When dealing with sensitive information within Microsoft 365 you often need to utilize a sensitive info type. This is an entity within the security console that groups data by the sensitive information it contains. For example, a credit card is a sensitive info type and is configured to look within content for credit card number formats. Luckily, Microsoft provides 100 pre-configured sensitivity types and they really cover a large number of possibilities. Well, what if you have a type of sensitive data that isn’t in the provided templates. Well, that’s where this blog post comes in handy. In this post, I will show you how to create a sensitive info type in Microsoft 365’s security console.
This fall Microsoft made the largest product announcement (in my opinion) since Microsoft Teams a few years ago (2017). It was large enough that it received a good chunk of Satya Nadella’s Ignite Keynote. It’s hard to nail down a single definition of the product. With SharePoint, you have a tool focused on document organization, storage, collaboration, and information management. With Microsoft Teams you have a similar purpose (it runs on SharePoint after all) but it focuses even more on small team collaboration. Exchange is a no brainer. But Cortex is something different. I feel Project Cortex could be a game-changer for organizations.
In a couple of previous posts, I covered retention labels and how to apply them within your tenant. An option when creating retention labels is to have your document declared a record when the policy/label is applied. Records add an extra level of content security to your documents. Now keep in mind I don’t mean information security in this case. Declaring a document won’t keep your information from entering the wrong hands or being used improperly. We’ll cover those topics in the future. A record instead protects the content within the document. Read on as I explain Office 365 records management.
Today with an organization’s data can reach into the petabyte range control of that data is becoming more and more important for organizations. Not only do corporations need to ensure their data is maintained for a required amount of time, but they also need to ensure the data is removed on a regular schedule. Office 365 retention labels are a great way to accomplish this. Retention labels allow you to control how long you keep your data. They can even protect your data from being deleted when it shouldn’t be. Retention labels can be applied to documentation in SharePoint, OneDrive, O365 Groups and emails within Exchange.
How Retention Labels Work
Retention labels by themselves are a form of metadata that can be attached to a document. It’s what happens behind the scenes that matter. When a label that has a retention policy applied to it is set on a document you are saying one of two things:
- I want to keep this document for X amount of days no matter what
- I want to ensure this document is removed after X amount of days.
This is because you can set a retention label to retain (keep) a document for a certain length of time or you can set it to ensure the document is deleted after a certain amount of time. Now to add just a little bit of confusion into the mix, if you are working with the first use case (keep for x days) you have the option to delete the document once the retention schedule has been met. This may seem like it is also scenario #2. The difference is that with Scenario #1, a user can’t truely delete the document. If deleted, the document will be maintained until it is to be deleted (based on the retention configuration). With Scenario #2, the system is saying go ahead and delete this document any time you want, but if it isn’t removed by a certain date, the system will remove it.
Explicit vs Implicit Labels and the Order of Precedence
With retention labels, you get two flavours when it comes to setting the label on the document/mail.
- Explicit Label: Set manually by the user.
- Implicit Label: Set automatically based on policy rules or default settings in a library
Because you have the ability to automatically set a label it will then be possible for more than one label to be applied to a document/email. Since you can only apply one retention label to a document/email there will need to be some rules to control when a label is to be applied. These rules are called the “Order of Precedence” The order of precedence states:
- A label that retains will always win over a label that deletes.
- The label with the longest retention configuration wins
- Explicit labels win over implicit labels.
- The shortest deletion period wins.
One thing to remember with labeling is that an implicit label cannot be set if an explicit label already exists.
Labels can be inherited from other items that also have labels applied.
- Labels can be set automatically (default) at the library level. Any documents within will inherit the label unless an explicit label has already been applied.
- If the default label of the parent is modified, the inherited labels will update unless explicitly applied
- Removing the default label of a parent will also remove the default label of any content within where the label is not explicit.
- Moving documents with default labels (implicit) applied will affect the label on the document after they have moved:
- Moving a document to a folder with a different default retention label will have the document inherit the new label.
- Moving a document to a folder that does not have a default retention label will remove the existing label from the document.
Retention labels are a fantastic way to ensure your data is not removed before it should be or that it is removed when necessary. In my next post, I will provide the steps to apply labels to your documents within your tenant.
Thanks for reading!