New-RetentionComplianceRule

This cmdlet is available only in Security & Compliance PowerShell. For more information, see Security & Compliance PowerShell.

Use the New-RetentionComplianceRule cmdlet to create new retention rules in the Microsoft Purview compliance portal.

For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax.

Syntax

New-RetentionComplianceRule
   -ApplyComplianceTag <String>
   -Policy <PolicyIdParameter>
   [-ContentContainsSensitiveInformation <PswsHashtable[]>]
   [-Confirm]
   [-ContentMatchQuery <String>]
   [-ExpirationDateOption <String>]
   [-IRMRiskyUserProfiles <String>]
   [-MachineLearningModelIDs <MultiValuedProperty>]
   [-PriorityCleanup]
   [-RetentionComplianceAction <String>]
   [-WhatIf]
   [<CommonParameters>]
New-RetentionComplianceRule
   [-Name] <String>
   -Policy <PolicyIdParameter>
   [-Comment <String>]
   [-ExcludedItemClasses <MultiValuedProperty>]
   [-RetentionDuration <Unlimited>]
   [-RetentionDurationDisplayHint <HoldDurationHint>]
   [-Confirm]
   [-ContentMatchQuery <String>]
   [-ExpirationDateOption <String>]
   [-PriorityCleanup]
   [-RetentionComplianceAction <String>]
   [-WhatIf]
   [<CommonParameters>]
New-RetentionComplianceRule
   -Policy <PolicyIdParameter>
   -PublishComplianceTag <String>
   [-Confirm]
   [-ExpirationDateOption <String>]
   [-PriorityCleanup]
   [-RetentionComplianceAction <String>]
   [-WhatIf]
   [<CommonParameters>]

Description

The retention rule must be added to an existing retention policy using the Policy parameter. Only one rule can be added to each retention policy.

To use this cmdlet in Security & Compliance PowerShell, you need to be assigned permissions. For more information, see Permissions in the Microsoft Purview compliance portal.

Examples

Example 1

New-RetentionComplianceRule -Name InternalCompanyRule -Policy "Internal Company Policy" -RetentionDuration Unlimited

This example creates a new case hold rule named InternalCompanyRule and adds it to the existing case hold policy named "Internal Company Policy". Content will be held indefinitely.

Example 2

New-RetentionComplianceRule -Name SeptOneYear -Policy "Internal Company Policy" -RetentionDuration 365 -RetentionComplianceAction KeepAndDelete -ExpirationDateOption ModificationAgeInDays

This example creates a new retention rule named SeptOneYear and adds it to the existing retention policy named "Internal Company Policy". Content will be held for one year from the day content was last modified before it is deleted.

Parameters

-ApplyComplianceTag

The ApplyComplianceTag parameter specifies the label that's applied to email messages or documents by the rule (which affects how long the content is retained). A valid value for this parameter is the name of an existing label. If the value contains spaces, enclose the value in quotation marks.

You view and create labels by using the Get-ComplianceTag and New-ComplianceTag cmdlets.

You can't use this parameter with the Name or PublishComplianceTag parameters.

You can't use this parameter for Teams retention rules.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance

-Comment

The Comment parameter specifies an optional comment. If you specify a value that contains spaces, enclose the value in quotation marks ("), for example: "This is an admin note".

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance

-Confirm

The Confirm switch specifies whether to show or hide the confirmation prompt. How this switch affects the cmdlet depends on if the cmdlet requires confirmation before proceeding.

  • Destructive cmdlets (for example, Remove-* cmdlets) have a built-in pause that forces you to acknowledge the command before proceeding. For these cmdlets, you can skip the confirmation prompt by using this exact syntax: -Confirm:$false.
  • Most other cmdlets (for example, New-* and Set-* cmdlets) don't have a built-in pause. For these cmdlets, specifying the Confirm switch without a value introduces a pause that forces you acknowledge the command before proceeding.
Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance

-ContentContainsSensitiveInformation

The ContentContainsSensitiveInformation parameter specifies a condition for the rule that's based on a sensitive information type match in content. The rule is applied to content that contains the specified sensitive information type.

This parameter uses the basic syntax @(@{Name="SensitiveInformationType1";[minCount="Value"],@{Name="SensitiveInformationType2";[minCount="Value"],...). For example, @(@{Name="U.S. Social Security Number (SSN)"; minCount="2"},@{Name="Credit Card Number"}).

Use the Get-DLPSensitiveInformationType cmdlet to list the sensitive information types for your organization. For more information on sensitive information types, see What the sensitive information types in Exchange look for.

You can use this parameter with the ApplyComplianceTag parameter.

You can't use this parameter for Teams retention rules.

Type:PswsHashtable[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance

-ContentMatchQuery

The ContentMatchQuery parameter specifies a content search filter.

This parameter uses a text search string or a query that's formatted by using the Keyword Query Language (KQL). For more information, see Keyword Query Language (KQL) syntax reference and Keyword queries and search conditions for eDiscovery.

You can't use this parameter for Teams retention rules.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance

-ExcludedItemClasses

The ExcludedItemClasses parameter specifies the types of messages to exclude from the rule. You can use this parameter only to exclude items from a hold policy, which excludes the specified item class from being held. Using this parameter won't exclude items from deletion policies. Typically, you use this parameter to exclude voicemail messages, IM conversations, and other Skype for Business Online content from being held by a hold policy. Common Skype for Business values include:

  • IPM.Note.Microsoft.Conversation
  • IPM.Note.Microsoft.Conversation.Voice
  • IPM.Note.Microsoft.Missed
  • IPM.Note.Microsoft.Missed.Voice
  • IPM.Note.Microsoft.Voicemail
  • IPM.Note.Microsoft.VoiceMessage.UA
  • IPM.Note.Microsoft.Voicemail.UM
  • IPM.Note.Microsoft.Voicemail.UM.CA

Additionally, you can specify message classes for Exchange items and custom or third-party message classes. Note that the values you specify aren't validated, so the parameter accepts any text value.

You can specify multiple item class values by using the following syntax: "Value1","Value2",..."ValueN".

You can't use this parameter for Teams retention rules.

Type:MultiValuedProperty
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance

-ExpirationDateOption

The ExpirationDateOption parameter specifies whether the expiration date is calculated from the content creation date or last modification date. Valid values are:

  • CreationAgeInDays
  • ModificationAgeInDays

You can't use this parameter for Teams retention rules.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance

-IRMRiskyUserProfiles

{{ Fill IRMRiskyUserProfiles Description }}

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance

-MachineLearningModelIDs

This parameter is reserved for internal Microsoft use.

Type:MultiValuedProperty
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance

-Name

The Name parameter specifies a unique name for the retention rule. If the value contains spaces, enclose the value in quotation marks.

You can't use this parameter with the ApplyComplianceTag or PublishComplianceTag parameters.

Type:String
Position:1
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance

-Policy

The Policy parameter specifies the policy to contain the rule.

Type:PolicyIdParameter
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance

-PriorityCleanup

{{ Fill PriorityCleanup Description }}

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance

-PublishComplianceTag

The PublishComplianceTag parameter specifies the label that's published for the rule, which makes the label visible to users in apps (for example, Outlook, SharePoint, and OneDrive). A valid value for this parameter is the name of an existing label. If the value contains spaces, enclose the value in quotation marks.

You view and create labels by using the Get-ComplianceTag and New-ComplianceTag cmdlets.

You can't use this parameter in the following scenarios:

  • With the Name or ApplyComplianceTag parameters.
  • For Teams retention rules.
  • With cloud attachment policies.
Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance

-RetentionComplianceAction

The RetentionComplianceAction parameter specifies the retention action for the rule. Valid values are:

  • Delete
  • Keep
  • KeepAndDelete

If you don't use this parameter, the retention policy is created as an "UniH" policy instead of a "mbx" policy.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance

-RetentionDuration

The RetentionDuration parameter specifies the hold duration for the retention rule. Valid values are:

  • An integer: The hold duration in days.
  • Unlimited: The content is held indefinitely.
Type:Unlimited
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance

-RetentionDurationDisplayHint

The RetentionDurationDisplayHint parameter specifies the units that are used to display the retention duration in the Microsoft Purview compliance portal. Valid values are:

  • Days
  • Months
  • Years

For example, if this parameter is set to the value Years, and the RetentionDuration parameter is set to the value 365, the Microsoft Purview compliance portal will display 1 year as the content hold duration.

You can't use this parameter for Teams retention rules.

Type:HoldDurationHint
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance

-WhatIf

The WhatIf switch doesn't work in Security & Compliance PowerShell.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance