All posts in SharePoint

Information and Records Management in M365 – Creating a Disposition Review Compliance Role

I recently blogged a recommendation to create a new role within the Microsoft 365 Compliance Center to ensure users that must be able to review content that is up for disposition actually have the necessary access to do so.  I call the role Disposition Review, but it obviously can be named whatever makes sense in your own organization.  This role is necessary as even a global admin does not have the necessary access to view disposition rules by default.  Disposition reviews are considered a specialized role similar to content reviewers, which also needs specialized access within the tenant (but that’s a post for another day).  This post will cover creating a disposition review compliance role in the Microsoft 365 Compliance Center

Disclaimer: Microsoft is making changes all the time to the Microsoft 365 interface.  Any screenshots displayed in this post are current at the last edit of the post.

Read more

Information and Records Management in M365 – Disposition Reviews

In honour of Microsoft’s recent announcement concerning multi-stage disposition reviews and other enhancements, I thought I’d start a short series discussing what disposition reviews are, how to configure them, but also how to make use of them.  We’ll start with the basics and move our way up to the new multi-stage disposition reviews.

Disclaimer: Microsoft is making changes all the time to the Microsoft 365 interface.  Any screenshots displayed in this post are current at the last edit of the post.

Read more

Microsoft 365 Records Management – Moving Beyond the Created Date

Over the last few weeks, I have had the privilege to speak to several conferences and user groups about a topic that has become quite a passion of mine within Microsoft 365.  Records management is increasingly becoming important to many organizations. They realize their content is being maintained for longer than it should be, or in some cases, removed before it should be.  Microsoft 365 has made huge strides to help organizations control this through its various compliance controls.  In my session, I discuss both the basics and some advanced concepts of M365 records retention.  As promised to my session attendees, here is the slide deck from my presentation.

 

Thanks for reading and attending my sessions!

Microsoft 365 Multi-Stage Disposition Reviews Announced

This is just a quick announcement I wanted to make sure everyone was aware of.  Microsoft 365 compliance has come a long way lately for retention.  When speaking with clients they are happy with the ability to control retention with labels.  They love the ability to control retention label availability with retention label policies.  They even are happy with the ability to apply blanket policies to help catch the content that doesn’t get labeled. But then we get to the disposition.  When I inquire of my clients if they feel M365 disposition control meets there needs the answer is usually:

Microsoft 365 Multi-Stage Disposition Reviews Announced - ehhh no

The biggest complaint is the lack of multi-stage dispositions.  Record managers either have to manually contact content owners to confirm disposition or admins have to grant all the many content owners in the environment permissions to dispose of content.  The first is a manual process and the second is definitely not recommended.

Yesterday (January 20, 2021), Microsoft has announced they are working on multi-stage dispositions in Microsoft 365 and it is slated for release in June of 2021

Microsoft 365 Multi-Stage Disposition Reviews Announced - Yayy

You can read more about it here: Multi-Stage Disposition in M365 Roadmap

 

Thanks for reading!

Microsoft 365 – Apply Sensitivity Labels for Automated Processes

When creating a policy for a sensitivity label you have the option to set a default label for the user the policy is pointed at.  You can get more information on this process at the “Apply a default label” item on Microsoft’s Learn About Sensitivity Labels page.  This method, however, has a limitation.  It only works within a mail client that can connect to the Microsoft 365 Security/Compliance endpoints.  Doesn’t seem like a huge issue right?  Well, what about automated notifications that are sent via Power Automate or another custom solution that doesn’t utilize the Outlook (or other) client?  I’ve tested this.  It doesn’t work.  If I send it from Outlook or OWA I get the default label.  If I have an automated process within Power Automate it doesn’t.  In this post, I will show you how you can apply sensitivity labels for automated processes so all of your emails can contain a sensitivity label.

Read more