Introduction
Data lifecycle management has become essential in a digital environment where security is paramount and AI is redefining practices. With Microsoft Purview, you can not only classify and protect your information, but also reduce your risk exposure surface through efficient management of obsolete data.
What is ROT Data?
Redundant, Obsolete, and Trivial (ROT) data represents a latent danger in environments such as SharePoint, OneDrive, and file shares. With the advent of AI-based tools such as Copilot, this previously dormant data becomes easily accessible, thereby increasing risks.
Common Issues Related to ROT Data
- Abandoned OneDrive accounts: Files from employees who have left the company remain accessible unless specific action is taken.
- Inactive SharePoint sites: Sites unused for several years can still be detected and used by AI tools.
- Forgotten file shares: Content migrated without an owner or retention policy, de facto exposing this data to unnecessary risks.
Warning
Unmanaged ROT data can amplify the risk of unauthorized access or disclosure.
Why Lifecycle Management is Essential
Tools such as sensitivity labels, DLP (Data Loss Prevention), or IRM (Information Rights Management) allow you to monitor or block certain data access or movements. However, as they do not delete unnecessary data, they leave intact a potential risk vector. Microsoft Purview Data Lifecycle Management provides a solution by reducing the attack surface through the deletion of unnecessary data.
Good to Know
Data retention is not a backup. Both concepts should be distinct in your strategy.
Retention Policies vs. Retention Labels
Retention Policies
- Broad targeting: Apply to entire locations such as SharePoint sites, Exchange mailboxes, or Teams channels.
- Low management requirements: Recommended for basic global coverage.
Retention Labels
- Increased granularity: Applied at the item level or automatically via classifiers.
- Advanced features: Enable disposition reviews, record declarations, and event-based retentions.
Both approaches are complementary: policies define a general framework, while labels enable fine-grained management. The strictest rule applies in case of overlap.
Using Adaptive Scopes
Adaptive scopes in Microsoft Purview allow you to dynamically target policies based on Azure AD attributes. This avoids manual updates in case of organizational changes.
Types of Adaptive Scopes
- User scopes: Based on attributes such as department, country, or position.
- Site scopes: Target SharePoint sites based on their sensitivity label or other key properties.
- Group scopes: Suited to Microsoft 365 groups, with dynamic management in case of membership changes.
Tip
Ensure hygiene of your Azure AD attributes before configuring scopes. Incorrect information could compromise the effectiveness of your policies.
Importance of Disposition Review
A disposition review is essential to ensure that automatic deletions are legally defensible.
Fundamental Elements of Review
- Those responsible: Named reviewers, typically from legal or records management teams.
- Action auditing: With Microsoft Purview, each deletion is accompanied by an immutable record, transferable to auditors.
Important
An undocumented deletion can be interpreted as illegal destruction of evidence.
Automation via PowerShell
Here is a PowerShell sequence to apply a retention policy with an adaptive scope:
1# Connect to the Compliance Center2Connect-IPPSSession3 4# Step 1 — Create an adaptive scope by targeting an attribute, here the Finance department5New-AdaptiveScope `6-Name "Finance-AdaptiveScope" `7-AdaptiveScopeType User `8-LocationType User `9-FilterExpression 'Department -eq "Finance"'10 11# Step 2 — Create a retention policy using the adaptive scope12New-RetentionCompliancePolicy `13-Name "Finance-7yr-Retention" `14-AdaptiveScopeLocation "Finance-AdaptiveScope" `15-Enabled $true16 17# Step 3 — Add a retention rule (7 years with disposition review)18New-RetentionComplianceRule `19-Name "Finance-7yr-Rule" `20-Policy "Finance-7yr-Retention" `21-RetentionDuration 2555 `22-RetentionDurationDisplayHint Days `23-ExpirationDateOption ModificationAgeInDays `24-RetentionComplianceAction KeepAndDelete25 26# Step 4 — List items awaiting review27Get-ComplianceRetentionEvent | Where-Object {28$_.EventStatus -eq "PendingDisposition"29} | Select Name, ContentMatchQuery, EventDateTimeConclusion
Effective data lifecycle management is a priority, especially in the age of AI. Through the tools offered by Microsoft Purview, you can protect, archive, and delete data while meeting legal requirements.
Next Steps
- Conduct a ROT data assessment.
- Configure adaptive scopes for dynamic policies.
- Integrate disposition reviews for safe and certified deletion.
Tip
Consult the official Microsoft Purview documentation to deepen your knowledge and optimize your configurations.
