While writing a couple of posts recently I became a bit out of step with my intended schedule by discussing sensitivity for automated processes before actually discussing how Microsoft 365 deals with sensitive content. This is fine if you are familiar with information protection within Microsoft 365, but for those of you who are not let me get back on track and discuss information protection concepts within Microsoft 365. This is the overview first in a series of posts that I will explain and demonstrate how Microsoft 365 protects an organization’s sensitive information.
Previously I provided an overview of record disposition in Microsoft 365. Disposition reviews allow an organization to control if the content flagged for permanent deletion should actually be deleted. The review provides the organization with a method to maintain content due to internal process changes, mislabeling the content, or data that is still active and shouldn’t be removed. Before May of 2021, Microsoft 365 was only capable of single-stage disposition reviews for retention labels. However, Microsoft 365 now supports multi-stage disposition revies by allowing up to 5 separate approval stages before the content can be permanently deleted from the environment. We’ll cover that process in this post. I would also suggest that you review some of the other enhancements that Microsoft 365 provides by reviewing the custom disposition configurations I also cover.
Disclaimer: Microsoft is making changes all the time to the Microsoft 365 interface. Any screenshots displayed in this post are current at the last edit of the post.
In May 2021, Microsoft announced the release of multi-stage disposition reviews. This announcement was not limited to just the disposition review enhancements but other new features as well. Included with the May release were other custom disposition configurations such as record manager enhancements (think disposition administrators) and disposition message customization. The Microsoft announcement did just that, announced them. In this post, I’ll show you what they are and how they work.
Disclaimer: Microsoft is making changes all the time to the Microsoft 365 interface. Any screenshots displayed in this post are current at the last edit of the post.
I recently blogged a recommendation to create a new role within the Microsoft 365 Compliance Center to ensure users that must be able to review content that is up for disposition actually have the necessary access to do so. I call the role Disposition Review, but it obviously can be named whatever makes sense in your own organization. This role is necessary as even a global admin does not have the necessary access to view disposition rules by default. Disposition reviews are considered a specialized role similar to content reviewers, which also needs specialized access within the tenant (but that’s a post for another day). This post will cover creating a disposition review compliance role in the Microsoft 365 Compliance Center
Disclaimer: Microsoft is making changes all the time to the Microsoft 365 interface. Any screenshots displayed in this post are current at the last edit of the post.
In honour of Microsoft’s recent announcement concerning multi-stage disposition reviews and other enhancements, I thought I’d start a short series discussing what disposition reviews are, how to configure them, but also how to make use of them. We’ll start with the basics and move our way up to the new multi-stage disposition reviews.
Disclaimer: Microsoft is making changes all the time to the Microsoft 365 interface. Any screenshots displayed in this post are current at the last edit of the post.