Storage issues in Microsoft 365 are not just about capacity, but also about compliance. The same files that are consuming your storage quota may be subject to legal retention obligations or regulatory requirements that dictate exactly how long they must be kept and when they can be deleted. Get this wrong and the consequences are not just a full storage quota — they are potential regulatory breaches.
This post covers how Microsoft Purview retention policies interact with your storage, what GDPR means practically for data held in SharePoint and OneDrive, and how to approach compliance without making your storage problem worse.
Series: Managing Storage in Microsoft 365 — Part 3 of 4. This post covers compliance, retention policies, and GDPR. Part 1 covers storage fundamentals and version history. Part 2 covers archiving and backup. Part 4 covers storage governance and the bigger picture.
Why Retention Policies Affect Storage
Microsoft Purview retention policies are designed for compliance. They ensure that content is kept for a minimum period, deleted after a maximum period, or both. From a storage perspective, however, they have a direct and sometimes unexpected impact.
When a retention policy applies to a SharePoint site or OneDrive account, it does two things relevant to storage:
It prevents deletion. Content covered by a retention policy generally cannot be permanently deleted until retention requirements have been met, even if a user deletes it, even if an admin tries to remove it, and critically, even if an automated version trimming script tries to clean it up. The content is moved to the Preservation Hold Library, a hidden library within the site that counts toward your storage quota but is invisible to most users. Similar preservation mechanisms exist for OneDrive content subject to retention, although administrators most commonly encounter the Preservation Hold Library when investigating SharePoint storage consumption.
It preserves versions before modification. Purview preserves the pre-modification version of retained content in the Preservation Hold Library before allowing changes to occur. Over time, on active sites with broad retention policies, this library can grow significantly.
The practical consequence: you may be paying for storage consumed by compliance-preserved content that users cannot see, administrators cannot remove, and storage reports do not immediately explain.
Storage Impact at a Glance
The four main Microsoft 365 storage and compliance capabilities each affect your storage differently:
| Capability | Purpose | Storage Impact |
|---|---|---|
| Version History | Recover document changes | Increases storage |
| Retention Policy | Meet compliance obligations | Increases storage |
| Archive | Reduce active storage costs | Changes billing model |
| Backup | Recover from data loss | Additional service cost |
Understanding which of these is driving consumption on a given site is the starting point for any effective storage remediation.
The Preservation Hold Library
The Preservation Hold Library is created automatically when a retention policy is applied to a site. It is not visible in the normal site navigation and does not appear in the document library list for standard users.
The Preservation Hold Library is a hidden system library intended for compliance operations. Access is restricted and typically requires SharePoint or Purview administrative permissions — site owners often cannot browse it through normal means.
To check whether a Preservation Hold Library exists on a site and how many items it contains:
$clientId = ""
Connect-PnPOnline -Url "https://tenantName.sharepoint.com/sites/siteName" -ClientId $clientId -Interactive
$list = Get-PnPList -Identity "Preservation Hold Library" -ErrorAction SilentlyContinue
if ($list) {
$items = Get-PnPListItem -List "Preservation Hold Library" -PageSize 500
Write-Host "Preservation Hold Library found. Item count: $($items.Count)"
} else {
Write-Host "No Preservation Hold Library found on this site"
}Content in the Preservation Hold Library generally cannot be manually deleted while a retention policy is active. It will only be cleared when the retention period expires and Purview's disposal process runs.
Version History and Retention: The Conflict
As covered in Part 1 of this series, version history is the biggest contributor to unexpected storage growth. The problem becomes more complex when retention policies are in play.
When you run a version trimming operation — whether via the built-in Intelligent Versioning feature or a PnP PowerShell script — retained versions cannot be removed until retention requirements have been satisfied. Retention policies can significantly reduce the effectiveness of version trimming because of this constraint.
This means:
- A broad retention policy covering an entire SharePoint site will limit version trimming across all content in that site
- The more active the site, the more versions accumulate, and the more storage is consumed by content that cannot yet be removed
- Storage reports will show high consumption on sites that appear to have few documents — the retained versions are the problem
Standard SharePoint storage reports do not always make the contribution of retained content immediately obvious, which is why retention policies are often overlooked during storage investigations.
The resolution is not to remove retention policies, which may be a legal or regulatory requirement, but to scope them more precisely. A retention policy that covers only specific content types, specific libraries, or content with specific metadata labels will leave the remainder of the site's content eligible for version trimming.
Microsoft Purview Retention: Key Concepts for Storage Management
Understanding how Purview retention works helps you design policies that meet compliance requirements without creating unnecessary storage overhead.
Retention labels vs retention policies
Retention policies apply broadly — to an entire site, a OneDrive account, or all content of a particular type across the tenant. Retention labels are applied to individual items, either manually by users or automatically based on conditions such as content type, keywords, or sensitive information types.
From a storage optimisation perspective, label-based retention is often more efficient because it allows retention to be targeted at specific records rather than entire locations. If only specific documents need to be retained — contracts, HR records, financial reports — applying labels to those items rather than a blanket policy to the entire site means version trimming remains available for the majority of content.
Disposition review
When a retention period expires, Purview can trigger a disposition review rather than automatically deleting content. This is appropriate for high-value records but generates ongoing administrative overhead if applied to routine content. For storage management, automatic disposal at end of retention period is more efficient for content that does not require human review.
Adaptive policy scopes
Purview now supports adaptive policy scopes — policies that dynamically include or exclude content based on attributes such as department, site classification, or sensitivity label. This allows you to build retention policies that follow the content rather than the location, which can be more accurate and produces less storage overhead than location-based policies applied to entire sites. For example, an adaptive scope could automatically apply a seven-year retention policy to all sites classified as Finance while excluding Project and Collaboration sites from the same policy.
GDPR and the Right to Erasure
GDPR introduces a specific challenge for SharePoint and OneDrive storage: the right to erasure, also known as the right to be forgotten. When an individual submits a valid erasure request, your organisation must delete their personal data — but retention policies may prevent you from doing so.
GDPR guidance is generally clear that legal retention obligations take precedence over erasure requests where a lawful basis for retention exists. If content is subject to a statutory retention requirement — employment records, financial records, legal correspondence — a valid retention obligation provides a lawful basis to retain the data despite an erasure request. Legal holds and ongoing litigation may also provide a lawful basis for retaining content that would otherwise be subject to erasure.
However, where no such obligation exists, content must be deleted. This creates a practical requirement to know:
- What personal data you hold and where it is
- Whether any retention policy applies to it
- Whether that retention policy reflects a genuine legal obligation or is simply a broad policy applied without specific justification
Data subject access requests (DSARs)
DSARs require you to identify and provide all personal data held about an individual within a defined timeframe. Microsoft Purview Content Search and eDiscovery tools can help locate personal data across SharePoint and OneDrive, but they require your content to be properly indexed and your metadata to be structured enough to support targeted searches.
Unstructured, poorly tagged content in SharePoint makes DSAR compliance significantly harder and more time-consuming. This is one of the compliance arguments for maintaining good metadata hygiene — not just for findability but for your ability to respond accurately and within the regulatory deadline.
Retention and Copilot
Retention policies preserve content that remains discoverable through Microsoft 365 search and eDiscovery even after users believe it has been deleted. That content may also continue to be available to Microsoft 365 Copilot, subject to permissions and the way Copilot retrieves content.
This is becoming a significant governance discussion as Copilot adoption increases. If a user deletes a document believing it is gone, but a retention policy has preserved it in the Preservation Hold Library, that content remains within the information estate. The implications for information accuracy and risk management make this an area where retention policy scoping decisions have consequences beyond storage alone.
Sensitive Information and Auto-Labelling
Microsoft Purview can automatically detect sensitive information types — credit card numbers, national ID numbers, health information — and apply sensitivity labels or retention labels to content that contains them. This is particularly relevant for storage management because it allows you to identify content that carries compliance obligations without relying on users to classify it correctly.
Auto-labelling policies can be configured in Purview → Information Protection → Auto-labelling. Once deployed, they scan SharePoint and OneDrive content and apply labels based on the conditions you define. Content that is auto-labelled with a retention label becomes subject to the associated retention policy automatically.
From a storage perspective, auto-labelling helps you move toward a model where only content that genuinely requires retention is covered by a retention policy — rather than applying broad policies to entire sites as a precaution.
Practical Recommendations
Audit your retention policies against your actual legal obligations. Many organisations apply retention policies that are broader than their legal requirements justify. A blanket seven-year retention policy on an entire SharePoint environment may satisfy one compliance requirement while creating significant storage and erasure complications elsewhere.
Scope policies to content types rather than locations where possible. Using retention labels applied to specific content types — contracts, invoices, HR records — rather than site-level policies gives you much more control over what is and is not subject to retention.
Check whether Preservation Hold Libraries exist on your sites. On sites with active retention policies, the Preservation Hold Library may be accumulating significant item counts. Understanding which sites have active holds is essential for accurate storage planning.
Document your retention schedule. A retention schedule that maps content types to retention periods, legal basis, and disposal method is both a compliance best practice and a storage management tool. Without it, you cannot make informed decisions about which policies to tighten, which to remove, or which content can be safely deleted.
Factor retention into version trimming decisions. Before running any version trimming operation, check whether the target site or library is covered by a retention policy. Trimming against retained content will not produce the storage savings you expect and may generate errors that are difficult to diagnose without knowing the policy context.
What Comes Next
Part 4 of this series brings together the storage fundamentals, archiving options, and compliance constraints covered in Parts 1–3 into a governance framework — covering how to build a storage management strategy that handles day-to-day consumption, integrates with Copilot for Microsoft 365, and scales as your organisation grows.