The retention philosophy

Most organizations approach retention as a binary: either content is governed (records management, formal retention) or it isn't (it lives forever in shared drives). Microsoft 365 supports a more useful model: a baseline policy applied to everything, plus specific labels applied to content that needs explicit lifecycle treatment.

Two ideas drive everything in this guide:

Most content lives and dies in the business line. Working documents, reference material, day-to-day operational content — created, used, and ultimately disposed in place on the business-led site that produced it. No cross-site move; simpler permissions; simpler audit trail.
Enterprise content gets declared and moved to a functional Record Centre. Content with long-term retention obligations — policies, signed agreements, regulatory submissions — is declared a record and moved to the appropriate functional Record Centre where a custodian takes over.

Both paths are governed. The right question for any piece of content is not "is this a record?" but "where does this content's lifecycle play out, and who owns it?"

Why this matters

Without a baseline retention policy, every file lives forever — storage costs grow indefinitely, search results fill with stale content, and Copilot exposure compounds. Without explicit declaration for enterprise content, records with regulatory weight (board minutes, contracts, audit evidence) get the same treatment as a draft email — a compliance failure waiting to happen.

Two paths at end of life

The model splits cleanly. Picking the right path is the most important governance decision in your retention strategy.

Path A — stays in the business line

Operational, working, and reference content lives, ages, and dies in place on the business-led site that owns it.

Created  →  Active  →  Retired  →  Disposed

Content is created, used, and ultimately disposed in place on the business-led site.
A retention label on the library (or driven by metadata) defines the disposition timer.
No cross-site move. Permissions and audit trail stay simple.
Ideal for working documents, drafts, project artefacts, day-to-day reference content.

Path B — moves to the Record Centre

Content with enterprise retention obligations is declared a record and moved to the appropriate functional Record Centre.

Created  →  Active  →  Declared  →  Record Centre

Content is created and used on a business-led site, then declared a record once it reaches the right state (approved, signed, finalized).
The record is moved (or copied) to the functional Record Centre that owns its category — Contracts to the Contracts centre, Policies to the Policy & Standards centre, and so on.
A custodian inside that function takes ownership.
Original metadata travels with the record so it stays findable.

Plain-language rule of thumb

If the content needs an enterprise retention schedule, a custodian, or a hold capability, it belongs in a Record Centre. If it doesn't, it belongs in the business-led site that produced it — including all the way through disposition.

The Record Centre — functional, custodian-owned

The Record Centre isn't a single dumping ground. It's organized by enterprise function. Each function has a custodian who owns the content from declaration through disposition.

Function	Typical custodian
Policy & Standards	Information Management
Contracts & Agreements	Legal
Financial Records	Finance
Personnel Records	Human Resources
Regulatory Submissions	Compliance
Health & Safety Records	EHS

The functions above are typical — your organization may have more, fewer, or differently-named functions. Records of the same kind always land in the same place.

The custodian owns five responsibilities for the content in their function:

Permissions — decides who can read, declare, or release records.
Retention — owns the retention schedule applied to their function's content.
Holds & releases — manages legal holds and disposition exceptions.
Disposition — reviews and approves end-of-retention events.
Reporting — has the visibility to demonstrate compliance to auditors.

How retention is applied

Two patterns cover almost every practical case. Both can coexist on the same site or library.

Library-level retention

Every document in the library inherits the same retention label.

Best when every document in the library shares the same retention obligation.
Example: an Operational Procedures library where every document is retained 7 years from last modified.
Stamped by the template, so every new library lands compliant.
Easy to audit and easy to explain to a Site Owner.

Metadata-rule retention

Apply different retention based on a metadata field value or a lifecycle event.

Trigger from a metadata field — e.g. when Status changes to Retired, the retention timer starts.
Event-based — retention starts on a Contract End Date, a Project Close Date, or a Policy Approval Date.
Different content types in the same library can carry different retention rules.
Powered by the same enterprise content types and term sets used everywhere else, so the retention story is consistent with the IA story.

Generic retention defaults

A starting set of generic policies covers the long tail — content that doesn't need a custodial decision. These values are examples; every organization tunes them to its regulatory environment, operational reality, and risk appetite.

Application	Example generic policy	Notes
Email — Inbox	Dispose 2 years after last modified.	Email is communication, not a corporate repository. Important emails belong in SharePoint or Teams.
Email — Deleted Items	Dispose 30 days after deletion.	Deleted Items can otherwise accumulate indefinitely.
OneDrive	Dispose 2 years after last modified.	Personal storage; users can opt-in to a longer-retention label for content they need to keep.
Teams — Informal collaboration	Dispose chat and channel files after a defined window.	Informal Teams have transient content; the default keeps the platform clean.
Teams — Professional groups & engagement	Disposition aligned with the community's useful life.	Community content typically has a longer useful life than informal chat.
Teams — Project & work initiative	No active retention. Archive on project end, hold read-only for a defined window, then dispose the entire Team.	Project content has a defined end date; the Team itself is archived and disposed.
SharePoint — Business-led sites	Dispose after a configured window since last modified.	Business content lives until it's stale; aggressive disposition controls storage and risk.
SharePoint — Record Centres	No generic disposition. Specific retention labels drive the schedule.	Record-centre content has explicit lifecycle requirements; generic policy doesn't apply.

Watch out

The values shown above are illustrative defaults from typical client deployments. Your generic retention windows should be set by your compliance, legal, and IM stakeholders against your regulatory obligations. Defaults that are too short cause data loss; defaults that are too long become a discovery and Copilot exposure problem.

Auto-application — how content gets labeled

Manual labelling by users works for low-volume, high-value content. At scale, auto-application is what makes retention sustainable. Five mechanisms, in roughly increasing sophistication:

Location-based. Content in a designated library or folder inherits the library's default label. Most reliable; depends on consistent provisioning.
Metadata-driven. A specific metadata value (Status = "Final") triggers a label.
Event-driven. Lifecycle events (project closure, contract signing, policy approval) trigger labelling.
Pattern-based auto-label. Microsoft Purview detects content patterns (PII, financial data) and applies labels automatically.
Trainable classifiers. ML models trained on organizational content categories (contracts, resumes, policies) apply labels based on document content. Requires E5 / Purview Premium.

Recommended phasing

Phase 1: location-based defaults (library-level retention through templates) plus manual labelling for high-value cases. Phase 2: metadata-driven auto-labelling for content with structured workflow. Phase 3: event-driven labelling tied to lifecycle events. Phase 4: pattern and trainable-classifier auto-labelling for high-volume content where human tagging doesn't scale.

How records get declared and moved

Path B starts when content is declared a record and routed to the Record Centre. Five patterns:

Manual declaration. A Site Owner or Information Manager explicitly declares the content a record when it crosses a threshold (signed, approved, published). Most reliable for low-volume cases.
Library-based routing. A designated Final or Approved library on a business-led site auto-routes content to the right Record Centre.
Status-driven. Content with a Status field of Approved or Published is routed automatically.
Event-driven. Project closure, contract signing, or policy approval triggers movement.
Audit-driven. Periodic Information Manager review identifies records-grade content on business-led sites and routes it.

Watch out

Don't automate routing before the manual pattern is validated. Auto-routing content to the wrong Record Centre creates compliance problems; manual declaration with a clear process is the right starting point.

Disposition review

When content reaches the end of its retention period, two paths: silent disposition (content deleted automatically) or disposition review (a custodian approves before deletion). Record-Centre labels typically require disposition review.

Disposition review queue. Microsoft Purview presents content eligible for disposition to the relevant custodian.
Reviewer actions. Approve disposition, extend retention, apply a different label, or transfer to archive.
Audit trail. Every disposition decision is logged with reviewer, timestamp, and rationale — required for regulatory defensibility.
Cadence. Most organizations review monthly or quarterly. Volume drives the cadence.

Teams archive as a unit

Microsoft Teams are project containers — chat, files, meetings, Planner, channel folders. They're time-bound by design.

Active  →  Archived  →  Disposed

Manage at the container. When the work is done, the entire Team — Group, site, channels, files — is archived as one unit. No file-by-file decisions.
Records stay where they belong. Anything that needs enterprise retention should be moved or declared into the appropriate Record Centre before the Team is archived. Once archived, the content is read-only; once disposed, it's gone.
Templates govern Teams too. Project Teams are provisioned from a template that stamps channels, owners, settings, a container label, and a lifecycle policy at creation.

With Kybera Impact

Kybera Impact's Lifecycle module coordinates Teams archive, unarchive, and dispose end-to-end. The Compliance module enforces the retention labels and adaptive scopes the IM team configures. The Workspaces and Templates modules ensure each business-led site lands with the right defaults and each Record Centre is provisioned with the right custodian roles, content types, and retention. Without Kybera Impact, the same outcomes are achievable on stock Purview — they just take more manual coverage audits and per-site configuration to maintain.

Without Kybera Impact

Stock Microsoft Purview supports all of this — adaptive scopes, retention labels, disposition review, container labels for Teams. The work is in maintaining coverage as new sites are created: ensuring property bags are stamped, adaptive scopes target reliably, and Record Centre custodians stay assigned. Plan for a quarterly retention-coverage audit and ongoing remediation.

Discussion questions

• Which business lines have content that should stay and die in place, and which have content that genuinely needs Record-Centre custodianship?

• Which functional Record Centres do we need to stand up — Policy, Contracts, Financial, Personnel, Regulatory, EHS, others?

• Who is the custodian for each Record Centre we stand up?

• What generic retention windows fit our regulatory environment — for email, OneDrive, SharePoint business-led sites, Teams?

• What declaration triggers fit our operating model — manual, library-based routing, event-driven?

• Who runs disposition review for each function, and what cadence makes sense — monthly or quarterly?

• What licensing supports our retention strategy — E3 baseline, or E5 with Purview Premium for trainable classifiers?