May Records Updates for Microsoft 365

(This blog post was written as a guest post on Blog – Leadership Through Data)

On 19th May 2021 Microsoft published a blog announcing Multi-stage disposition approval in Microsoft Records Management in Microsoft 365 as well as some other really nice enhancements to the Information Governance and Records Management tools.

The headline feature is the ability to configure a multi stage disposition approval process which takes place at the end of a prescribed retention period.  This feature is live NOW and supports up to a 5 stage process.  However this feature is still in Public Preview and this means Microsoft may change the feature at any time, so consider carefully how you deploy this feature in production environments until it reaches general release.

Before you look at configuring this in your tenant, you need to ensure you have the appropriate licensing which is an advanced compliance license (Microsoft 365 E5 or an E5 Compliance add on) for each user who will benefit from the settings.  This means every user who has access to the information covered by the retention policy should be licensed.  For more details in licensing please see https://docs.microsoft.com/en-us/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#information-governance.

If you edit an existing retention label with a disposition review option you will be able to add additional stages to the review, as well as having multi stage disposition available for new labels too.  Before you start, be sure to draft the processes including the people/groups who will carry out each stage of the disposition review.  A limitation at this time is that only mail-enabled security groups are supported NOT Microsoft 365 groups.  Microsoft 365 groups will be supported in the future, though no date as yet.  All reviewers need to have appropriate permissions (See https://docs.microsoft.com/en-gb/microsoft-365/compliance/disposition?view=o365-worldwide#permissions-for-disposition)

To create a new label with a multi stage disposition review:

  1. Navigate to the Microsoft 365 Compliance Center and under Information Governance choose Create a Label
     
  2. Microsoft 365 compliance 
Data connectors 
Alerts 
Reports 
Policies 
Permissions 
Solutions 
Catalog 
Audit 
Content search 
Content search 
Communication compliance 
Data loss prevention 
Data subject requests 
eDiscovely 
Information governance 
Information governance 
Labels Label policies Retention policies 
Import Archive 
When published, retention labels appear in your users' apps, such as Outlook, SharePoint, and OneDrive. When a label is applied to email or dc 
can create labels that retain content for a certain time or ones that simply delete content when it reaches a certain age. Learn more 
+ Create a label Publish labels Import U Export CD Refresh 
Name 
GDPR Governed Data 
SharePoint GDPR Data Retention 
Attorney-Client Privilege Classification 
Passport Numbers 
Non-Disclosure Agreement Classification 
UK Financial Sensitive Data 
GDPR
  3. Add the name and descriptions, then click Next
     
  1. Choose retention settings and select Trigger a disposition review, then click Next
     
  1. Name each stage (maximum of 5 stages) and add the people or groups, then click Next
     
  1. Review setting and then Create label
     

Remember you will need to add the new label to a label policy or create a new label policy to make it availalbe to users.

The second big update, Adaptive Policy Scopes, is currently in private preview.  If you would like to sign up to the private preview you should complete the form at https://aka.ms/MIPC/AdaptiveScopes-Preview.  Microsoft are looking for organisations with test tenants as this feature is not recommended for deployment into a production environment at this stage.  You should also have time to work with the engineers on evaluating and testing the features within your organisation requirements.

Adaptive Policy Scopes have been designed to help organisations cope with a changing landscape as users and containers (sites/Teams) are subject to change which would indicate the application of differing retention settings, such as change of department.  The Adaptive Policy Scopes will also help overcome the limits per retention policy when specifying or excluding users/containers from a policy see https://docs.microsoft.com/en-us/microsoft-365/compliance/retention-limits?view=o365-worldwide#maximum-number-of-items-per-policy for detail of these limits.

Adaptive policy scopes will be assigned based on attributes.  In this screenshot you can see an example of user attributes  being used to define a user adaptive scope which will allow retention policies to be assigned users within the New York Sales department.

 The improvements to the disposition approval experience include speed improvements, list sorting and filtering, addition of reviewers to individual items, retention extension and/or relabelling will have a big positive impact.  As will the ability to add customised text to the notification and reminder emails. These and a few reminders of items already announced were included in Microsoft’s blog and we’ll cover those in more detail in later posts.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s