O365 Retention Policies and SharePoint Online Information Management Policies – Is there peaceful coexistence?

With the introduction of the O365 Security & Compliance Center, Administrators have a new set of tools to manage data retention.  Can we effectively integrate existing SharePoint Online retention and governance tools with these new features?  What’s the best tool to use?  Let’s take a look.

First, let’s review the new O365 features and some considerations:

Office 365 Data loss prevention (DLP)

Data Loss Prevention (DLP) introduces the capability to identify confidential or sensitive information and block sharing of content based on characteristics of the content itself.  The tool provides a wide variety of pre-built rules and policies based to handle common governance scenarios.

Can DLP coexist with existing SharePoint governance tools?

Absolutely. In SharePoint Online, DLP can overlay existing governance and retention controls and provides new capability to ensure sensitive information is not shared with the wrong people.

Office 365 Labels

Labels are a method to identify different types of content stored in O365.  For SharePoint, this is probably closest to the concept of Content Type, where you have defined a retention policy.

Can O365 Labels coexist with existing SharePoint governance tools?

Not really.  Here are some key pieces of information about O365 labels that make it difficult:

  1. You can’t “auto-apply” a label that also designates the document as a “record” (different than a SharePoint “record”).
  2. Labels only check the document content, not metadata properties (this is a future feature).
  3. You have the options to apply “sensitive” content rules or keyword search in a label, not both.
  4. You can only add the top-level site of a site collection to the scope of the label. Filtering labels to a sub-site is not supported.
  5. Only one label per document. Manually-applied labels cannot be overwritten by an auto-applied label.
  6. Labels provide the ability to define retention and disposition. Admins can define individual users to review disposition of documents.

Office 365 Retention

O365 Retention provides the ability to enforce the retention of documents for specific periods of time.  Retention policies can be deployed as stand-alone policies or as the outcome of a “label” designation (which will usually be the case).

Can O365 Retention coexist with existing SharePoint governance tools?

Not really.  Here are some key pieces of information about O365 Retention that make it difficult:

  1. Retention runs at the site level. This means that you can’t isolate the retention to specific libraries.
  2. It takes precedence over Information Management Policy (IMP) retention. This means a document that an IMP deletes will still have a copy stored in a “Preservation Hold Library” in the site.
  3. It doesn’t recognize “Records” designation in SharePoint. You can’t differentiate retention based on a SharePoint record.
  4. It only recognizes “Created” and “Modified” system date/time information. You can’t kick off a retention period using a date/time field you created.
  5. You must have version control enabled for the O365 Retention to retain versions. This isn’t too big of a deal since versioning is turned on by default in O365 libraries.
  6. You can set retention based on “Keywords”. You can potentially identify specific documents for retention based on matching the keyword dialog to existing metadata tags.
  7. Your options for disposition at the end of the retention period are “retain” or delete”. You can’t kick off a workflow or other available options in SharePoint IMPs.

O365 Disposition

O365 Disposition is an interface to manage documents subject to review.  Automation in the background sends weekly emails to reviewers until they act on an individual document.

Can O365 Disposition coexist with existing SharePoint governance tools?

Not really.  Here are some key pieces of information about O365 Disposition that make it difficult.

  1. Reminder emails go out on a weekly basis. There are no interfaces to adjust this schedule.
  2. Users have three options:
    • Apply a different label. Remember, this is a manual process, so it will not be changed via auto-apply policies.
    • Extend retention period.
    • Delete permanently. This means the copy stored in the Preservation Hold library is permanently deleted within 7 days and the “original” copy is sent to the recycle bin.
  3. You cannot reassign the review or change the disposition options.

Recommendations on coexistence

Apart from DLP, most organizations are going to have to decide on whether to use the O365 governance or SharePoint governance tools.  Here’s a list of considerations in making the decision:

  1. Do I need to apply retention rules across SharePoint, Exchange, Groups and Skype?

If the answer is yes, then O365 Governance is the best (and really only) option across the O365 platform.

  1. Do I need workflow automation around the review and disposition of documents?
    1. If the answer is yes, the SharePoint IMPs are the way to go, as you can call custom workflows and set multiple layers of actions.
  2. Do I need to identify and retain content based on information contained in a document?
    1. If the answer is yes, O365 Governance provides the ability to search and retain documents based on keywords or “sensitive information” policies.
  3. Do I need to be able to apply different policies per site and library?
    1. If the answer is yes, then SharePoint IMPs allow this level of detailed designations.
  4. Do I need the ability to designate some document are “records”?
    1. Both O365 and SharePoint have similar records functionality.
    2. O365 Governance provides the ability to designate records based on information contained in the content of a document.
    3. SharePoint provides the ability to apply record designation manually or via the outcome of a workflow.
  5. Are my document retention and disposition policies general and simple?
    1. If the answer is yes, O365 Governance can provide an effective solution.

If you would like to learn more or need help with either SharePoint or features in O365, send us an email at info@peters.com.  We are happy to help!

By |2018-02-19T15:05:44-05:00February 19th, 2018|Collaboration|Comments Off on O365 Retention Policies and SharePoint Online Information Management Policies – Is there peaceful coexistence?

About the Author:

As Solution Architect at Peters & Associates, Chris Cummins is responsible for design in Peters & Associates development and business intelligence practices. This includes ensuring the team delivers to our standards of successful design, implementation, and satisfaction of our clients. He has over 25 years of industry experience, and has delivered over 375 Microsoft SharePoint projects for Peters & Associates. Chris has an undergraduate degree from the University of Illinois (Urbana), a MBA from Lewis University and industry technical and project management certifications. Chris’ primary role with our clients is aligning technical solutions to business needs.