All posts in Office365

Information and Records Management in M365 – Creating a Disposition Review Compliance Role

I recently blogged a recommendation to create a new role within the Microsoft 365 Compliance Center to ensure users that must be able to review content that is up for disposition actually have the necessary access to do so.  I call the role Disposition Review, but it obviously can be named whatever makes sense in your own organization.  This role is necessary as even a global admin does not have the necessary access to view disposition rules by default.  Disposition reviews are considered a specialized role similar to content reviewers, which also needs specialized access within the tenant (but that’s a post for another day).  This post will cover creating a disposition review compliance role in the Microsoft 365 Compliance Center

Disclaimer: Microsoft is making changes all the time to the Microsoft 365 interface.  Any screenshots displayed in this post are current at the last edit of the post.

Read more

Information and Records Management in M365 – Disposition Reviews

In honour of Microsoft’s recent announcement concerning multi-stage disposition reviews and other enhancements, I thought I’d start a short series discussing what disposition reviews are, how to configure them, but also how to make use of them.  We’ll start with the basics and move our way up to the new multi-stage disposition reviews.

Disclaimer: Microsoft is making changes all the time to the Microsoft 365 interface.  Any screenshots displayed in this post are current at the last edit of the post.

Read more

Microsoft 365 Records Management – Moving Beyond the Created Date

Over the last few weeks, I have had the privilege to speak to several conferences and user groups about a topic that has become quite a passion of mine within Microsoft 365.  Records management is increasingly becoming important to many organizations. They realize their content is being maintained for longer than it should be, or in some cases, removed before it should be.  Microsoft 365 has made huge strides to help organizations control this through its various compliance controls.  In my session, I discuss both the basics and some advanced concepts of M365 records retention.  As promised to my session attendees, here is the slide deck from my presentation.

 

Thanks for reading and attending my sessions!

Microsoft 365 – Apply Sensitivity Labels for Automated Processes

When creating a policy for a sensitivity label you have the option to set a default label for the user the policy is pointed at.  You can get more information on this process at the “Apply a default label” item on Microsoft’s Learn About Sensitivity Labels page.  This method, however, has a limitation.  It only works within a mail client that can connect to the Microsoft 365 Security/Compliance endpoints.  Doesn’t seem like a huge issue right?  Well, what about automated notifications that are sent via Power Automate or another custom solution that doesn’t utilize the Outlook (or other) client?  I’ve tested this.  It doesn’t work.  If I send it from Outlook or OWA I get the default label.  If I have an automated process within Power Automate it doesn’t.  In this post, I will show you how you can apply sensitivity labels for automated processes so all of your emails can contain a sensitivity label.

Read more

Create a Sensitive Info Type in Microsoft 365

When dealing with sensitive information within Microsoft 365 you often need to utilize a sensitive info type.  This is an entity within the security console that groups data by the sensitive information it contains.  For example, a credit card is a sensitive info type and is configured to look within content for credit card number formats.  Luckily, Microsoft provides 100 pre-configured sensitivity types and they really cover a large number of possibilities.  Well, what if you have a type of sensitive data that isn’t in the provided templates.  Well, that’s where this blog post comes in handy.  In this post, I will show you how to create a sensitive info type in Microsoft 365’s security console.

Read more