MS-102 GĐ7 Module 46

Retention Policies, Labels & eDiscovery

Purview Retention Policies (static/adaptive), Retention Labels (manual/auto-apply), eDiscovery Standard vs Premium, Legal Hold và Content Search.

Tình huống – VinaCorp

Luật sư VinaCorp nhận thông báo kiện tụng từ đối tác. Cần: legal hold toàn bộ email/Teams của 3 nhân sự liên quan, search nội dung theo keyword "Project Phoenix", export cho luật sư — trong 48 giờ.

Retention Policy vs Retention Label

	Retention Policy	Retention Label
Áp dụng	Tự động toàn bộ location (Exchange, SharePoint...)	Gán thủ công hoặc auto-apply cho item cụ thể
Granularity	Location-level (mailbox, site)	Item-level (email, document)
Conflict	Principle of preservation wins	Label thắng policy nếu giữ lâu hơn
Record declaration	Không	✅ Có thể mark as Record
Disposition review	Không	✅ Có
Visible to user	Không (background)	✅ Hiện trong Outlook/SharePoint

Principle of Preservation (khi conflict)

Quy tắc: Khi nhiều policy/label xung đột → luôn ưu tiên giữ dữ liệu lâu hơn. Delete action chỉ xảy ra sau khi retention period dài nhất hết hạn.

Ví dụ: Policy giữ 3 năm + Label giữ 7 năm → item được giữ 7 năm, sau đó label action (delete/review) được áp dụng.

Lab A – Tạo Retention Policy (PowerShell)

Connect-IPPSSession -UserPrincipalName [email protected] # Retention policy: giữ tất cả email Exchange 3 năm New-RetentionCompliancePolicy -Name "VinaCorp-Email-Retain-3yr" ` -ExchangeLocation All ` -TeamsChannelLocation All ` -TeamsChatLocation All New-RetentionComplianceRule -Name "VinaCorp-Email-Retain-3yr-Rule" ` -Policy "VinaCorp-Email-Retain-3yr" ` -RetentionDuration 1095 ` -RetentionComplianceAction Keep # Retention policy SharePoint/OneDrive 5 năm New-RetentionCompliancePolicy -Name "VinaCorp-SP-Retain-5yr" ` -SharePointLocation All ` -OneDriveLocation All New-RetentionComplianceRule -Name "VinaCorp-SP-Retain-5yr-Rule" ` -Policy "VinaCorp-SP-Retain-5yr" ` -RetentionDuration 1825 ` -RetentionComplianceAction Keep Write-Host "Retention policies created"

Retention policies created: - VinaCorp-Email-Retain-3yr (Exchange + Teams): Keep 3 years - VinaCorp-SP-Retain-5yr (SharePoint + OneDrive): Keep 5 years

Auto-apply Retention Label theo Sensitive Info Type

# Tạo label tự động gán khi detect credit card number
New-ComplianceTag -Name "Finance-7yr" `
    -RetentionEnabled $true `
    -RetentionDuration 2555 `
    -RetentionAction Keep `
    -Comment "Tài liệu tài chính — giữ 7 năm"

# Auto-apply policy
New-RetentionCompliancePolicy -Name "AutoApply-Finance-7yr" `
    -SharePointLocation All -OneDriveLocation All -ExchangeLocation All

New-RetentionComplianceRule -Name "AutoApply-Finance-7yr-Rule" `
    -Policy "AutoApply-Finance-7yr" `
    -ApplyComplianceTag "Finance-7yr" `
    -ContentContainsSensitiveInformation @{Name="Credit Card Number"; minCount=1}

Write-Host "Auto-apply label policy created"

Auto-apply label policy created: AutoApply-Finance-7yr Will auto-label items containing Credit Card Numbers with "Finance-7yr"

eDiscovery Standard vs Premium

Tính năng	eDiscovery Standard	eDiscovery Premium
License	M365 E3 / Exchange Online Plan 2	M365 E5 / E5 Compliance add-on
Content search	✅	✅
Legal hold (case-based)	✅	✅
Custodian management	❌	✅ (người giám hộ dữ liệu)
Advanced analytics (near-dup, themes)	❌	✅
Review sets	❌	✅ (tag, annotate, redact)
Predictive coding (ML)	❌	✅
Export format	PST, single files	PST, native, load files

Lab B – eDiscovery Standard: Legal Hold + Search + Export

purview.microsoft.com → eDiscovery → Standard

Bước 1 – Tạo Case & Legal Hold

Connect-IPPSSession -UserPrincipalName [email protected] # Tạo eDiscovery case New-ComplianceCase -Name "VinaCorp-LegalCase-2026-001" ` -Description "Tranh chấp hợp đồng với đối tác ABC - Project Phoenix" # Thêm legal hold cho 3 custodians $custodians = @("[email protected]","[email protected]","[email protected]") New-CaseHoldPolicy -Name "Hold-LegalCase-001" ` -Case "VinaCorp-LegalCase-2026-001" ` -ExchangeLocation $custodians ` -SharePointLocation @( "https://vinacorp.sharepoint.com/sites/Legal", "https://vinacorp.sharepoint.com/sites/Finance" ) ` -Enabled $true New-CaseHoldRule -Name "Hold-Rule-001" ` -Policy "Hold-LegalCase-001" ` -ContentMatchQuery "Project Phoenix" Write-Host "Legal hold applied to 3 custodians"

Legal hold applied to 3 custodians: - [email protected] (mailbox + OneDrive) - [email protected] (mailbox + OneDrive) - [email protected] (mailbox + OneDrive) Query: "Project Phoenix"

Bước 2 – Content Search

# Tạo content search trong case
New-ComplianceSearch -Name "Search-Phoenix-001" `
    -Case "VinaCorp-LegalCase-2026-001" `
    -ExchangeLocation $custodians `
    -ContentMatchQuery '"Project Phoenix" AND (sent:2025-01-01..2026-04-20)'

# Chạy search
Start-ComplianceSearch -Identity "Search-Phoenix-001"

# Chờ và xem kết quả
Start-Sleep -Seconds 30
Get-ComplianceSearch -Identity "Search-Phoenix-001" |
    Select-Object Name, Status, Items, Size

Name Status Items Size ---- ------ ----- ---- Search-Phoenix-001 Completed 1,247 2.3 GB

Bước 3 – Export kết quả

# Tạo export action
New-ComplianceSearchAction -SearchName "Search-Phoenix-001" `
    -Export `
    -Format FxStream `
    -ExchangeArchiveFormat PerUserPst `
    -EnableDedupe $true `
    -IncludeSharePointDocumentVersions $false

Write-Host "Export job created — download from Purview portal after completion"

Export job created. Estimated: 1,247 items / 2.3 GB Download token available in: purview.microsoft.com → eDiscovery → Export

Tổng kết M46

Kiến thức cốt lõi

✅ Retention Policy = location-level; Label = item-level (label thắng khi giữ lâu hơn)
✅ Auto-apply label: gán tự động khi detect sensitive info type
✅ Legal hold ghi đè delete action — item không bị xóa dù quá hạn retention
✅ eDiscovery Premium có custodian management, review sets, ML
✅ Export: EnableDedupe loại bỏ bản sao trùng lặp

Lab đã thực hành

🔬 Lab A: Retention policies Exchange/Teams 3yr, SharePoint 5yr
🔬 Auto-apply label Finance-7yr khi detect Credit Card
🔬 Lab B: Legal case → hold 3 custodians → search → export PST

M45 M47: Message Encryption