Latest Posts

Creating a SharePoint Online Data Retention Strategy using PnP PowerShell

Posted on by Rishan Solutions

Loading

Data retention in SharePoint Online ensures that documents and records are preserved for compliance, legal, or organizational needs. By using PnP PowerShell, you can automate the configuration of retention policies, apply labels, and enforce governance rules efficiently.

Key Considerations for Data Retention

Retention vs. Deletion – Define whether data should be retained, deleted, or both.
Retention Period – Choose the duration (e.g., 3 years, 5 years, indefinitely).
Content Types – Apply retention to specific libraries, sites, or items.
Legal Hold – Prevent content deletion for compliance.
User Access Control – Restrict who can modify retention settings.

Step 1: Connect to SharePoint Online

First, establish a PnP PowerShell connection with administrative privileges.

$adminUrl = "https://yourtenant-admin.sharepoint.com"
Connect-PnPOnline -Url $adminUrl -Interactive

✔ Ensures authentication for managing policies.

Step 2: Create a Retention Label

Retention labels define how long content is retained before deletion.

$labelName = "Financial Records Retention"
$description = "Retain financial documents for 5 years before deletion."
$retentionPeriod = 1825 # 5 years in days

New-PnPRetentionComplianceRule -Name $labelName -RetentionDuration $retentionPeriod -RetentionComplianceAction Keep -Comment $description

Write-Host " Retention Label Created: $labelName"

✔ Ensures financial records are retained for 5 years.

Step 3: Apply Retention Label to SharePoint Libraries

Assign the retention label to document libraries within a site.

$siteUrl = "https://yourtenant.sharepoint.com/sites/Finance"
$libraryName = "Financial Documents"
$labelName = "Financial Records Retention"

# Connect to the site
Connect-PnPOnline -Url $siteUrl -Interactive

# Apply the retention label
Set-PnPList -Identity $libraryName -Label $labelName

Write-Host " Retention Label Applied to $libraryName in $siteUrl"

✔ Ensures all financial documents follow retention policies.

Step 4: Set Retention Policies for Specific Content Types

Apply retention settings to specific document types.

$siteUrl = "https://yourtenant.sharepoint.com/sites/HR"
$libraryName = "Employee Records"
$contentTypeName = "Employee Contract"
$retentionPeriod = 3650 # 10 years in days

Connect-PnPOnline -Url $siteUrl -Interactive

# Get the content type
$contentType = Get-PnPContentType -List $libraryName | Where-Object { $_.Name -eq $contentTypeName }

# Apply retention settings
Set-PnPContentType -Identity $contentType.Id -RetentionDuration $retentionPeriod -RetentionComplianceAction Keep

Write-Host " Retention Policy Applied: $contentTypeName (10 Years)"

✔ Retains employee contracts for 10 years.

Step 5: Enable Legal Hold on SharePoint Content

To prevent deletion for legal cases, apply a legal hold.

$siteUrl = "https://yourtenant.sharepoint.com/sites/LegalCases"
Connect-PnPOnline -Url $siteUrl -Interactive

# Enable legal hold
Set-PnPSite -Identity $siteUrl -LockState NoAccess

Write-Host " Legal Hold Enabled on: $siteUrl"

✔ Ensures legal documents cannot be deleted.

Step 6: Automate Policy Assignment to Multiple Sites

Apply retention policies to all SharePoint Online sites.

$sites = Get-PnPTenantSite

foreach ($site in $sites) {
    Connect-PnPOnline -Url $site.Url -Interactive
    Set-PnPSite -Identity $site.Url -RetentionComplianceAction Keep -RetentionDuration 1095 # 3 years
    Write-Host " Retention Policy Applied to: $($site.Url)"
}

✔ Ensures all sites comply with a 3-year retention policy.

Step 7: Generate a Retention Policy Report

Verify applied retention policies and generate a report.

$report = @()

$sites = Get-PnPTenantSite

foreach ($site in $sites) {
    Connect-PnPOnline -Url $site.Url -Interactive
    $policy = Get-PnPSite | Select-Object -Property Url, LockState, RetentionComplianceAction, RetentionDuration

    $report += [PSCustomObject]@{
        SiteURL = $policy.Url
        LockState = $policy.LockState
        RetentionAction = $policy.RetentionComplianceAction
        Duration = $policy.RetentionDuration
    }
}

# Export report to CSV
$report | Export-Csv -Path "C:\SharePointRetentionReport.csv" -NoTypeInformation
Write-Host " Retention Report Generated: C:\SharePointRetentionReport.csv"

✔ Provides visibility into all retention policies.

Step 8: Remove Expired Retention Policies

Automatically remove policies when they expire.

$expiredPolicies = Get-PnPRetentionComplianceRule | Where-Object { $_.RetentionDuration -lt (Get-Date).AddDays(-1).ToString("yyyy-MM-dd") }

foreach ($policy in $expiredPolicies) {
    Remove-PnPRetentionComplianceRule -Identity $policy.Name -Force
    Write-Host " Removed Expired Policy: $($policy.Name)"
}

✔ Ensures outdated policies are removed.

Leave a Reply

Your email address will not be published. Required fields are marked *