Microsoft's dominance in the office applications market is undeniable - with Office 365 and Microsoft 365 (M365) powering millions of organisations worldwide, the company has established itself as the backbone of modern workplace productivity. Given this market position, one might expect Microsoft's Purview records management solution to enjoy similar widespread adoption, particularly as organisations increasingly seek integrated solutions within their existing Microsoft ecosystems.

Yet despite this natural advantage and the logical appeal of managing records within the same platform where they are created, Purview's uptake in the records management space tells a strikingly different story. Why has Microsoft's office suite supremacy failed to translate into success for its M365 records management offering, particularly in Government and highly regulated industries sectors?

It is surprising because in-place records management has been around since the mid-2000s, Purview itself has been available for nearly five years, and a number of enterprise document and records management system (EDRMS) vendors are offering significant integrations with M365 to support record-keeping.

More recently, professional associations such as RIMPA have developed education programs around Purview, and experts such as Andrew Warland have published detailed and practical guides to managing records in Microsoft 365. Yet despite these efforts, and despite the technology being available, the uptake of Purview for records management has been limited.

Surveys reinforce this sense of unease. A global study by IG World found that use of Purview for governance dropped from 50 percent to just 40 percent, with 94 percent reporting significant challenges and most using only a fraction of the available features. In some cases, the verdict was blunt: Purview, they said, is “crap for records management.”

Purview’s complexity and limitations

Part of the problem lies in the nature of Purview itself. Rather than being a unified, purpose-built records management application, Purview is a collection of tools - a Meccano set - that spans information governance, risk, security, and compliance. For a records manager accustomed to a structured and integrated model in an EDRMS, this can feel both overwhelming and underwhelming at the same time.

The functionality is there, but it is fragmented, technical, and often difficult to apply in a way that meets regulatory and evidentiary requirements. To manage records properly in Purview, one must first understand the complexities of M365’s underlying repositories, security configurations, and authentication processes. This is not knowledge that most records managers have, nor is it easy for them to get up to speed on.

Even when organisations do engage with Purview, several weaknesses quickly become apparent. Its object-centric model applies retention at the level of individual items, such as a single email or document, rather than at the aggregate level of cases, folders, or business transactions. This undermines the ability to maintain context, which is a fundamental principle of sound record-keeping.

Worse still, when records are deleted, Purview deletes their metadata, making it impossible to prove that the record ever existed or that it was destroyed in a compliant manner. For sectors that depend on defensibility - government, finance, energy - this is not a minor flaw; it is a critical failure.

Purview’s use of AI further complicates matters. While the promise of machine learning is attractive, in practice its trainable classifiers tend to apply labels at a very broad level, with little granularity.

This makes it difficult to know whether the correct retention schedule has been applied to any given record and can create compliance risks if high-value records are inadvertently treated as low-value. Instead of providing assurance, this broad-brush approach can undermine confidence in the system and force records managers to double-check the outcomes manually - negating the efficiency gains that AI was meant to deliver.

The trouble with “in-place”

These weaknesses originate from Purview’s use of the manage-in-place model. In theory, letting records remain where they are created - in Teams, Outlook, or OneDrive - minimises user burden and handles scale. In practice, however, it creates fragmentation and duplication.

Academic analysis concludes that “the in-place model involves acceptance of sub-optimal structure/schemas, so in circumstances where it is possible to optimise the efficiency of a structure/schema of a corporate records system we should reject that model.” (Lappin, Jackson, Matthews, et al).

This rejection stems from the obvious risk of a single record, or versions of it, being duplicated across multiple locations with inconsistent security, which undermines authenticity and drives up the cost of discovery, FOI requests, and audits.

More importantly, scattered records lack context and fracture the evidential trail of business transactions, leaving gaps that force AI classifiers to “make up stories” to compensate. Given that Microsoft itself has promoted the use of AI for classification in Purview, this raises real questions about reliability and trust.

It is no wonder, then, that many organisations hesitate to adopt Purview as their sole records management solution. Professionals understand that while Purview has strengths in governance at scale and compliance monitoring, it lacks the lifecycle controls, contextual integrity, and defensible disposal practices required for full records management.

This is why traditional EDRMS’ remain trusted, especially in government - they maintain records in context, are inclusive of hardcopy, preserve metadata, enforce classification, and ensure evidentiary defensibility through hybrid models. Nonetheless, Purview’s ability to auto-classify and apply retention at scale shouldn’t be dismissed, as it helps tackle the information overload facing most organisations. So, what’s best practice?

Where hybrid strategies come in

It is here, in this space of complexity, that EDRMS’ demonstrate their continuing value. These platforms build on decades of proven capability and most now offer to extend that relevance into the modern world of M365. These new EDRMS capabilities can hide and automate much of the mechanics of record-keeping, enhance manage-in-place, simplify the user experience, and integrate with M365 and other business systems.

Critically, they support a hybrid model that draws together three established traditions of records management: the centralised model associated with Duranti (advocating central control to preserve authenticity), the integrated model articulated by Bearman (embedding record-keeping within business systems), and the in-place model familiar to most M365 users. By combining these approaches, an EDRMS provides a way to take advantage of Purview where it works, while also addressing its shortcomings.

The practical implementation of this hybrid model is relatively straightforward. Low-value or short-term records, where risk is minimal, can remain governed in place through Purview. High-value records, however, may be identified by Purview using retention labels - whether applied manually or automatically through machine learning.

Once identified, these records can be uplifted to the EDRMS for stronger lifecycle management. In some cases, the record may still be “managed in place” but with the EDRMS applying robust classification, retention, and disposal controls. In others, it may be managed or moved into the EDRMS to sit within the appropriate business context.

In the Australian Government context, OpenText Content Manager remains the most widely recognised and compliant EDRMS, providing the authoritative control for high-value records. Solutions like Ingress by iCognition extend this further by enabling seamless synchronisation between Content Manager and Microsoft 365, allowing Purview’s labelling to trigger Content Manager’s more rigorous compliance and disposal processes.

In this way, organisations can balance the scalability of in-place governance with the evidentiary assurance of a centralised EDRMS, overcoming Purview’s limitations in three critical areas: the lack of granular classification, the absence of defensible disposal records, and the risks inherent in scattered, duplicate repositories.

A balanced way forward

This hybrid model has significant implications. It means that Purview can be used for what it does well - broad in-place governance at scale across SharePoint, Exchange, and Teams - while EDRMS’, such as Content Manager via Ingress, ensures that high-value records are subject to defensible, standards-compliant lifecycle management.

Rather than duplicating everything or overburdening users, the system manages records according to their value, preservation and compliance requirements. In doing so, it balances risk, reduces cost, and aligns with best practice in Australian Government standards and international frameworks alike.

Importantly, Purview is not the only in-place management system that faces in-place issues and limitations. Other platforms, such as Castlepoint or OpenText CDDRI, also operate in-place and deliver real value, but like Purview, they achieve best practice when complemented by an EDRMS such as Content Manager to provide evidentiary assurance, structured metadata, and compliant disposal.

The question of why Purview has not been widely adopted, therefore, may have a simple answer: it is not fit on its own to carry the weight of modern records management. But that does not mean it should be dismissed. Instead, it should be used as one part of a hybrid solution that integrates with proven systems and best practice models.

Purview identifies and labels; EDRMS’ like Ingress and Content Manager classify, control, and dispose. Together they create a model that respects the realities of modern digital environments while meeting the enduring demands of compliance and accountability.

In conclusion, Purview’s limited uptake is not simply a matter of education or promotion. It reflects deeper concerns about its complexity, architecture and compliance adequacy. By recognising these limitations and adopting a hybrid model, organisations can move beyond the false choice of “in-place or centralised” and instead embrace a balanced approach. In the era of Microsoft 365, hybrid records management is not just a strategy - it is the practical way forward.

Nigel Carruthers-Taylor is Executive Director & Principal at Information Management and Governance Specialists, iCognition. For more information contact iCognition on info@icognition.com.au.