Microsoft 365 Data Governance
In this course, we take a look at data governance in Microsoft 365 and what it's used for. We’ll take a look at retention labels and retention policies, covering what they are and what they do.
You'll also learn the different ways you can import data into Microsoft 365. Finally, we'll take a look at governance reports in Microsoft 365.
By the time you finish this course, you should have a good understanding of data governance in Microsoft 365.
This course is intended for those who wish to learn about the basics of Data Governance in Microsoft 365.
To get the most out of this course, you should already have some basic experience with Microsoft 365.
Welcome to Retention Policies and Retention Labels. In this lesson, we’re going to take a look at what retention policies are, what retention labels are, and what roles each plays.
Retention labels and retention policies are both used to manage and govern information. They actually work together to ensure that organizational data is retained only for the time necessary, and that that data is permanently deleted when you no longer need it.
Organizations typically apply retention labels to data and assign retention policies in order to adhere to industry regulations and internal data governance policies that require them to ensure their content is only retained for a certain amount of time. Labels and policies are often used to mitigate legal and security risks, because they cause old data to be permanently deleted when it’s no longer needed.
Organizations will also often use retention labels and retention policies to ensure that their users are only working with current data. For example, the organization will assign retention settings to the data - so that data, which is usually stuff like Word documents and Excel spreadsheets, remains in its original location. The users continue working with the data as though nothing has changed with it. However, if a document, that has a retention policy attached to it, is edited or deleted by a user, a copy of that document is automatically saved in a secure location that’s not visible to the user base. Long story short, if the organization becomes involved in litigation, and needs to retain documents without letting users know, retention policies and retention labels help accomplish this.
Retention settings can be used with SharePoint content, OneDrive content, Microsoft Teams, Yammer content, and Exchange content.
When you use retention policies and retention labels to configure retention settings for data, there are some things you need to keep in mind.
When you use a retention policy to govern data retention, the policy is used to assign the same retention settings to content at the SITE level or to the MAILBOX level. That said, a single retention policy CAN be applied to multiple locations, AND it can be assigned to specific locations or users.
I should also mention that retention settings roll downhill. This means that if you assign a retention policy to a container, the content within that container will inherit the retention settings that are applied to the container specified via the retention policy.
Another important thing to remember is that when a retention policy is configured for a container to KEEP content, when a document gets moved outside that container by a user, a copy of the document is kept in the workload's secured location. Retention settings assigned to the original document DO NOT move with the document to its new location.
So, now that you know a little bit about retention policies, let’s talk a little bit about retention labels.
We’ve already established that retention policies are used to define retention settings for content. Now, retention labels, on the other hand, they are used to assign those defined retention settings to folders, documents, and email. So, the policies define the retention settings, and the labels apply the retention settings to content.
I should point out that an email or document can have only a ONE retention label assigned to it at any given time. I mean, this only makes sense. What would be the point to assigning two different sets of retention settings to a piece of content?
I should also point out that retention settings assigned via retention labels DO move with the content. In other words, if an Excel document that’s been assigned a retention label, gets moved to a different location within the Microsoft 365 tenant, the settings will move with the document.
When working with retention labels, it’s important to understand that such labels can be applied automatically, and they can be applied manually, assuming the admin has enabled this functionality. You can even apply a default label to SharePoint documents.
Another use case for retention labels is disposition review. This means that you can use them to ensure that content is reviewed before it’s permanently deleted.
To demonstrate how retention policies and retention labels can be used, let’s use an example.
Let’s assume the Blue Widget Company needs to adhere to a policy that dictates all documents be kept for at least 5 years. However, there are certain tax documents that need to be kept for 7 years.
The Blue Widget Company stores all its documents in SharePoint.
To meet the retention requirements for the Blue Widget Company, the Microsoft 365 administrator might create a default retention policy that keeps all content for 5 years. He would also create a retention label that enforces these settings, and apply the label to all the documents in the SharePoint site.
To increase the retention for the tax documents to 7 years, he would create a separate policy that keeps content for 7 years, and he’d apply that policy to the tax documents, using a separate retention label.
So, what’s the key takeaway here?
The key takeaway is that retention labels and retention policies are used in combination to manage and govern content. You use them in tandem to ensure that your content is retained for only the amount of time that it’s needed, and that it’s permanently deleted when it’s no longer needed.
Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.
In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.
In his spare time, Tom enjoys camping, fishing, and playing poker.