OneDrive and SharePoint Information Governance

Occasional Visitor

Hello everyone, we are just starting to kick tires on OneDrive and SharePoint libraries which sync with OneDrive. We're a HIPAA compliant organization and it is a requirement that our data be retained for 10 years. Currently we use a file server and a Barracuda backup solution which has this retention set. Done.

With the introduction of OneDrive, we can no longer rely on our on-premises backup solution, so I am turning to M365 for a solution. I've found the Microsoft 365 compliance page out of the admin center and "Information Governance" seems to contain "Retention Policies". So far so good.

These policies can be enabled for SharePoint and OneDrive..




Moving along we get to this screen which is a bit confusing. 10 years is here, good. When items were last modified, good. Delete items automatically.. Hmm.. All items? I would expect the only items to be deleted were those that were deleted by the end user and then aged 10 years. Does this really mean that it will delete everything after 10 years? Whether the file is deleted or not?




Furthermore, when an item is deleted by an end user, but hasn't reached the end of retention, how is an admin to locate this file?

This doesn't really seem like a replacement for a backup solution. I see that SharePoint has a recycle bin and files have "previous versions" by default. Any other options for backup or is this what you get built in?


Adam Tyler

1 Reply

The capability to retain data does depend on what license of M365 you are using. generally Enterprise (E) licenses can be configured to retain data 'forever' via policies. However, you do need the appropriate licenses to support that.

This article I a few year ago may help -

but in essence it all comes down to the retention policies you create and apply. Don't forget, you can also log a support call with MS directly inside your tenant to get your questions answered on specifics in relation to yoru environment.