This course starts with an overview of what is meant by defining a policy scope. We then review the shortcomings of static scope definitions and investigate how an adaptive scope solution can solve those problems. Having examined the theory, we will then implement an adaptive scope in the context of a regulatory record data retention policy.
- Gain an overview of adaptive policy scopes
- Examine adaptive scope use cases
- Implement an adaptive scope with a record data retention policy
- Students who want to learn about adaptive policy scopes, when to use them, and how to create them
- Students preparing for the SC-400: Microsoft Information Protection Administrator exam
- There are no mandatory prerequisites required to take this course, but knowledge of data loss prevention policies would be beneficial
Let’s create a couple of adaptive scopes using the User and Microsoft 365 groups categories. In the Microsoft Purview admin center, expand Roles & Scopes, select Adaptive scopes, and click the create scope button. You need to give the scope a name, but the description is optional. As we’ll see, the scope queries can be reasonably intricate, so a description could be a good idea if that’s the case. I’m going to append user in brackets, so it’s immediately obvious how the scope was formulated. The scope type is displayed in the listing, but it doesn’t hurt to be crystal clear. Next, we select the type of scope, which will be user, and next again to define the scope query. We’re going to build a series of Boolean clauses joined together with “ands” and “ors” much like joining clauses together in an SQL where statement. First off, I want to include the HR manager, so I’ll select Department from the user attributes list.
Next, we select the type of comparison. I’ll go with is equal to, but there is a limited range of alternative operators, like not equal, starts with, and not starts with. The value is HR. Next, we specify the manager by adding the job title attribute and making it equal to manager. We want to include the sales manager in the scope, but if I just “and” another clause, as in, and department equals sales, then it won’t work. You can’t be in HR and sales and be the manager of both. Well, not in this company. We group the anded clauses together in brackets as you would in any Boolean expression. Select the attributes in question, in this case, department and job title, and click group selected attributes. Sure enough, the query summary has enclosed the terms in brackets. Before we carry on, let’s take a look at the advanced query builder. Swapping between advanced and simple modes is not synchronized, i.e., what I’ve built so far isn’t displayed in the advanced text box. Advanced mode lets you type in the query as text. I’ll go back to simple and copy the query summary and paste it into the advanced text box.
Now I’ll add the sales manager condition, which is the same as the HR manager except for the department. I know I’m being incredibly optimistic, hoping this will be replicated in the simple query view – and I am. Ok, so there’s no coordination between these views, but which view you’re on when going to the next step will be the one used by the scope, as we can see here. I’m not finished yet, so let’s head back to the simple view where I’ll recreate the sales manager condition. The condition joining functionality is a bit off, in my opinion. The sales department join type changes by itself when I change the join below it. Anyway, after grouping the sales manager attributes, I can successfully change the “and” to an “or.” I’ll add one more condition – where department equals finance. Click next and then submit.
Now I’ll create another scope targeting the Greek sales office using the Microsoft 365 groups category. Actually, before we do that, let’s have quick look at SharePoint sites. It’s basically the same in terms of functionality, but obviously, the attributes, or in this case, the properties, are different. Apart from refinable strings 0 through to 99, there are the site name and URL properties. Refinable strings can be found under SharePoint site collection managed properties. Ok, back to the scope creation. This will be a simple one-condition scope definition. Where the email address starts with SalesGreece@. Again, click next and then submit to finish, followed by done to get back to the main adaptive scopes page.
I’m going to quickly create a retention label called Greek Sales Bonus. I’ll stick with the default values, but I’ll mark the items as regulatory records, as these are financial records of bonus payouts.
Under file plan, click create new label and then give your label a name, and click Next. I’ll stick with the descriptor defaults and click next. I’ll retain the items for the default 7 years and mark items as regulatory records. As regulatory record labels are immutable, we get this warning that we won’t be able to delete the label or make it less restrictive. Don’t be concerned if you can’t see the regulatory records. This option is enabled through PowerShell and is detailed in a future course. When the retention period is over, we’ll deactivate the retention settings.
With the label created, we need to publish it and create a policy to associate the scopes with. At the scope stage, you could create a static scope, but in selecting adaptive scope and clicking next, you choose from pre-existing scopes. Click the add scopes button and select the scopes to apply, remembering you can use more than one. Global HR and sales managers and the finance department are in scope, along with the Greek sales team. We name the policy appropriately, click next, and submit.
Hallam is a software architect with over 20 years experience across a wide range of industries. He began his software career as a Delphi/Interbase disciple but changed his allegiance to Microsoft with its deep and broad ecosystem. While Hallam has designed and crafted custom software utilizing web, mobile and desktop technologies, good quality reliable data is the key to a successful solution. The challenge of quickly turning data into useful information for digestion by humans and machines has led Hallam to specialize in database design and process automation. Showing customers how leverage new technology to change and improve their business processes is one of the key drivers keeping Hallam coming back to the keyboard.