When you enable Microsoft Copilot in your Microsoft 365 tenant, you expect it to generate accurate answers based on your organizational data. But if your tenant uses legal hold or retention policies, Copilot may return incomplete, outdated, or no results for content that is under hold. This happens because Copilot respects the same data access boundaries as the user, and legal hold does not automatically grant Copilot access to preserved content. This article explains how retention policies and legal holds interact with Copilot search and grounding, and how to configure data sources so Copilot can read held content when needed.
Key Takeaways: How Legal Hold and Retention Policies Affect Copilot
- Microsoft 365 admin center > Settings > Copilot > Data sources: Controls which Microsoft Graph data Copilot can read for grounded responses.
- Microsoft Purview compliance portal > Data lifecycle management > Retention policies: Defines how long content is kept and when it is deleted.
- Legal hold vs retention policy: A legal hold preserves content indefinitely and prevents edits, while a retention policy can delete content after a set time.
Why Copilot May Not Find Content Under Legal Hold
Copilot uses Microsoft Graph to index and retrieve data from Exchange Online, SharePoint Online, OneDrive for Business, and Microsoft Teams. When a user asks a question, Copilot searches only the content that the user has permission to read. A legal hold does not change the underlying permissions on the content. It simply prevents the content from being permanently deleted or modified.
If a user was not granted explicit read access to a mailbox or site before the hold was applied, Copilot cannot see that content. This is a common source of confusion. Administrators often assume that placing a hold on a mailbox gives all users or Copilot access to that mailbox. That assumption is incorrect. The hold only preserves the data. Access is still controlled by the same permission model that existed before the hold.
How Retention Policies Differ From Legal Holds
A retention policy in Microsoft Purview can either keep content for a set period or delete it after that period. A legal hold, on the other hand, keeps content indefinitely and prevents any deletion. Both features preserve content, but only retention policies can be configured to delete content automatically. Legal holds do not delete anything.
From Copilot’s perspective, retention policies do not block access. If a user has read permission to a document that is covered by a retention policy, Copilot can index and return that document. The same is true for legal holds. The hold itself does not create a permission barrier. The barrier is always the user’s existing access level.
Configuring Data Sources So Copilot Can Read Held Content
To make sure Copilot can answer questions about content under legal hold or retention policies, you must verify that the relevant data sources are connected and that the user asking the question has the correct permissions. Follow these steps.
- Open the Microsoft 365 admin center
Go to admin.microsoft.com and sign in with a Global Administrator or Copilot Administrator role. - Navigate to Copilot settings
In the left navigation, select Settings then Org settings. Scroll down and click Copilot. - Review the Data sources tab
Click the Data sources tab. Here you see which Microsoft Graph connectors are enabled. For content under legal hold, ensure that Exchange Online, SharePoint Online, and OneDrive for Business are toggled on. - Verify user permissions on held content
Open the Microsoft Purview compliance portal at compliance.microsoft.com. Go to Data lifecycle management then Microsoft 365 then Retention. Identify the policy that applies to the content you want Copilot to read. Note the scope: it will list specific users, sites, or groups. For each user who needs Copilot to see that content, confirm they have at least Read permission on the mailbox or site. In Exchange Online, this is done via mailbox folder permissions. In SharePoint, it is done via site permissions or sharing. - Test with a specific query
Open Copilot in Microsoft Teams or at copilot.microsoft.com. Ask a question that references a specific document or email that is under hold. For example: “Show me the email from John Smith about the legal case from March 2023.” If Copilot returns no results, the user likely lacks read access to that specific content.
What to Do If Copilot Still Cannot Find Held Content
If you have confirmed that the user has read access and the data sources are enabled, the issue may be indexing latency. When a legal hold is applied, the content is preserved but the index may take up to 24 hours to refresh. Wait one day and test again. If the problem persists, check the Microsoft 365 service health dashboard for any ongoing issues with Microsoft Graph search.
Common Misconceptions and Edge Cases
“Legal hold automatically grants Copilot access to all held content”
This is false. Legal hold only prevents deletion and modification. It does not change the permission model. Copilot respects the same access control lists that apply to the user. If the user could not read the content before the hold, they cannot read it after the hold.
“Retention policies block Copilot from indexing content”
This is also false. Retention policies store content in a hidden preservation hold library, but Copilot can still index that content as long as the user has read permission. The retention policy does not create a separate permission boundary.
“Copilot can read content from a mailbox that is on hold even if the user is not a delegate”
This is false. Copilot uses the user’s identity to search. If the user is not a delegate or does not have explicit folder-level read permission, Copilot cannot see the mailbox content. To allow Copilot to search a held mailbox, add the user as a delegate with at least Reviewer role, or grant the user Full Access to the mailbox.
| Item | Legal Hold | Retention Policy |
|---|---|---|
| Purpose | Preserve content indefinitely for litigation | Manage content lifecycle and compliance |
| Deletion behavior | Never deletes content | Can delete content after a set period |
| Permission impact | No change to existing permissions | No change to existing permissions |
| Copilot access | Requires user read permission on the content | Requires user read permission on the content |
| Configuration location | Purview > eDiscovery > Legal hold | Purview > Data lifecycle management > Retention policies |
| Indexing delay | Up to 24 hours after hold is applied | No delay beyond normal indexing |
You can now configure Copilot data sources and user permissions so that Copilot can answer questions about content under legal hold or retention policies. Next, audit the permissions on your most critical held mailboxes and sites. Add the relevant users as delegates or site members if needed. For advanced scenarios, use Microsoft Purview eDiscovery to search held content directly and verify that the data is accessible before relying on Copilot.