MICROSOFT PARTNER MICROSOFT 365 MICROSOFT PARTNER OFFICE MICROSOFT PARTNER WINDOWS MICROSOFT PARTNER SQL SERVER MICROSOFT PARTNER WINDOWS SERVER MICROSOFT PARTNER PROJECT MICROSOFT PARTNER VISIO ALL IN 1 PLACE

E3 Compliance: Retention Policies & Basic DLP Explained

June 15, 2025

In today’s regulatory-heavy world, compliance is no longer a luxury, it’s a mandate. From GDPR and HIPAA to SOX and CCPA, organizations face increasing pressure to manage data responsibly and protect sensitive information.

If you’re using or considering Microsoft 365 E3, you’re likely asking:

“Does E3 offer enough compliance capabilities for my business?”

The answer is yes, with some limitations. Microsoft 365 E3 includes essential compliance features such as retention policies, basic data loss prevention (DLP), and audit logging. While it doesn’t offer the full suite found in E5, E3 is a powerful mid-tier compliance solution for most companies.

Let’s dive into what E3 offers and how to configure it to meet your regulatory needs.

Understanding Compliance in Microsoft 365 E3

Before diving into features, let’s clarify what “compliance” entails in E3:

Data governance: How long you retain data and when it gets deleted.
Information protection: Preventing accidental or unauthorized data sharing.
Audit and investigation: Tracking user activity for compliance and security.
Policy enforcement: Automating rules that match regulatory needs.

E3 balances usability and compliance, perfect for SMBs and enterprises that don’t need advanced eDiscovery or insider risk management tools.

Feature Overview: Compliance Tools in E3

Feature	Included in E3	Purpose
Retention Policies		✅	Keep or delete content on a schedule
Basic DLP (Data Loss Prevention)		✅	Prevent sharing of sensitive info
Content Search	✅	Find data across mailboxes, Teams, and OneDrive
eDiscovery (Standard)	✅	Case-based search and export
Audit Logs (Standard)	✅	Monitor user activity for compliance
Information Protection (Sensitivity Labels)	✅	Manually classify and protect content
Communication Compliance	❌	Not available in E3
Advanced eDiscovery	❌	E5 only
Customer Lockbox	❌	E5 only
Insider Risk Management	❌	E5 only

🧠 Note: You can add individual E5 compliance capabilities to E3 via Microsoft 365 Compliance add-ons.

Retention Policies in Microsoft 365 E3

What Are Retention Policies?

Retention policies let you keep or delete content based on:

Age (e.g., delete emails older than 7 years)
Keywords or sensitivity labels
Location (Exchange, SharePoint, Teams, OneDrive)

Use Cases

Legal Compliance: Keep emails for 7 years to satisfy financial regulations
Storage Management: Delete Teams chats older than 90 days
Data Privacy: Automatically purge personal data after 2 years

How to Set Up a Retention Policy

Go to the Microsoft Purview compliance portal
Navigate to Data lifecycle management > Microsoft 365 retention
Click + Create a policy
Choose the locations (e.g., Exchange, SharePoint)
Set your retention duration and action (keep/delete)
Name and publish your policy

🔒 Tip: E3 supports single-stage retention policies. Two-stage policies (retain then delete) require an E5 license.

Basic Data Loss Prevention (DLP) in E3

What Is DLP?

DLP in E3 allows you to:

Monitor and restrict sensitive info (like SSNs, credit card numbers)
Warn users before they share regulated data
Block or audit certain email/file behaviors

Examples of Sensitive Info Types

U.S. Social Security Numbers
Credit card numbers (PCI-DSS compliance)
EU Personal Identifiable Information (PII)
Financial data (IBAN, ABA routing numbers)

How to Set Up a DLP Policy

Go to Microsoft Purview compliance portal
Choose Data loss prevention > Policy
Click Create policy
Choose template (e.g., GDPR, Financial data)
Define:
- Locations (Exchange, OneDrive, Teams)
- Conditions (e.g., content contains 3+ SSNs)
- Actions (e.g., block sharing, notify user)
Customize end-user notifications and policy tips
Review and publish

Testing & Simulation

E3 lets you simulate policies before enforcing them:

Shows you what would have triggered enforcement
Useful to minimize false positives

eDiscovery (Standard): Legal Hold & Search

What Can You Do with eDiscovery in E3?

Create cases to group content searches and exports
Apply legal holds to specific users or groups
Search and export content from Exchange, SharePoint, OneDrive, Teams

What You Can’t Do in E3

Review sets
Custom tagging for documents
Predictive coding or machine learning

For these, you’ll need eDiscovery (Premium) included in E5.

Sensitivity Labels in E3

E3 allows manual classification of files/emails with labels like:

Confidential – Internal Only
Public – Shareable
Private – Encrypted

Users apply them in Outlook, Word, Excel, etc. Admins define labels in the compliance portal.

Optional Protections

Encryption (viewable only by org members)
Watermarking (adds visual cues to documents)
Headers/footers for printed info

⚠️ Note: Auto-labeling based on content or conditions is only in E5.

Real-World Use Case: SMB Compliance Scenario

Let’s consider a 150-user finance firm using M365 E3.

Challenge

Retain all emails for 7 years (FINRA requirement)
Prevent accidental sharing of financial data
Ensure compliance audit logs are available

Solution with E3

Retention policy on Exchange
DLP rules for financial info
Basic eDiscovery for audits
Audit log search for user activity

💡 Savings: Instead of buying third-party DLP or archive tools, E3 covers 80% of compliance needs? built-in and cost-effective.

Final Thoughts

Microsoft 365 E3 is more than just email and Office apps, it’s a compliance framework for modern businesses. With the ability to:

Apply retention and deletion policies
Prevent data loss with DLP
Support audit and discovery needs
Classify content with sensitivity labels

…it delivers essential governance and regulatory control without premium costs.

Ready to Strengthen Compliance with Microsoft 365 E3?

Explore licensing options, retention templates, and pre-configured DLP bundles all tailored to your compliance priorities.

Microsoft 365 E3 Enterprise

Buy Now →

Microsoft 365 E5 Enterprise