In my previous post, I covered what the Microsoft Compliance Score was and how it worked. This year at Ignite, Microsoft announced a new console in the Microsoft 365 tenant compliance console. On November 5, 2019, the new Microsoft Compliance Manager was rolled out to targeted release tenants. The console is there to assist tenant admins in protecting the data of their organizations.
Within your Microsoft 365 tenant have you ever noticed the card that talks about your Microsoft Compliance Score? Ever wondered what that was? In this post, I’ll discuss with you what this score means, how you can affect it and what changing the score can mean for your tenant.
In my previous post, I provided an overview of retention labels and their uses. In this post, I will demonstrate how admins or record managers can go about creating retention labels in Office 365.
Creating Retention Labels
- Log in to the tenant (https://admin.microsoft.com)
- In the left-hand menu click on Compliance
- The Microsoft 365 Compliance console will open.
- Open the Classification menu on the left-hand side and select Retention Labels
- Click on “+ Create a label”
- Enter the Top-Level information on your label:
- Name: Meaningful name to describe the label
- Description for Admins: Explanation of the purpose of the label. It contains any special information only viewable by admins in the console.
- Description for users: User-based explanation of the label purpose. May actually match the admin description.
- Click Next
- Enter the File plan descriptors. Note all fields are optional and only there to organize the labels within your organization.:
- Reference ID: Internal reference number for the label (you will likely need to click on the drop-down beside the reference ID and click on “Add a new file plan descriptor Id”.
- Business function/department: This is the department or functional group to which the label most closely belongs to. There is a list prepopulated, but if the department that best fits here does not exist you can add it by clicking on “Add a new file plan descriptor Business function/department”.
- Category: Select the category that best fits the top-level organization of the label. Like the other options, you can create a new one by clicking on “Add a new file plan descriptor category”
- Subcategory: like category above select the best category that fits the needs of the label. Not required. If a new one is required, click on “Add a new file plan descriptor subcategory”.
- Authority Type: Select the authority within the organization that requires the label. Can add a new one if required.
- Provision/citation: if the label is based on a documented industry standard. You can select from this list or create a new one.
- Click Next.
- Turn on Retention. If you leave this off, the label is not a retention label but a classification label only.
- Based on the requirements of the data retention, select the required amount of time the data should be retained. Have the option to retain forever or for a specific amount of time in days, months and years.
- For disposition, select Trigger a disposition review.
- Enter individual users who need to be notified AND have access to the disposition report. If they are not listed here they will not see the reports (even if Global Admin). At this point, you cannot add groups. This is coming through.
- Select the basis for when the data should be retained by. Options include:
- Select either “when it was created” or “when it was modified”
- Exchange only: the exchange mailbox can only be triggered on received or sent dates.
- If the document should be a record when the label is applied, click on the “Use label to classify content as a ‘Record’”.
- Click Next.
- Review the settings and once ready click “Create this label”.
In the next post, I will demonstrate how to publish this label.
Thanks for reading!
Today with an organization’s data can reach into the petabyte range control of that data is becoming more and more important for organizations. Not only do corporations need to ensure their data is maintained for a required amount of time, but they also need to ensure the data is removed on a regular schedule. Office 365 retention labels are a great way to accomplish this. Retention labels allow you to control how long you keep your data. They can even protect your data from being deleted when it shouldn’t be. Retention labels can be applied to documentation in SharePoint, OneDrive, O365 Groups and emails within Exchange.
How Retention Labels Work
Retention labels by themselves are a form of metadata that can be attached to a document. It’s what happens behind the scenes that matter. When a label that has a retention policy applied to it is set on a document you are saying one of two things:
- I want to keep this document for X amount of days no matter what
- I want to ensure this document is removed after X amount of days.
This is because you can set a retention label to retain (keep) a document for a certain length of time or you can set it to ensure the document is deleted after a certain amount of time. Now to add just a little bit of confusion into the mix, if you are working with the first use case (keep for x days) you have the option to delete the document once the retention schedule has been met. This may seem like it is also scenario #2. The difference is that with Scenario #1, a user can’t truely delete the document. If deleted, the document will be maintained until it is to be deleted (based on the retention configuration). With Scenario #2, the system is saying go ahead and delete this document any time you want, but if it isn’t removed by a certain date, the system will remove it.
Explicit vs Implicit Labels and the Order of Precedence
With retention labels, you get two flavours when it comes to setting the label on the document/mail.
- Explicit Label: Set manually by the user.
- Implicit Label: Set automatically based on policy rules or default settings in a library
Because you have the ability to automatically set a label it will then be possible for more than one label to be applied to a document/email. Since you can only apply one retention label to a document/email there will need to be some rules to control when a label is to be applied. These rules are called the “Order of Precedence” The order of precedence states:
- A label that retains will always win over a label that deletes.
- The label with the longest retention configuration wins
- Explicit labels win over implicit labels.
- The shortest deletion period wins.
One thing to remember with labeling is that an implicit label cannot be set if an explicit label already exists.
Labels can be inherited from other items that also have labels applied.
- Labels can be set automatically (default) at the library level. Any documents within will inherit the label unless an explicit label has already been applied.
- If the default label of the parent is modified, the inherited labels will update unless explicitly applied
- Removing the default label of a parent will also remove the default label of any content within where the label is not explicit.
- Moving documents with default labels (implicit) applied will affect the label on the document after they have moved:
- Moving a document to a folder with a different default retention label will have the document inherit the new label.
- Moving a document to a folder that does not have a default retention label will remove the existing label from the document.
Retention labels are a fantastic way to ensure your data is not removed before it should be or that it is removed when necessary. In my next post, I will provide the steps to apply labels to your documents within your tenant.
Thanks for reading!