Microsoft 365 administrators need to verify that Copilot does not surface data that should be deleted or held under a retention policy. Copilot generates responses by grounding itself in Microsoft Graph data, which includes emails, documents, and chat messages. If a retention policy is misconfigured or Copilot bypasses it, sensitive expired data could appear in answers. This article explains how to confirm that Copilot respects retention holds and deletion schedules.
Key Takeaways: Verifying Copilot Retention Policy Compliance
- Microsoft Purview compliance portal > Data lifecycle management > Retention policies: Create and assign retention labels to enforce deletion or hold rules across Exchange, SharePoint, and OneDrive.
- Copilot grounding model: Copilot only reads data that is accessible via Microsoft Graph and that has not been permanently deleted or marked as expired by a retention policy.
- Test with a controlled document: Apply a retention label that deletes content after 1 day, then ask Copilot about that document to confirm it stops returning results after deletion.
How Retention Policies Interact with Copilot Grounding
Copilot does not have its own separate storage for user content. It retrieves data from the Microsoft Graph, which surfaces information from Exchange Online mailboxes, SharePoint Online sites, OneDrive for Business accounts, and Microsoft Teams chats. Retention policies in Microsoft Purview control how long that data lives before it is permanently deleted or preserved under a legal hold.
When a retention policy marks an item for deletion, the item is moved to the Purview preservation hold library or is permanently purged after the retention period ends. Copilot cannot access items that have been permanently deleted. Items under a retention hold remain visible to Copilot only if the user asking the question has permissions to view them. The key point is that Copilot respects the access controls and lifecycle state of the underlying data. If the data is gone, Copilot cannot return it.
Retention Labels vs Retention Policies
A retention policy applies rules to an entire location, such as all mailboxes in a department. A retention label is applied manually or automatically to individual items. Both types prevent permanent deletion of content that must be kept. Copilot treats both identically: if an item is under a retention hold and the user has access, Copilot can return it. If the item has reached its deletion date and is permanently removed, Copilot returns nothing.
Steps to Verify Copilot Respects Retention Policies
Follow these steps to create a controlled test environment and confirm that Copilot stops surfacing content after a retention policy deletes it.
- Create a test document with unique content
Open Word Online in your tenant and create a document containing a distinct phrase such as “Project X budget Q3 final approved”. Save the document to a SharePoint site or OneDrive folder that you control. Note the exact phrase for later queries. - Apply a retention label with a short deletion period
Go to the Microsoft Purview compliance portal atcompliance.microsoft.com. Select Data lifecycle management > Retention labels and create a new label. Set the retention period to 1 day and choose Delete items automatically. Publish the label to the SharePoint site or OneDrive location where your test document resides. Apply the label to the test document manually or via auto-labeling. - Ask Copilot about the document immediately
Open Copilot in Microsoft Teams or at copilot.microsoft.com while signed in with the same account. Type a question that includes the unique phrase, for example: “Show me the Project X budget Q3 final approved document.” Confirm that Copilot returns the document and its contents. - Wait for the retention period to expire
After 24 hours, the retention policy should delete the document. You can expedite the process by manually deleting the document from the SharePoint recycle bin after the label is applied. The retention policy will permanently remove the item from the preservation hold library. - Ask Copilot the same question again
After the deletion period, repeat the same query in Copilot. Copilot should return no results for that document. If it returns the document, the retention policy is not being enforced correctly, or the item is still in a preservation hold library. - Verify the item is gone from search
Use SharePoint search or Outlook on the web to search for the unique phrase. If the item appears in search, then Copilot may also return it. Check the retention policy configuration and ensure the label is set to delete, not just hold.
If Copilot Still Returns Deleted Content
Sometimes Copilot may appear to return content that should have been deleted. This usually happens for one of three reasons: the item is still in a preservation hold library, the retention label was applied incorrectly, or the item exists in another location that is not covered by the policy.
Copilot Returns Content That Should Be Under Retention Hold
If you applied a retention label that preserves content rather than deleting it, Copilot will still return that content. Retention holds keep items accessible to authorized users. To block Copilot from returning held content, you must remove the user’s permissions or use a different label that deletes the item. Alternatively, you can apply a sensitivity label that restricts access via Microsoft Purview Information Protection.
Copilot Returns Content from Other Locations
A user may ask about a topic that exists in multiple documents. Even if one copy is deleted by a retention policy, Copilot may return another copy from a different mailbox or site. To fully remove content from Copilot, you must ensure all copies are covered by the same retention policy or are deleted. Use the Microsoft Purview data map to identify all locations where the content resides.
Copilot Returns Content from a Preservation Hold Library
When a retention policy is applied, the item is moved to the preservation hold library before deletion. During the retention period, the item is still accessible. Only after the retention period ends and the item is permanently purged from the hold library will Copilot stop returning it. Check the Preservation hold library in the SharePoint site settings to see if the item is still present.
Retention Policy Behavior vs Copilot Grounding: Key Differences
| Item | Retention Policy Applied | Copilot Behavior |
|---|---|---|
| Item under retention hold | Preserved but not deleted | Returns content if user has access |
| Item deleted by retention policy | Permanently removed | Returns no content |
| Item in preservation hold library | Waiting for deletion | Returns content if user has access |
| Item manually deleted before retention label applied | Not covered by policy | Returns no content if permanently deleted |
| Item with retention label set to delete after 30 days | Deleted after 30 days | Returns content for 30 days, then stops |
Copilot does not have a special exemption from retention policies. It respects the lifecycle state of the data as managed by Microsoft Purview. The only way Copilot can return content that should be deleted is if the content still exists somewhere in the tenant and the user has permissions to see it. Administrators should regularly audit retention policy application using the Purview compliance portal and test with controlled queries to ensure Copilot behaves as expected.