I will admit to being taken aback when I first saw Microsoft’s description of this new Purview feature:

Announced in MC971035 (3 January 2025, Microsoft 365 roadmap item 392838) the Purview Priority Cleanup solution is described in as a “new secure workflow to bypass legal holds and retention policies” that allows “administrators to expedite the permanent deletion of sensitive content from Microsoft Exchange [Online] mailboxes, overriding any existing retention settings or eDiscovery holds.” In other words, Priority Cleanup can remove items from mailboxes even if those items are subject to holds imposed by retention labels, retention policies, or eDiscovery cases.

Like any good eDiscovery person, my mind immediately jumped to some dark places. Spoliation, anyone?

Why would Microsoft provide a workaround to delete data from Exchange mailboxes subject to a hold policy?

As it turns out, I had a conversation since then with someone in charge of security who mentioned getting hit with an extensive phishing campaign targeting many of their users and taking steps to remove the phishing message from the mailboxes.

Did it hit you like it hit me?

That’s why removing items from a mailbox might be appropriate even when it’s subject to a hold!

Once again, we see the challenge with large environments: Different stakeholders have different requirements. This is Microsoft attempting to balance that need between retention, eDiscovery, and security.

From my eDiscovery perspective, the real question is, did they make it safe to use?

The short answer is yes. There is minimal risk of someone trying to work around a hold or retention policy and delete relevant information. It would take a number of people to conspire together to accomplish that. (It's still possible but harder to pull off.)

After spending some time trying to set up a priority cleanup policy, I dare say that Microsoft made it quite challenging to misuse this tool. It is so difficult that I wonder if they might have made it too difficult for many to use!

There are several checks and balances and some significant limitations, so let’s get into some of the details: