Feedback by UserVoice

How can we improve compliance or protect your users better in Office 365?

← Office 365 Security & Compliance

Allow dynamic retention policy based on group membership

The below is too great a restriction and renders the retention policy useless.

Groups selection confirmation

The specified groups will be expanded so that an In-Place Hold can be put on the mailboxes in these groups. Only the mailboxes that are currently members of these groups will be placed on hold. Mailboxes added to or removed from these groups won't be added or removed from this hold. After setting the group for the location, the new member changes for this group will not auto apply to this location settings. Do you want to expand these groups?

297 votes
Vote
Sign in
(thinking…)
Sign in with: Facebook Google
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
You have left! (?) (thinking…)
Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

14 comments

Sign in
(thinking…)
Sign in with: Facebook Google
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Shukra commented  ·   ·  Flag as inappropriate

    Allow AD role based authentication and membership. Why recreate the wheel? Use AD please.

  • JG commented  ·   ·  Flag as inappropriate

    This would be a big win for large organizations. We keep having to create "new" additional retention polices targeting individual users every time we hit the 1000 user limit.

  • Connan Olufson commented  ·   ·  Flag as inappropriate

    I agree with Narsi's comment. Looking for new users added to a group to be assigned to a retention policy. Not looking to remove users from retention policy when they are removed from the group. Current work around is a recurring task running a powershell script to compare group membership and retention policy location, then add group members not listed in the retention policy location. It would be nice if the group could be specified in the retention policy and the comparison for group members missing from the retention policy location could be handled automatically.

  • Nikki C commented  ·   ·  Flag as inappropriate

    This is really important when there are different retention rules for users in different countries. It would be much easier to automatically add users to a the Teams chat, mailbox or OneDrive based on rules e.g. Azure user attribute, or membership of a security group.
    By default this should be add only.
    There should also be an option to decide whether you also want users automatically removed from the retention policy if they no longer meet the rules

  • Ian Navran commented  ·   ·  Flag as inappropriate

    I would like to see the introduction of ‘dynamic labels’. These labels would be defined like DDLs (ie a attribute query based scope). Retention policies could then use labels to define scope for EXO mailboxes

  • Narsi commented  ·   ·  Flag as inappropriate

    Applying of retention policy to Dynamic group would be ok, however not removing the policy.
    Even if user leaves the group they should still have the retention applied as they were part of the group at some point hence data needed to be retained

  • Glenn Blinckmann commented  ·   ·  Flag as inappropriate

    I'd also like to see both retention policies and DLP policies applied to Azure AD Dynamic security groups. This would be extremely helpful with larger enterprise customers.

  • Eric commented  ·   ·  Flag as inappropriate

    Retention policies for Teams messages and chats should be assignable by AD group instead of having to manually specify each user individually.

  • Anonymous commented  ·   ·  Flag as inappropriate

    I want to apply a retention policy that is tied to an AD group. When I try to do so, I get the explanation below.

    I would like it to be possible to assign a retention policy to a group and have this apply on an on going basis and not just to userrs in the group at the time that it is applied.

    Distribution lists and mail-enabled security groups will be expanded so the policy will apply to all the mailboxes in the group. Only the mailboxes that are currently members of these groups will be covered by the policy. Mailboxes added to these groups later won't be covered, but ones that are removed later will still be covered.

  • Anonymous commented  ·   ·  Flag as inappropriate

    100% agreed. If a retention policy is not going to dynamically support a group (other than initially added members to the policy) there should be integration with Azure AD Dynamic Groups. Let the dynamic groups make the add/remove changes and have the retention policy use the dynamic group members to enforce retention policies. Without this capability all of the automation has to be scripted and maintained.

Office 365 Security & Compliance: Information Governance and Records Management

Categories

Feedback and Knowledge Base

(thinking…)

Related Sites