a key retention goal

  • Protect organisations from accidental or premature deletion by moving modified/deleted files into the Preservation Hold Library (PHL).

 

In short, retention helps you avoid the two extremes keeping everything forever (expensive and risky), or letting people delete critical records on a whim.

 

Policies vs Labels

Don’t over-think it. Basically:

 

1.      Retention Policies apply at scale i.e. they cover entire workloads, whole OneDrives, whole SharePoint tenancy (or complete sites)


2.      Retention Labels apply at the item level, targeted to individual files, specific emails, or specific records (e.g. case-files, contracts etc)

 

There are some really basic distinctions, but if you need more convincing:


Policy

Labels

Scope

Broad. Applied across entire workloads (e.g., all OneDrives, all SharePoint sites)

Narrow/targeted. Applied to individual files or emails

Application Method

Automatic inheritance at the container level; no user action required

Manual assignment OR automated via rules (KQL, adaptive scopes, classifiers)

Maintenance Overhead

Low. Set-and-forget for most organisations

High. Requires planning, mapping, communication, and ongoing governance

Best Use Case

Catch‑all retention, minimum viable governance, lifecycle automation

Specific record types, mapped file-plan and ops records, complex retention logic etc

Dependency on User Behaviour

None. Silently applies without training

High. Users may need training to apply correctly unless automation is used

Governance Model

Safety-net approach: everything is covered

Precision approach: only defined, scoped content is covered

Ideal For

Managing high volume, personal storage like OneDrive at scale

Business-critical documents and structured repositories (SharePoint, Exchange)

Risk Profile

Lower risk of “slipping through the cracks”

Higher risk if labels aren’t applied, or automation isn’t mature

Administrative Skill Requirement

Moderate. Can be implemented by IM or IT teams without deep taxonomy knowledge

Higher. Requires IM/Records expertise for classification models and mapping

Uniformity of Application

Consistent across all content in scope

Highly variable unless strictly governed

Interaction with Other Policies

Can be over-ridden by labels

Over-rides policies when present

Labels are powerful but require people (or automation) to apply them …but people are “busy”, and automation usually requires a project for training.


For managing‑at‑scale with OneDrive for Business - Policy is your friend!

A Simple, Operational Model for OneDrive Retention

This model is deliberately lightweight — designed for organisations with small IM teams, or those who simply want predictable behaviour without turning governance into a full-time sport.

 

Catch‑All Purview Retention Model

A really simple catch-all model is to apply the ‘funnelling’ approach to using policies, but in reverse order i.e. when business rules indicate that may need to keep strategic/decisioning making user content to review


e.g. Board members, Commissioners, Executive leadership, we have policy for named users (usually a small group) for a long-duration; for critical personnel roles or subject-experts which have particular (regulatory) obligations we have more manageable duration, and the simplest, broadest rule with the shortest retention for “Everyone”.


A funnel diagram with three sections: Targeted Groups, Roles, and Everyone, showing a flow from specific to broad groups with simple icons.
No one gets left behind!

Something like this:

 

  1. Targeted Groups e.g., Board or Executive OneDrive’s, named, retain with ‘Review’

    Longer retention; review before deletion


  2. Role‑based Cohorts e.g., Managers L2–4, Legal officer

    Moderate retention; auto‑delete after expiry


  3. Everyone Else i.e. all licensed users assigned due to ‘license allocation’ and ‘active’ UNC,

    Shorter retention aligned to clean‑up cycle; automatic deletion.

 

This “funnel” approach ensures that high‑value or high‑risk roles keep data longer, while the majority of users benefit from automated hygiene.

Bonus: If a user moves roles, they’re still captured by the 'Everyone' Policy, reducing the chance of someone slipping through the cracks.

Understanding How Retention Actually Works in OneDrive

From Microsoft’s documentation:

  • All files in a OneDrive can be retained or deleted based on policy.

  • A retention policy automatically applies settings to content in OneDrive, using container‑level rules that cascade to all files.

  • When content is modified or deleted, OneDrive silently retains a copy in the Preservation Hold Library until the retention period ends.

 

This means you don’t need separate storage or bespoke workflows, Purview handles lifecycle management in-place. The only separation of rules worth considering is the broad groups I’ve suggested for tiered policies i.e. Executive > SMEs > Everyone.


When to Use Policies Instead of Labels

With OneDrive for Business consider choosing Policy when:

  • You want consistent rules for all users or groups

  • You’re managing thousands of drives

  • You don’t have the capacity to train everyone on labels

  • You need a resilient model for staff turnover and offboarding

 

…there are other reasons, but these are the most common.

 

Labels are still useful and can coexist with Policy, but they shine in document‑centric repositories like SharePoint, not the wild west of personal storage.

 

Blue diagram with four levels: 1. Retention wins over deletion 2. Longest retention period wins 3. Explicit wins over implicit for deletions 4. Shortest deletion period wins

The advantage with (potentially) training the ‘special cases’ in your organisation with labels is that this then invokes the platforms Order of precedence where manually applied label trumps a policy (where timeframe is longer than the policy).


Microsoft’s actually go some good guidance available on Microsoft Learn | retention policies & labels - what takes precedence

 

Public Sector Considerations

For New Zealand government agencies retention policies map neatly to the likes of:

  • Public Records Act minimum retention periods.

  • GDA6/GDA7 disposal classes (where OneDrive is not classed as a system of record).

  • Information lifecycles that support “OD for drafts and personal documents, publish business documents in SharePoint”.

 

…assuming that your Disposal Authority has been assessed and setup with that in-mind, otherwise you will need to check with IM Advisor to be sure that there are no ‘curlies’ in your particular organisation which would mean you should do something different.

 

Retention Policies are ideal for OneDrive because they help enforce the principle: Only working content lives in personal storage.”


Implementation: How to Actually Build These Policies

Steps to create a retention policy in Microsoft Purview, are straightforward – and that’s the danger in implementation. Based on Microsoft’s step‑by‑step guidance:


Flowchart with six steps for policy creation: Go to Purview, Create New Policy, Choose Scope, Select Locations, Configure Retention, Review & Publish.

When created, policies apply automatically once published. The retention actions take effect according to Microsoft’s timing model between 48hrs and 7-days (…plus a weekend and a bit-ish).

 

New & Emerging Features

There are a numerous tools and capabilities, but the most relevant ones with regards to retention and disposal include

 

  1. Priority Cleanup Policies

Microsoft’s new capability allowing admins to delete OneDrive content even when retention or legal holds would normally prevent it – but with additional gates for checks-n-balances.

 

Useful for:

  • Removing large volumes of Copilot-generated artefacts

  • Urgent capacity recovery

  • Managing abandoned or long-stagnant OneDrives

 

Have a look at our other articles for more detail on application.

 

  1. Last Accessed‑based Retention

Retention based on “last accessed” date lets organisations automatically remove unused files, reducing clutter and improving Copilot accuracy.

simple decision-tree for Last-accessed disposal

 

This is particularly effective in OneDrive because users habitually forget to delete dead content.

 

Common Pitfalls

The challenge with using Policy vs. Labels, when you don’t really understand the implications for the business and users, is that you fall into a variety of common pitfalls.

 

Table: common pitfalls in descending order occurrence

 

Issues

Description

1.                   

Over‑retention

keeping everything forever increases costs & risks, and often breeches legislative obligations.

2.                   

Assuming retention is instant

Settings take time to apply, often 48hrs – 7days+

Have a read (article) for times from when applied - then add a week(end).

3.                   

Use labels when policy would suffice

labels require analysis, planning and user adoption training; policies don’t.

4.                   

Under‑communicating

i.e. staff need to know what will disappear and when.

5.                   

Not linking offboarding

and paying extra storge costs, when Policy disposal works beautifully when paired with OneDrive manager access and review cycles.

Wrap-up

Purview Retention Policies aren’t glamorous, but that’s the point. They provide quiet, predictable governance - the kind that works in the background while your IM team focuses on the actual business of supporting people, not managing their digital clutter.

 

Used well, Retention Policies:

  • Keep OneDrive tidy

  • Reduce compliance risk

  • Free your organisation from manual clean‑ups

  • Support user behaviour rather than fight it

 

This approach applies a basic model of automation, and a simplified approach to ensuring no one(drive) is left behind. While not the “magic of AI” or the miracle of everyone being an Information Management expert, it does lean-in to how people behave and user-expectations.

 

It is not perfect. It is not supposed to be. It’s practical, scalable governance - and most organisations could use more of that.


Resources:


Disclaimer

Generative AI was used in the creation of images in this article, and as first-pass quality assurance for topic content and article consistency. All content was created by author, based on released information from Microsoft. Any errors or issues with the content in this article are entirely the authors responsibility.


About the author: Jonathan Stuckey

Comments

bottom of page