Person working on a laptop

M365 Retention Archiving and Mailbox Sizes

Microsoft 365 Retention Policies

Policy Options

Microsoft 365 Retention Policies allows companies to enforce the retention of their data held withing Microsoft 365, matching their information security policies. There are two main methods of compliance with a retention policy. The policy can force retention of data, or the policy can force purging of data. Both provide consistency across all users, all data including email and SharePoint, and eliminates the possibility of one user keeping all email for 15 years while another user deletes email immediately. The policy begins immediately by either purging old data or retaining data when it is applied. 

When an e-discovery need arises is not the ideal time to discuss these concepts. Planning is ideal.

Clarification: A Retention Policy is different than a Data Loss Policy (DLP). A data loss policy checks for sensitive data and  can restrict access, sharing, or sends to a compliance manager for approval.

One important concept of a retention policy is that these policies apply even to deleted accounts. When an employee leaves the organization, we can feel free to delete the user accounts knowing that we can always find old messages in the user account because we have an enforced retention policy.

Retention policies can be applied to mailboxes and SharePoint sites together or different policies can be applied as needed.

Retain Data

One option in a retention policy is to retain items. There are options to retain items for a specific period of time and retain forever. One concept of a retention policy is to decide how long you want to enforce retaining data. 

Delete Data

The second main option of a retention policy is to determine when to force delete data. Cleaning up old data, especially email, enforces deletion of very old email that does not apply to anything current. Deleting old data also reduces the chances that data that does not apply to an e-discovery is listed in the results.

Mailbox Size Limits

Related to retention policies, there are some users that simply have very large mailboxes. Microsoft 365 has a mailbox size limit of either 50GB or 100GB depending on the license. When a user reaches this limit, we should ask if the email in their inbox deserves to be retained or deleted and how a retention policy would apply. If the email should be retained and the mailbox is still over 50GB, then we can consider an archive.

Microsoft 365 Licenses and Online Archive Options

All Business tiers of Microsoft 365 have a mailbox size limit of 50GB. Enterprise tiers of E3 and E5 include a mailbox size limit of 100GB. 

Archive mailboxes of 50GB are included for M365 Business Basic, M365 Business Standard, and Office 365 E1 while 1.5TB is included for Microsoft Business Premium, Office 365 E3, and Office 365 E5. 

The Archive Mailboxes are an option to reduce the mailbox size when a retention policy does not apply or when  the user has a mailbox that needs to be reduced.

See the table below for mailbox size limits.