The Microsoft Office suite is familiar to most organisations today in its longstanding role as an enabler of workplace productivity. As organisations grow and adapt however, there is a need for increasingly mobile and interconnected work environments, leading to the uptake of Microsoft 365 (M365). While use of M365 in organisations is increasing, we are also seeing a steady decline in use of more traditional electronic document and records management systems (EDRMS). Many organisations are decommissioning their EDRMS in favour of native records and information management functionality available in M365.
In order to effectively utilise the M365 suite it is important that organisations understand their business and regulatory information governance requirements for securing, describing, using and managing information assets. With a good understanding of these requirements organisations can explore how native features in M365 can help meet these requirements, and where information governance compliance gaps might exist.
In this series we will look at various M365 features across three key areas:
- Information management
- Information security
- Search and discovery
Information Management – Retention
Microsoft 365 provides centralised management of retention through the Security and Compliance Centre via:
- Retention Policies – broad retention control
- Retention Labels – granular retention control
Policies and labels can be used simultaneously within Microsoft 365, with the longest retention period taking precedence.
|Retention Policies||Retention Labels|
|Event based retention||✔|
|Manage SharePoint, OneDrive, Groups and Exchange content||✔||✔|
|Manage Microsoft Teams (Chats and Channel messages), Skype for Business and Exchange Public Folders content||✔|
|Manage content as a finalised record||✔|
|Apply based on sensitive information||✔||✔|
|Apply based on specific words and phrases||✔||✔|
|Can be manually applied to specific documents||✔|
It is critical that organisations have a clear understanding of the type of information assets that will be captured within the various M365 solutions. Having this understanding will support identification of requirements for retention and defensible disposal of information assets. Understanding these requirements will allow for retention controls to be appropriately planned for at implementation.
In the coming weeks we will be looking at the various aspects of retention in M365 to help you better understand how you can meet your retention requirements:
- Retention policies
- Retention labels
- Retention label policies
- Event-based retention
About the Author
Adelaide Copland has worked as an information specialist and CM/TRIM application administrator since 2014. Adelaide has experience in Microsoft 365 implementations, process improvement, records training delivery, development of policies and procedures, strategy and establishing digitisation programs.