In honour of Microsoft’s recent announcement concerning multi-stage disposition reviews and other enhancements, I thought I’d start a short series discussing what disposition reviews are, how to configure them, but also how to make use of them. We’ll start with the basics and move our way up to the new multi-stage disposition reviews.
Disclaimer: Microsoft is making changes all the time to the Microsoft 365 interface. Any screenshots displayed in this post are current at the last edit of the post.
Retention in Microsoft 365 comes in two forms. The retention policy and the retention label. Both features can control how content within the tenant is retained, but retention labels provide more options and controls. Often a retention policy is used for default retention, meaning it is applied to a container, such as a site collection, to ensure the content within meets the organization’s base retention criteria for that data. Retention labels are much more exact as they can apply retention directly to a document. You can have two documents at the same location and have different retention schedules applied to them based on the labels applied to the file. Both retention policies and labels allow the following options for data retention:
- Retain the content for a specific amount of time and then:
- Delete it automatically
- Allow users to delete it manually
- Retain content forever
- Ensure content is deleted after a certain amount of time has past
Retention labels allow you to take this a bit further, however. With a retention label, the administrator can allow a review of the content to occur, and decisions can be made as to the outcome of that data. The reviewer (often known as a disposition reviewer) has three options available to them:
- Approve the content for removal from the environment
- Modify the label on the content (perhaps the content was mislabeled or the label no longer pertains to that data)
- Extend the retention period (i.e. the content isn’t yet ready to be replaced)
The disposition review allows record managers to review all content before it is removed to ensure it is ready to be expunged from the system. I’ll cover setting up a disposition review and recent enhancements to the review process in the next post.
Important Disposition Review Configurations
For disposition reviews to fully function, the Unified Audit Log must be enabled within your tenant (it is off by default). This is because many disposition features are tracked via the Microsoft 365 audit log. To determine if your environment is enabled, simply navigate to the Disposition tab of your tenant. If a yellow bar containing the following text: “To display the list of items that you delete during a disposition review, you must first turn on auditing.” is displayed on the page, then you need to enable auditing within the organization.
Auditing can also be checked via PowerShell when connected to Exchange Online Administration. To check if audit logs are enabled, run the following command:
Get-AdminAuditLogConfig | FL UnifiedAuditLogIngestionEnabled
The result will return true if enabled.
To enable auditing, click on the button “Turn on auditing” located at the end of the yellow bar pictured above, or if using PowerShell run the following commands:
#The following command may already be enabled, but should run to be sure Enable-OrganizationCustomization #Enable M365 audit logs Set-AdminAuditLogConfig -UnifiedAuditLogIngestionEnabled $true
Update and Assign Permissions
By default, even a global admin does not have the required access to review dispositions within the environment. Even if the label has been configured with the admin as a disposition reviewer, that user will still be unable to view existing dispositions. All users that must access disposition reviews should have the following roles assigned:
- Disposition Management
- View-only audit logs
I always suggest configuring a new compliance administrative role with the above roles included and adding all users that require access within. I outline the steps for this in the post: “Creating Disposition Review Compliance Role”
Optional: Content Explorer Role
As per the title, this step is optional. As part of the disposition review, the reviewer can see the content itself. However, this is only possible for the content they actually have access to. For example, if I am reviewing dispositions for the IT-How To label, but the content exists in a SharePoint site I do not have access to, I can’t actually view the content of that file. This can pose a problem if the record manager is required to review the content of the data before approving the disposition. To correct this, add the necessary users to the “Content Explorer Content Viewer” and “Content Explorer List Viewer” roles.
This covers the basics of disposition reviews. In the next post, I’ll cover the feature in more detail.
Thanks for reading!