Posted by Those of us who have worked with data retention, SharePoint and Office 365 know, that this is not easy. Content types, disposition workflows and record centers all make it into the mix. But this is all going to change within Office 365 and in this article, I want to give you some insights into this.
The reason for this is because the way we were used to work with data retention and (for example) SharePoint is changing in Office 365. I want to talk about the data retention possibilities in the classic world, and how we used this at a Dutch organisation. But I also want to focus on the advanced data governance possibilities of Office 365.
This article is made up of five sections:
Part 1
- Content life cycle;
- Classic SharePoint retention and disposition;
- Use-case of classic SharePoint and an innovative solution;
Part 2
- Office 365 a year ago (retention policies);
- Office 365 present (retention policies, retention labels and disposition overview).
In part 1 I talked about the use of information management policies and data retention in Office 365. In this part it’s time to look at all the cool new functions like labels, label policies and setting default labels in a document library.
Office 365 a year ago
Should you have looked at Office 365 security & compliance at least one year ago, you would have found several retention policies for SharePoint and OneDrive for business. These policies allowed you to do (basically) two things for content in these platforms:
- Clean up (remove content based on the last modification date);
- Retain for a specific period, including “forever”.
This last option was also known as the (site) preservation hold option. A hidden and secure library was created an all content modified or deleted within the specified period was stored within.
The drawback of this options is, that you could not specify the content the policy for or let the users decide for themselves. The options also did not include any machine intelligence to determine if there was any sensitive content. But we did have retention policies, and that was a start.
Office 365 now
At the m
oment of writing this article, it’s July 2017 and data retention and disposition has received more attention by Microsoft. The data retention policies are still here (Data governance | Retention). But these have been fine tuned. But the new labels and label policies are brand-new and great!
Retention policies
You can still decide to clean-up your content by deleting this based on a modification date. And the preservation hold is still here as-well (just retain you content for a specific period).
Advanced retention settings now allows you to use detect sensitive content as-well.
This might be appropriate if you want to retain specific content which contains IBAN-numbers or passport numbers. Or you can create your own query for this.
But these are policies which work without any user-interaction or knowledge. And that’s where the labels come in.
Retention labels and label policies
Data retention labels add another dimension to this subject. These labels (not to be confused with Azure Information Protection labels) can be added to you content. For example: added to your SharePoint Online libraries.
A label can be applied by the user, or it can be automatically applied based on the policy settings. In a SharePoint library this looks like this.
And in Outlook Web an email message can be labelled by selecting it and using the Assign policy options. Very easy to do.
You never knew an email message had this much options, did you?
In a nutshell, this is how it works.
- Create a label (a label determines the retention/deletion actions)
- Publish the label (creates a label policy) to the required Office 365 locations (Exchange, SharePoint, Groups, OneDrive);
- Add one or more labels (if needed).
So, you need a policy and labels in order to get this to work. And creation of the label policy is done by publishing the label! By the way: the location can be all of SharePoint Online or a specific site-collection.
One of the cooler aspects is that this label is published throughout Office 365. So in SharePoint, you don’t need to add anything to lists or content types. Which is awesome (in my opinion).
SharePoint document libraries
There is even a new library setting in the SharePoint documentlibrary. It’s called Apply Label and it allows you to have a mandatory (or default) label.
This means, for example, that you can have specific librarier (like “HR – Job applications”) with a default data retention policy (“HR – Job applications – retain for 2 years”).
You can add the label(s) to the view of a library. Which might come in handy. Also note the column “Sensitivity”. This column “reads” the Azure Information Protection label, if the document has one. Undocumented feature…
One thing I did notice. I wasn’t able to set information policies on libraries or content types any more in an Office Group (modern team site). The options weren’t there. An Office Group on the left and a classic team site on the right.
Disposition overview
Remember the use-case where we created a custom disposition overview solution? Now Office 365 offers an out of the box function. All content which has reached the end of its retention period and needs disposition approval can be viewed from this dashboard. This dashboard is found at Data governance | Dispositions.
This really is cool and useful for all record managers out there. No matter where the content is stored, you can get an overview of content which is going to expire.
So, where does this leave us?
More and more information management functions are becoming available on a tenant-scale. No more site-collection based settings or needing a content type hub to provision changes in an information management policy. Policies are working cross-function (Groups, SharePoint, OneDrive, Exchange). I believe this will mean that we will need to adjust our SharePoint information-architecture designs.
We now have a means to use machine intelligence to scan for sensitive information and base policies on that. It’s easier to use. People just have to select a label (basically). And we now have a disposition overview! Yeah!!
But Microsoft does need to work on their vocabulary. I mean: AIP labels, data retention labels, tags, etc.
More information on advance data governance and labels can be found here:
Governance, Risk, Security and Compliance 
2 comments