What does this mean?

At first glance, this may appear to be a routine platform update. In practice, if you have been using any of these features, it introduces a major compliance gap, which has significant costs to remediate.  

Microsoft will not be providing support for organisations to migrate their records management controls to Purview, their new preferred platform. They will cease any support in April, and will gradually remove the user interfaces for the features. You will need to have completed migration before this happens.  

Your existing automated policies will need to be rebuilt, redesigned, and reimplemented entirely, and the costs to undertake this may not be clear ahead of time.

So what is the true cost of rebuilding records management inside Microsoft 365 with Purview, compared to rethinking the governance model altogether?

Key points

• What are the hidden costs of rebuilding your records management
• Is migration the right response to the problem
• How to reduce long-term compliance exposure

The Real Cost of Rebuilding Governance Inside Microsoft 365

For organisations currently using SharePoint’s records compliance tools, the April retirement does not simply remove a feature. It disconnects the mechanisms that underpin retention, disposal and governance across Microsoft 365. When these tools are retired, existing policies do not automatically transfer into the modern environment. They must be rebuilt, reconfigured and reapplied.

What you will need to rebuild

The two main capabilities recommended by Microsoft to replace the deprecated features are:

• Microsoft Purview Data Lifecycle Management (DLM) for retention policies/labels at workload or item level
• Microsoft Purview Records Management for event‑based retention, disposition, proof of deletion, and advanced recordkeeping controls.

But there is not a one-to-one replacement for your current controls. For example:

‍

To replace your information management policies, you mayneed to set up Data Lifecycle Management, and/or PowerAutomate toroute records, and/or Audit for logging, and/or Sensitivity Labels forcontent marking.

What it is likely to cost (and how long it will take)

The costs of this change apply in three categories:

Licensing deltas for E5. If you already have E5, the incremental license cost may be up to AUD$20/£10 per user per year (for edgecases/add‑ons).

If you’re on E3, you will need to move all staff to E5. You can’t just continue to have power users on E5, if all staff aremaking records. Costs for this will depend on your rate card with Microsoft.

Professional or internal services. There is significant work required to rebuild everything in Purview, which needs to be done by Microsoft experts. Mid-sized organisations should budget for AUD $150,000-500,000/ £80,000-£250,000.

Change, testing and adoption. Purview records management requires a significant amount of oversight and ongoing update, with sentencing needing to be managed either by records managers centrally, distributed to users to apply themselves. Based on Microsoft’s migration advice, you should plan (and budget) for several rounds of consultation, training, and UAT. A sensible budget for this may be between AUD$50,000 and $300,000 / £25,000 and £150,000 in materials, clinics, and testing support.  

Please Note: While these figures represent expert modelling of the 2026 SharePoint retirement impact, they are intended for informational and strategic planning purposes only. Organisations should conduct their own internal audits to determine exact costs based on their unique data environment and licensing.

The challenge is not just the total cost, but where the budget is spent. Much of it is absorbed by staff time, consulting and rework as legacy complexity emerges. In many cases, organisations may invest months of effort and significant budget simply to return to the governance position they were already in before the retirement.

While this work is underway, internal teams are pulled away from higher-value priorities, transformation programs can slow and risk increases while systems are in transition.

Additional resources: https://www.cio.com/article/4082100/navigating-microsoft-project-online-retirement-risks-costs-and-strategic-opportunities.html  

Why This Is Not Just ‘Copy and Paste’

Rebuilding records management is rarely a straightforward exercise.

Policy mapping is complex and often manual. Retention and disposal rules must be redefined and tested. Tagging frequently relies on human intervention, increasing administrative overhead and the likelihood of inconsistency.

This creates what is often referred to as a migration gap. A period where information exists without consistent classification or policy enforcement.

During this gap, data can become:

• Unclassified, limiting visibility into sensitive information or regulated information  
• Ungoverned, increasing the risk of inappropriate access, retention or disposal
• Static, contributing to the growth of dark data with associated cost and risk

Making this change is not simply an administrative inconvenience. It represents a period of high organisational risk, where information may be partially governed or not governed at all while policies are rebuilt.

One way to reduce this exposure is to avoid rebuilding governance inside a single platform altogether. With an in-place governance model, policies can be applied to data where it already resides. Using automated classification with reliable, Explainable AI, information can be indexed and governed immediately, without requiring any policy migration or manual re-tagging. And not just in M365, but consistently, across all systems.

A Different Philosophy: Automated Enterprise Governance

Rather than rebuilding governance inside Microsoft 365, many organisations have taken a different approach.

Manage-in-place enterprise records governance treats compliance as a layer that sits above all systems, rather thanbeing embedded and limited within a single platform. Policies are defined once, and applied consistently across all repositories.

This model reduces reliance on vendor end-of-support lifecycles like this one. As collaboration tools like M365 evolve or retire key features, governance does not need to be rebuilt each time. The underlying policies remain intact, and are uninterrupted. Positioned this way, compliance becomes a capability, rather than a recurring project.

Castlepoint: continuity without rebuild

Castlepoint enables organisations to define records and compliance policies once. Those policies apply across Microsoft 365, and beyond, even if those systems have major changes.

Using Castlepoint, there is no requirement to migrate to Purview records management or rebuild your policies from scratch. Records compliance continues uninterrupted, without the need for an extended rebuild program or a re-engineering effort that can cost up over AUD $2M or £1M.

This approach avoids disruption and limits exposure and has significant cost savings. It does not require a high workload for your internal teams, or engagement of any consultants. And it delivers a more comprehensive capability, across the whole network.

The bottom line

Rebuilding your existing policies in Purview comes with significant upfront and ongoing costs, both in expanded E5 licensing, and the specialist effort required to redesign, reimplement, and continuously manage rules.

By contrast, Castlepoint can be deployed and operated for multiple years for less than the cost of a single Purview rules‑migration project, while delivering amore comprehensive and sustainable compliance capability. Because it governs information in place, across all systems (not just M365), Castlepoint avoids the repeated rebuild cycles associated with Microsoft platform changes, saving substantial time and budget and reducing long‑term exposure to future M365 deprecations.

Your next steps

Key considerations ahead of the April 1st deadline:

• Understand your exposure: Identify which records and retention policies currently rely on legacy SharePoint compliance tools.
• Assess the true effort: Look beyond the technical task and consider the staff time, consulting support, and disruption required to rebuild governance inside Microsoft 365 with Purview.
• Account for transition risk: Consider the governance gaps that can emerge between April 1, and when your policies are finally rebuilt, tested, and deployed, and your records are reclassified.
• Think beyond the immediate deadline: Evaluate whether rebuilding governance for this year’s change also prepares you for the next platform shift.

For organisations reviewing their approach, this is an opportunity to step back and consider whether governance should remain tied to individual platforms or treated as a capability that persists as tools change.

The real question is not how to respond to this April deadline, but whether governance should be rebuilt every time a platform changes direction. Recreating yesterday’s compliance model may address today’s requirement, but it does not reduce exposure to the next change.

Contact us if you want to see how organisations like yours have been using Castlepoint for their complete enterprise automated records compliance since 2018, and to see the platform in action.

‍

Explore our case studies

AI-Powered Data Governance for a Government Health Agency

Enterprise Records Governance for a National Law Enforcement Agency

Protecting Sensitive Digital Records for an Online Safety Regulator‍