Microsoft AB-900 Exam - Topic 3 Question 3 Discussion

The correct answer is D. Data Lifecycle Management. Microsoft Learn states that Microsoft Purview retention policies and retention labels, managed under Data Lifecycle Management, support three core outcomes: retain-only, delete-only, and retain and then delete. The requirement in this question is exact: keep email for seven years and then permanently delete it. That is a textbook retain and then delete retention configuration, which Microsoft documents as part of Purview's retention capabilities. Microsoft also recommends using Microsoft 365 retention policies and labels for retaining and deleting emails rather than relying on older Exchange-only approaches in most modern compliance scenarios.

The other options do not meet the requirement. Information Protection focuses on labeling and protecting sensitive information. Insider Risk Management is used to detect and investigate risky user behavior. Data Loss Prevention helps prevent inappropriate sharing or exfiltration of sensitive data. None of those are designed to enforce a timed seven-year retention period followed by automatic permanent deletion. The Microsoft Purview solution explicitly built for that lifecycle requirement is Data Lifecycle Management.