Joanne Klein, profile picture
Uploaded byJoanne Klein
PDF, PPTX873 views

IRMS UG Principles of Retention in Microsoft 365

This document provides a summary of a presentation on the principles of retention in Microsoft 365. It discusses why understanding the principles is important for ensuring compliance with retention requirements. The presentation covers the essentials to understand before learning the principles, including how retention policies and labels differ and how they can be applied. It then walks through the four principles of retention - that retention wins over deletion, the longest retention period wins, explicit settings win over implicit ones, and the shortest deletion period wins. Examples are provided to illustrate how the principles are applied.

Embed presentation

Download as PDF, PPTX
A PRIMER ON THE PRINCIPLES OF RETENTION IN MICROSOFT 365 THE ESSENTIALS TO UNDERSTAND A presentation by Joanne C Klein to IRMS on October 14, 2021
SYNOPSIS There's only 4 of them, but they're important. Really important. This session will talk about why it's essential for Records Managers and Information Management teams to have an authoritative understanding of the principles. They inform the retention and deletion processes and actions which are the technical underpinning of your Information Governance/Records Management (IG/RM) implementation. This is what ultimately determines the retention and deletion actions taken on each piece of content. Understanding the principles of retention is an important prerequisite to a holistic IG/RM design and implementation. It can help ensure you are deleting content when you no longer need/require it and retaining content for as long as you are required to meet your corporate governance requirements and your legal, business, and regulatory obligations.
Hi! I’m Joanne! @JoanneCKlein joannecklein@nexnovus.com joannecklein.com SharePoint & Microsoft 365 consultant | Advanced Compliance
Information Protection Data Loss Prevention Information Governance Records Management Insider Risk Communication Compliance eDiscovery Site Architecture Information Architecture Content Management Content Services Search SharePoint Syntex Microsoft 365 Advanced Compliance My Work Experience Financial Services Government Manufacturing HealthCare Legal Services Defense 10+ years SharePoint experience Global Industry Compliance experience joannecklein.com
My Approach • Crawl-Walk-Run is a proven, established approach I’ve seen success with • Aim for progress, not perfection • The road to compliance is a marathon; not a sprint • Understand your compliance obligations: business, regulatory, legal before you start • Understand the cost/benefit of your compliance decisions • Don’t customize unless… • It is functionality you can’t live without • It is a differentiator for your business joannecklein@nexnovus.com linkedin.com/in/joannecklein joannecklein.com +1-306-527-7580
AGENDA | PRINCIPLES OF RETENTION WHY ARE THEY NECESSARY? THE ESSENTIALS TO UNDERSTAND (BEFORE YOU GET INTO THE PRINCIPLES) THE PRINCIPLES WALK-THRU EXAMPLES
Have an authoritative understanding of your regulatory requirements before you start! SEC17a-4 SOX HIPAA/HITECH KVKK GDPR NIST ISO FedRamp CCPA PHIPA PIPEDA FOIA Global National Regional Industry ICA Module 2 FINRA FERPA
WHY ARE THE PRINCIPLES NECESSARY? • They work alongside your retention policies and labels to be the technical implementation of your: • Regulatory requirements • Information Governance requirements • They ensure your “rules of Compliance” are being adhered to! • They ensure Legal Holds are taken into consideration… “One rule to rule them all”
RETENTION IN MICROSOFT 365 “THE ESSENTIALS TO UNDERSTAND” Current ways to APPLY a retention label Ways to SCOPE retention BEHAVIOR of retention label types Retention policy and retention label DIFFERENCES PRINCIPLES of Retention 3 ACTIONS retention policies/retention labels can take -Joanne C Klein
DELETE ONLY “Delete all Teams Chats 2 years after they’re sent. They can be deleted earlier by an end-user.” RETAIN ONLY “Retain all Access Request forms for a minimum of 5 years” RETAIN and DELETE “Retain all contract information for 2 years after contract expiry and delete after review” 3 ACTIONS retention policies/retention labels can take Understanding the action is really important!
Retention Policy • Applied to a location (Site, Team, Group, Mailbox) • End-user is unaware it’s there • You cannot trigger a disposition review at the end of the retention period (no easy way to see what’s about to be deleted) • You cannot declare content a record or regulatory record • Retention can start based on: • created date • last modified date • Publish locations Retention Label • Applied to an item in a location • End-user can see it and set it (unless label is ONLY auto-applied) • You can trigger a disposition review at the end of the retention period • You can declare an item a record or regulatory record • Retention can start based on: • created date • last modified date • labeled date • an event date • Publish locations Retention policy and retention label DIFFERENCES
RETENTION POLICY PUBLISH LOCATIONS RETENTION LABEL PUBLISH LOCATIONS • SharePoint sites (whole site) • Microsoft 365 Groups (entire site and mailbox) • OneDrive for Business sites (whole site) • Exchange Mailboxes (entire mailbox) • Microsoft Team Chats (all User chats) • Microsoft Team Standard/Private Channel conversations (all conversations) • Yammer Community messages (all messages) • Yammer Private messages (all User Private messages) • SharePoint sites (used in libraries and lists) • Microsoft 365 Groups (files within sites, emails within mailboxes) • OneDrive for Business sites (used in libraries) • Exchange Mailboxes (specific emails) • Microsoft Teams Meeting recordings stored on SharePoint and OneDrive (specific recordings) Retention policy and retention label DIFFERENCES
CAPABILITY REGULAR LABEL RECORD LABEL UNLOCKED RECORD LABEL LOCKED Edit file contents Edit properties, including file rename Delete the file Copy the file Move within container (OneDrive, SPO Site, Exchange mailbox) Move across containers (OneDrive, SPO Site, Exchange mailbox) Open/Read file Change retention label on the file Remove retention label from a file REGULATORY RECORD LABEL If never unlocked Container Admin Container Admin Container Admin Container Admin BEHAVIOR of retention label types Immutability increases
Microsoft 365 Roadmap - Retention Label deletion behavior change in SharePoint and OneDrive Retention Label Behavior Change coming… “Improved consistency allowing users to “delete” files labeled with a retention label configured to “retain items for a specific period” as this operation is no longer blocked with an error message. When deleted, these files will still be preserved for compliance purposes by moving a copy of them to the “Preservation Hold Library” of the site where they can be accessed by eDiscovery and other compliance solutions.” This behavior change will be configurable as a tenant-wide setting. Rolling out November 2021…
Location • SharePoint, OneDrive, Exchange, Microsoft 365 Groups • Default a Document library or folder Metadata and property • Content type, metadata (built-in and custom) Keywords and KQL queries • “Project XYZ” Out-of-box and custom Sensitive Information Types • Financial, Healthcare, Privacy Out-of-box and custom Trainable Classifiers • Resume, Contract, Patient Record, etc. PowerShell, Code, Power Automate • PnP PowerShell •REST API SharePoint Syntex • Document Understanding model • Form Processing model Automatically Apply based on… Manually Apply Retention/Deletion period • Retention length • Expiration length Level of immutability • Retention label • Record label • Regulatory record label Actions • Retain Only • Retain and Delete • Delete Only • Disposition review Period start • An event • Date created • Date last modified • Date labeled Classify Label Definition Current ways to APPLY a retention label Automatic Manual
Static Scope (what we use now) • All locations • Select included locations: • Specific sites/mailboxes/groups/Teams • Select excluded locations: • Specific sites/mailboxes/groups/Teams Adaptive Scope (Private Preview) • Dynamic inclusion/exclusion of locations • User locations based on… • Azure AD attributes (First name, Last name, Display name, Job Title, Department, Office, Street address, City, State or Province, Postal Code, Country or Region, Email Address, Alias, Custom attribute 1-15) • Any filterable property in OPATH • Microsoft 365 Groups based on… • Azure AD attributes (Name, Display name, Description, Email addresses, Alias, Custom attribute 1-15) • SharePoint Sites based on… • Site URL, Site name, RefinableString00-99 Ways to SCOPE retention Once defined, scopes are used in Retention Policies and Label Policies Filterable properties for the Filter parameter | Microsoft Docs Limits for retention policies and retention label policies - Microsoft 365 Compliance | Microsoft Docs
EXAMPLE USE-CASES FOR ADAPTIVE SCOPES • “Retain all Executive emails and OneDrive files forever” • “Retain all Germany users’ emails for 5 years; Retain all others’ emails for 3 years” • “Retain all Project sites for 7 years past project completion” Ways to SCOPE retention
YOUR REQUIREMENTS AND THESE RETENTION ESSENTIALS HELP INFORM YOUR RETENTION LABEL AND POLICY CONFIGURATION Current ways to APPLY a retention label Ways to SCOPE retention BEHAVIOR of retention label types Retention policy and retention label DIFFERENCES PRINCIPLES of Retention 3 ACTIONS retention policies/retention labels can take THE PRINCIPLES OF RETENTION THEN DETERMINE THE ACTION TO TAKE ON EACH ITEM **COMPLIANCE
FINALLY… THE PRINCIPLES OF RETENTION
Level 4 Shortest deletion period wins Level 3 Explicit wins over implicit Level 2 Longest retention period wins Level 1 Retention wins over deletion Tie-breaking comparison performed against each item (document, email) for all retention policies published to the location and the retention label, if any, applied to the item. Before you start If there’s a “winner” at the level, comparison stops If there isn’t a “winner” at the level, proceed The Principles of Retention or what takes precedence - Microsoft 365 Compliance | Microsoft Docs https://docs.microsoft.com/en-us/microsoft-365/compliance/retention-flowchart?view=o365-worldwide START HERE PRINCIPLES of Retention (and Deletion)
The Principles of Retention | Retention examples Example 1 Example 2 Labeled docs: Longest retention period wins All other docs: Retention wins over deletion All docs: Longest retention period wins What level “wins” in the Principles of Retention?
The Principles of Retention | Deletion examples Example 3 Example 4 Labeled docs: Explicit wins over Implicit All other docs: Shortest deletion period wins Labeled docs: Explicit wins over implicit All other docs: Shortest deletion period wins What level “wins” in the Principles of Retention?
The Principles of Retention | Combined examples Example 5 Example 6 Labeled docs: Retention wins over deletion All other docs: Shortest deletion period wins All docs: Longest retention period wins What level “wins” in the Principles of Retention?
The Principles of Retention | Combined examples Example 7 Example 8 Executive mailboxes: Retention wins over deletion All other mailboxes: Shortest deletion period wins All mailbox items: Longest retention period wins What level “wins” in the Principles of Retention?
PRINCIPLES OF RETENTION FUN CHALLENGE TEST YOUR KNOWLEDGE ACROSS 6 SCENARIOS! LINK: HTTPS://JOANNECKLEIN.COM/2021/07/05/PRINCIPLES-OF-RETENTION-IN-MICROSOFT-365
THE PRINCIPLES OF RETENTION LINKS Reference: The Principles of Retention or what takes precedence - Microsoft 365 Compliance | Microsoft Docs Flowchart: https://docs.microsoft.com/en- us/microsoft- 365/compliance/retention- flowchart?view=o365-worldwide
Thank you IRMS! Let’s Connect! @JoanneCKlein joannecklein@nexnovus.com joannecklein.com SharePoint & Microsoft 365 consultant | Advanced Compliance

More Related Content

PDF
Microsoft 365 Guidance for UK Government Information Protection - 1.0.pdf
bypehap
 
PPTX
Module 6 - Insider Risk.pptx
byErikHof4
 
PPTX
Labelling in Microsoft 365 - Retention & Sensitivity
byDrew Madelung
 
PPTX
Overview of Microsoft Teams and Data Loss Prevention(DLP)
byRadhakrishnan Govindan
 
PPTX
Labelling in Microsoft 365 - Retention & Sensitivity
byDrew Madelung
 
PPTX
Microsoft Azure Information Protection
bySyed Sabhi Haider
 
PPTX
Microsoft Teams Governance and Security Best Practices - Joel Oleson
byJoel Oleson
 
PPTX
Microsoft Information Protection demystified Albert Hoitingh
byAlbert Hoitingh
 
Microsoft 365 Guidance for UK Government Information Protection - 1.0.pdf
bypehap
 
Module 6 - Insider Risk.pptx
byErikHof4
 
Labelling in Microsoft 365 - Retention & Sensitivity
byDrew Madelung
 
Overview of Microsoft Teams and Data Loss Prevention(DLP)
byRadhakrishnan Govindan
 
Labelling in Microsoft 365 - Retention & Sensitivity
byDrew Madelung
 
Microsoft Azure Information Protection
bySyed Sabhi Haider
 
Microsoft Teams Governance and Security Best Practices - Joel Oleson
byJoel Oleson
 
Microsoft Information Protection demystified Albert Hoitingh
byAlbert Hoitingh
 

What's hot

PPTX
Taking a Crawl-Walk-Run Approach to Office 365 Retention - Ottawa SPUG (no de...
byJoanne Klein
 
PPTX
Understanding Records Management in Office 365
byRecordPoint
 
PPTX
Training – Introduction to SharePoint Online for Collaboration and Document M...
bySuhail Jamaldeen
 
PPTX
Navigating the Mess of a Shared drive Migration to SharePoint
byJoanne Klein
 
PDF
Information Architecture Guidelines (SharePoint) - Innovate Vancouver.pdf
byInnovate Vancouver
 
PPTX
Free Training: How to Build a Lakehouse
byDatabricks
 
PDF
SharePoint Design & Configuration Best Practices & Guidelines - Innovate Vanc...
byInnovate Vancouver
 
PPTX
ECS 2023 - Setup and implement a successful Microsoft Teams governance strate...
byJasper Oosterveld
 
PDF
SharePoint Folders vs. Metadata
byGregory Zelfond
 
PDF
Data Mesh Part 4 Monolith to Mesh
byJeffrey T. Pollock
 
PDF
Introduction to SharePoint Information Architecture
byGregory Zelfond
 
PPTX
Microsoft Purview
byMohammed Chaaraoui
 
PDF
SharePoint Site IA Architecture Design Considerations - Innovate Vancouver.pdf
byInnovate Vancouver
 
PPTX
Extending your Information Architecture to Microsoft Teams
byChristian Buckley
 
PPTX
Big data architectures and the data lake
byJames Serra
 
PPTX
SharePoint Folders vs. Metadata Best Practices
byChris Woodill
 
PDF
Microsoft SharePoint Syntex
byDavid J Rosenthal
 
PPTX
[DSC Europe 22] Overview of the Databricks Platform - Petar Zecevic
byDataScienceConferenc1
 
PDF
Building Lakehouses on Delta Lake with SQL Analytics Primer
byDatabricks
 
PDF
Data Warehouse or Data Lake, Which Do I Choose?
byDATAVERSITY
 
Taking a Crawl-Walk-Run Approach to Office 365 Retention - Ottawa SPUG (no de...
byJoanne Klein
 
Understanding Records Management in Office 365
byRecordPoint
 
Training – Introduction to SharePoint Online for Collaboration and Document M...
bySuhail Jamaldeen
 
Navigating the Mess of a Shared drive Migration to SharePoint
byJoanne Klein
 
Information Architecture Guidelines (SharePoint) - Innovate Vancouver.pdf
byInnovate Vancouver
 
Free Training: How to Build a Lakehouse
byDatabricks
 
SharePoint Design & Configuration Best Practices & Guidelines - Innovate Vanc...
byInnovate Vancouver
 
ECS 2023 - Setup and implement a successful Microsoft Teams governance strate...
byJasper Oosterveld
 
SharePoint Folders vs. Metadata
byGregory Zelfond
 
Data Mesh Part 4 Monolith to Mesh
byJeffrey T. Pollock
 
Introduction to SharePoint Information Architecture
byGregory Zelfond
 
Microsoft Purview
byMohammed Chaaraoui
 
SharePoint Site IA Architecture Design Considerations - Innovate Vancouver.pdf
byInnovate Vancouver
 
Extending your Information Architecture to Microsoft Teams
byChristian Buckley
 
Big data architectures and the data lake
byJames Serra
 
SharePoint Folders vs. Metadata Best Practices
byChris Woodill
 
Microsoft SharePoint Syntex
byDavid J Rosenthal
 
[DSC Europe 22] Overview of the Databricks Platform - Petar Zecevic
byDataScienceConferenc1
 
Building Lakehouses on Delta Lake with SQL Analytics Primer
byDatabricks
 
Data Warehouse or Data Lake, Which Do I Choose?
byDATAVERSITY
 

Similar to IRMS UG Principles of Retention in Microsoft 365

PPTX
M365 Virtual Marathon: Retention in Office 365 - the Where What and How
byJoanne Klein
 
PPTX
Data governance in Office 365
byCloudFronts Technologies LLP.
 
PPTX
The SharePoint Records Management Story
byErica Toelle
 
PPTX
7 ways to auto-apply retention labels in Office 365 - THR2071
byJoanne Klein
 
PPT
West Monroe Partners - Records management capabilities in share point 2010 -...
byCoskun Cavusoglu
 
PPT
SharePoint Records Management capabilities - West Monroe Partners - Virginia ...
byCoskun Cavusoglu
 
PDF
m365-compliance-illustrations.pdf
byssuser21965c2
 
PPTX
Developing retention rules that work
byBecky Bertram
 
PPT
ISSA Data Retention Policy Development
byBill Lisse
 
PPTX
SPFest Chicago - Information Management and Data Governance in Office 365
byJoanne Klein
 
PPTX
Information management and data governance in Office 365
byJoanne Klein
 
PDF
SPUnite17 Information Management and Data Governance in Office365
byNCCOMMS
 
PDF
Enterprise SharePoint Program - Architecture Models - (Innovate Vancouver) - ...
byInnovate Vancouver
 
PPTX
Office 365 and SharePoint Connect 2019 - Dispose with care
byAlbert Hoitingh
 
PPTX
SharePoint 2010 - Records Management
byCory Peters
 
PPTX
Understanding Compliance in Office 365
byErica Toelle
 
PPTX
Create a Compliance Strategy for Office 365
byErica Toelle
 
PDF
SPS Denver SharePoint Wizardry 2018
byNate Chamberlain
 
PPTX
HSPUG presentation - Advanced Data Governance
byDavid Broussard
 
PPTX
Information management in an Office 365 Collaboration World - SPS Toronto 2017
byJoanne Klein
 
M365 Virtual Marathon: Retention in Office 365 - the Where What and How
byJoanne Klein
 
Data governance in Office 365
byCloudFronts Technologies LLP.
 
The SharePoint Records Management Story
byErica Toelle
 
7 ways to auto-apply retention labels in Office 365 - THR2071
byJoanne Klein
 
West Monroe Partners - Records management capabilities in share point 2010 -...
byCoskun Cavusoglu
 
SharePoint Records Management capabilities - West Monroe Partners - Virginia ...
byCoskun Cavusoglu
 
m365-compliance-illustrations.pdf
byssuser21965c2
 
Developing retention rules that work
byBecky Bertram
 
ISSA Data Retention Policy Development
byBill Lisse
 
SPFest Chicago - Information Management and Data Governance in Office 365
byJoanne Klein
 
Information management and data governance in Office 365
byJoanne Klein
 
SPUnite17 Information Management and Data Governance in Office365
byNCCOMMS
 
Enterprise SharePoint Program - Architecture Models - (Innovate Vancouver) - ...
byInnovate Vancouver
 
Office 365 and SharePoint Connect 2019 - Dispose with care
byAlbert Hoitingh
 
SharePoint 2010 - Records Management
byCory Peters
 
Understanding Compliance in Office 365
byErica Toelle
 
Create a Compliance Strategy for Office 365
byErica Toelle
 
SPS Denver SharePoint Wizardry 2018
byNate Chamberlain
 
HSPUG presentation - Advanced Data Governance
byDavid Broussard
 
Information management in an Office 365 Collaboration World - SPS Toronto 2017
byJoanne Klein
 

More from Joanne Klein

PDF
Communication Compliance in Microsoft 365
byJoanne Klein
 
PPTX
Protecting your Teams Work across Microsoft 365
byJoanne Klein
 
PPTX
M365 Virtual Marthon: Protecting your Teamwork across Microsoft 365
byJoanne Klein
 
PPTX
Microsoft Teams in the Modern Workplace
byJoanne Klein
 
PPTX
Empowering the business for eDiscovery in Office 365 - BRK2112
byJoanne Klein
 
PPTX
Build a modern Office 365 Adoption Center with no code
byJoanne Klein
 
PPTX
Let's build an adoption centre in office 365
byJoanne Klein
 
PPTX
Azure Information Protection - Taking a Team Approach - SPS Montreal
byJoanne Klein
 
PPTX
Azure Information Protection - Taking a Team Approach
byJoanne Klein
 
PPTX
SharePoint Site Architecture: Flat, Deep or somewhere in the middle?
byJoanne Klein
 
PPTX
Office 365 Vancouver. A Team Approach to Azure Information Protection
byJoanne Klein
 
PPTX
O365 Practical Adoption Strategies - HDI Regina Chapter
byJoanne Klein
 
PPTX
Navigating the mess of a Shared Network Drive Migration to SharePoint - SPS B...
byJoanne Klein
 
PPTX
Office 365 - Practical Adoption Strategies - SP Unite @ Haarlem
byJoanne Klein
 
PPTX
Office 365 Practical Adoption Strategies - SPSBelgium
byJoanne Klein
 
PPTX
O365 Practical Adoption Strategies - SPS Toronto 2017
byJoanne Klein
 
PPTX
If SharePoint had Warning Labels
byJoanne Klein
 
PPTX
From 0 to 100 with Content types
byJoanne Klein
 
Communication Compliance in Microsoft 365
byJoanne Klein
 
Protecting your Teams Work across Microsoft 365
byJoanne Klein
 
M365 Virtual Marthon: Protecting your Teamwork across Microsoft 365
byJoanne Klein
 
Microsoft Teams in the Modern Workplace
byJoanne Klein
 
Empowering the business for eDiscovery in Office 365 - BRK2112
byJoanne Klein
 
Build a modern Office 365 Adoption Center with no code
byJoanne Klein
 
Let's build an adoption centre in office 365
byJoanne Klein
 
Azure Information Protection - Taking a Team Approach - SPS Montreal
byJoanne Klein
 
Azure Information Protection - Taking a Team Approach
byJoanne Klein
 
SharePoint Site Architecture: Flat, Deep or somewhere in the middle?
byJoanne Klein
 
Office 365 Vancouver. A Team Approach to Azure Information Protection
byJoanne Klein
 
O365 Practical Adoption Strategies - HDI Regina Chapter
byJoanne Klein
 
Navigating the mess of a Shared Network Drive Migration to SharePoint - SPS B...
byJoanne Klein
 
Office 365 - Practical Adoption Strategies - SP Unite @ Haarlem
byJoanne Klein
 
Office 365 Practical Adoption Strategies - SPSBelgium
byJoanne Klein
 
O365 Practical Adoption Strategies - SPS Toronto 2017
byJoanne Klein
 
If SharePoint had Warning Labels
byJoanne Klein
 
From 0 to 100 with Content types
byJoanne Klein
 

Recently uploaded

PDF
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
PDF
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
PPTX
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
PPTX
Cybercrime in the Digital Age: Risks, Impact & Protection
byYasir Naveed Riaz
 
PDF
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
PPTX
AI in Cybersecurity: Digital Defense by Yasir Naveed Riaz
byYasir Naveed Riaz
 
PDF
The year in review - MarvelClient in 2025
bypanagenda
 
PDF
Day 2 - Network Security ~ 2nd Sight Lab ~ Cloud Security Class ~ 2020
by2nd Sight Lab
 
PDF
API-First Architecture in Financial Systems
bycyy111112
 
PDF
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
PDF
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
PDF
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
PPTX
Data Privacy and Protection: Safeguarding Information in a Connected World
byYasir Naveed Riaz
 
PDF
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
PDF
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
PDF
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
PPTX
Cloud-and-AI-Platform-FY26-Partner-Playbook.pptx
byiuiuiuiu1
 
PPTX
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
DOCX
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
PDF
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
Cybercrime in the Digital Age: Risks, Impact & Protection
byYasir Naveed Riaz
 
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
AI in Cybersecurity: Digital Defense by Yasir Naveed Riaz
byYasir Naveed Riaz
 
The year in review - MarvelClient in 2025
bypanagenda
 
Day 2 - Network Security ~ 2nd Sight Lab ~ Cloud Security Class ~ 2020
by2nd Sight Lab
 
API-First Architecture in Financial Systems
bycyy111112
 
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
Data Privacy and Protection: Safeguarding Information in a Connected World
byYasir Naveed Riaz
 
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
Cloud-and-AI-Platform-FY26-Partner-Playbook.pptx
byiuiuiuiu1
 
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 

IRMS UG Principles of Retention in Microsoft 365

  • 1.
    A PRIMER ONTHE PRINCIPLES OF RETENTION IN MICROSOFT 365 THE ESSENTIALS TO UNDERSTAND A presentation by Joanne C Klein to IRMS on October 14, 2021
  • 2.
    SYNOPSIS There's only 4of them, but they're important. Really important. This session will talk about why it's essential for Records Managers and Information Management teams to have an authoritative understanding of the principles. They inform the retention and deletion processes and actions which are the technical underpinning of your Information Governance/Records Management (IG/RM) implementation. This is what ultimately determines the retention and deletion actions taken on each piece of content. Understanding the principles of retention is an important prerequisite to a holistic IG/RM design and implementation. It can help ensure you are deleting content when you no longer need/require it and retaining content for as long as you are required to meet your corporate governance requirements and your legal, business, and regulatory obligations.
  • 3.
  • 4.
    Information Protection Data Loss Prevention Information Governance Records Management Insider Risk Communication Compliance eDiscovery Site Architecture Information Architecture Content Management Content Services Search SharePoint Syntex Microsoft365 Advanced Compliance My Work Experience Financial Services Government Manufacturing HealthCare Legal Services Defense 10+ years SharePoint experience Global Industry Compliance experience joannecklein.com
  • 5.
    My Approach • Crawl-Walk-Runis a proven, established approach I’ve seen success with • Aim for progress, not perfection • The road to compliance is a marathon; not a sprint • Understand your compliance obligations: business, regulatory, legal before you start • Understand the cost/benefit of your compliance decisions • Don’t customize unless… • It is functionality you can’t live without • It is a differentiator for your business joannecklein@nexnovus.com linkedin.com/in/joannecklein joannecklein.com +1-306-527-7580
  • 6.
    AGENDA | PRINCIPLESOF RETENTION WHY ARE THEY NECESSARY? THE ESSENTIALS TO UNDERSTAND (BEFORE YOU GET INTO THE PRINCIPLES) THE PRINCIPLES WALK-THRU EXAMPLES
  • 7.
    Have an authoritativeunderstanding of your regulatory requirements before you start! SEC17a-4 SOX HIPAA/HITECH KVKK GDPR NIST ISO FedRamp CCPA PHIPA PIPEDA FOIA Global National Regional Industry ICA Module 2 FINRA FERPA
  • 8.
    WHY ARE THEPRINCIPLES NECESSARY? • They work alongside your retention policies and labels to be the technical implementation of your: • Regulatory requirements • Information Governance requirements • They ensure your “rules of Compliance” are being adhered to! • They ensure Legal Holds are taken into consideration… “One rule to rule them all”
  • 9.
    RETENTION IN MICROSOFT 365 “THEESSENTIALS TO UNDERSTAND” Current ways to APPLY a retention label Ways to SCOPE retention BEHAVIOR of retention label types Retention policy and retention label DIFFERENCES PRINCIPLES of Retention 3 ACTIONS retention policies/retention labels can take -Joanne C Klein
  • 10.
    DELETE ONLY “Delete allTeams Chats 2 years after they’re sent. They can be deleted earlier by an end-user.” RETAIN ONLY “Retain all Access Request forms for a minimum of 5 years” RETAIN and DELETE “Retain all contract information for 2 years after contract expiry and delete after review” 3 ACTIONS retention policies/retention labels can take Understanding the action is really important!
  • 11.
    Retention Policy • Appliedto a location (Site, Team, Group, Mailbox) • End-user is unaware it’s there • You cannot trigger a disposition review at the end of the retention period (no easy way to see what’s about to be deleted) • You cannot declare content a record or regulatory record • Retention can start based on: • created date • last modified date • Publish locations Retention Label • Applied to an item in a location • End-user can see it and set it (unless label is ONLY auto-applied) • You can trigger a disposition review at the end of the retention period • You can declare an item a record or regulatory record • Retention can start based on: • created date • last modified date • labeled date • an event date • Publish locations Retention policy and retention label DIFFERENCES
  • 12.
    RETENTION POLICY PUBLISH LOCATIONS RETENTIONLABEL PUBLISH LOCATIONS • SharePoint sites (whole site) • Microsoft 365 Groups (entire site and mailbox) • OneDrive for Business sites (whole site) • Exchange Mailboxes (entire mailbox) • Microsoft Team Chats (all User chats) • Microsoft Team Standard/Private Channel conversations (all conversations) • Yammer Community messages (all messages) • Yammer Private messages (all User Private messages) • SharePoint sites (used in libraries and lists) • Microsoft 365 Groups (files within sites, emails within mailboxes) • OneDrive for Business sites (used in libraries) • Exchange Mailboxes (specific emails) • Microsoft Teams Meeting recordings stored on SharePoint and OneDrive (specific recordings) Retention policy and retention label DIFFERENCES
  • 13.
    CAPABILITY REGULAR LABEL RECORDLABEL UNLOCKED RECORD LABEL LOCKED Edit file contents Edit properties, including file rename Delete the file Copy the file Move within container (OneDrive, SPO Site, Exchange mailbox) Move across containers (OneDrive, SPO Site, Exchange mailbox) Open/Read file Change retention label on the file Remove retention label from a file REGULATORY RECORD LABEL If never unlocked Container Admin Container Admin Container Admin Container Admin BEHAVIOR of retention label types Immutability increases
  • 14.
    Microsoft 365 Roadmap- Retention Label deletion behavior change in SharePoint and OneDrive Retention Label Behavior Change coming… “Improved consistency allowing users to “delete” files labeled with a retention label configured to “retain items for a specific period” as this operation is no longer blocked with an error message. When deleted, these files will still be preserved for compliance purposes by moving a copy of them to the “Preservation Hold Library” of the site where they can be accessed by eDiscovery and other compliance solutions.” This behavior change will be configurable as a tenant-wide setting. Rolling out November 2021…
  • 15.
    Location • SharePoint, OneDrive,Exchange, Microsoft 365 Groups • Default a Document library or folder Metadata and property • Content type, metadata (built-in and custom) Keywords and KQL queries • “Project XYZ” Out-of-box and custom Sensitive Information Types • Financial, Healthcare, Privacy Out-of-box and custom Trainable Classifiers • Resume, Contract, Patient Record, etc. PowerShell, Code, Power Automate • PnP PowerShell •REST API SharePoint Syntex • Document Understanding model • Form Processing model Automatically Apply based on… Manually Apply Retention/Deletion period • Retention length • Expiration length Level of immutability • Retention label • Record label • Regulatory record label Actions • Retain Only • Retain and Delete • Delete Only • Disposition review Period start • An event • Date created • Date last modified • Date labeled Classify Label Definition Current ways to APPLY a retention label Automatic Manual
  • 16.
    Static Scope (whatwe use now) • All locations • Select included locations: • Specific sites/mailboxes/groups/Teams • Select excluded locations: • Specific sites/mailboxes/groups/Teams Adaptive Scope (Private Preview) • Dynamic inclusion/exclusion of locations • User locations based on… • Azure AD attributes (First name, Last name, Display name, Job Title, Department, Office, Street address, City, State or Province, Postal Code, Country or Region, Email Address, Alias, Custom attribute 1-15) • Any filterable property in OPATH • Microsoft 365 Groups based on… • Azure AD attributes (Name, Display name, Description, Email addresses, Alias, Custom attribute 1-15) • SharePoint Sites based on… • Site URL, Site name, RefinableString00-99 Ways to SCOPE retention Once defined, scopes are used in Retention Policies and Label Policies Filterable properties for the Filter parameter | Microsoft Docs Limits for retention policies and retention label policies - Microsoft 365 Compliance | Microsoft Docs
  • 17.
    EXAMPLE USE-CASES FOR ADAPTIVE SCOPES •“Retain all Executive emails and OneDrive files forever” • “Retain all Germany users’ emails for 5 years; Retain all others’ emails for 3 years” • “Retain all Project sites for 7 years past project completion” Ways to SCOPE retention
  • 18.
    YOUR REQUIREMENTS AND THESERETENTION ESSENTIALS HELP INFORM YOUR RETENTION LABEL AND POLICY CONFIGURATION Current ways to APPLY a retention label Ways to SCOPE retention BEHAVIOR of retention label types Retention policy and retention label DIFFERENCES PRINCIPLES of Retention 3 ACTIONS retention policies/retention labels can take THE PRINCIPLES OF RETENTION THEN DETERMINE THE ACTION TO TAKE ON EACH ITEM **COMPLIANCE
  • 19.
  • 20.
    Level 4 Shortest deletionperiod wins Level 3 Explicit wins over implicit Level 2 Longest retention period wins Level 1 Retention wins over deletion Tie-breaking comparison performed against each item (document, email) for all retention policies published to the location and the retention label, if any, applied to the item. Before you start If there’s a “winner” at the level, comparison stops If there isn’t a “winner” at the level, proceed The Principles of Retention or what takes precedence - Microsoft 365 Compliance | Microsoft Docs https://docs.microsoft.com/en-us/microsoft-365/compliance/retention-flowchart?view=o365-worldwide START HERE PRINCIPLES of Retention (and Deletion)
  • 21.
    The Principles ofRetention | Retention examples Example 1 Example 2 Labeled docs: Longest retention period wins All other docs: Retention wins over deletion All docs: Longest retention period wins What level “wins” in the Principles of Retention?
  • 22.
    The Principles ofRetention | Deletion examples Example 3 Example 4 Labeled docs: Explicit wins over Implicit All other docs: Shortest deletion period wins Labeled docs: Explicit wins over implicit All other docs: Shortest deletion period wins What level “wins” in the Principles of Retention?
  • 23.
    The Principles ofRetention | Combined examples Example 5 Example 6 Labeled docs: Retention wins over deletion All other docs: Shortest deletion period wins All docs: Longest retention period wins What level “wins” in the Principles of Retention?
  • 24.
    The Principles ofRetention | Combined examples Example 7 Example 8 Executive mailboxes: Retention wins over deletion All other mailboxes: Shortest deletion period wins All mailbox items: Longest retention period wins What level “wins” in the Principles of Retention?
  • 25.
    PRINCIPLES OF RETENTION FUNCHALLENGE TEST YOUR KNOWLEDGE ACROSS 6 SCENARIOS! LINK: HTTPS://JOANNECKLEIN.COM/2021/07/05/PRINCIPLES-OF-RETENTION-IN-MICROSOFT-365
  • 26.
    THE PRINCIPLES OF RETENTIONLINKS Reference: The Principles of Retention or what takes precedence - Microsoft 365 Compliance | Microsoft Docs Flowchart: https://docs.microsoft.com/en- us/microsoft- 365/compliance/retention- flowchart?view=o365-worldwide
  • 27.
    Thank you IRMS! Let’sConnect! @JoanneCKlein joannecklein@nexnovus.com joannecklein.com SharePoint & Microsoft 365 consultant | Advanced Compliance