top of page
Search
  • Hanna Korotka

Cybersecurity Awareness - Govern Your Data


Microsoft Purview Data Lifecycle Management, formerly known as Microsoft Information Governance, is a robust tool designed to equip your organization with the capabilities necessary to retain essential content while eliminating unnecessary data. In this blog post, we'll dive deep into the world of Purview Data Lifecycle Management and explore how it can empower your organization to enhance security, reduce risks, and ensure compliance.


The Significance of Data Lifecycle Management


As an organization operating in the digital age, you are well aware of the value of data, which can take various forms such as emails, documents, instant messages, and more. Efficiently managing this ever-growing volume of data is vital for several reasons:


Proactive Compliance: Industry regulations and internal policies often mandate organizations to retain specific types of content for predefined periods. For instance, the Sarbanes-Oxley Act may require you to retain certain content for up to seven years. Purview Data Lifecycle Management enables you to proactively comply with such regulations.


Risk Reduction: Beyond compliance, deleting obsolete data not only aids in meeting regulatory requirements but also mitigates risks and liabilities. By reducing the volume of data you retain, you minimize your organization's attack surface, making it more challenging for malicious actors to exploit vulnerabilities.


Efficient Knowledge Sharing: Effective data management ensures that your users have access to up-to-date and relevant content. This, in turn, enhances knowledge sharing, agility, and overall productivity within your organization.


Understanding Retention Settings


Purview Data Lifecycle Management offers two essential retention actions: retaining content and deleting content. These actions enable you to configure your data retention settings according to your specific needs:


1. Retain Content

  • Purpose: Prevent permanent deletion and keep content available for eDiscovery.

  • Use Cases: Retain content for compliance purposes or to ensure its availability for legal purposes.

2. Delete Content

  • Purpose: Permanently remove content from your organization.

  • Use Cases: Safely delete obsolete or irrelevant data to reduce risk and free up storage space.


Retention settings can be configured with three primary outcomes:

  • Retain-Only: Keep content indefinitely or for a specified period.

  • Delete-Only: Permanently delete content after a specified period.

  • Retain and Then Delete: Retain content for a defined period before permanent deletion.


Utilizing Retention Policies and Retention Labels


Use a retention policy to manage the data for your organization by deciding proactively whether to retain content, delete content, or retain and then delete the content. A retention policy lets you do this very efficiently by assigning the same retention settings at the container level to be automatically inherited by content in that container. For example, all items in SharePoint sites, all email messages in users' Exchange mailboxes, all channel messages for teams that are used with Microsoft Teams.


In your data governance strategy, you may encounter scenarios where exceptions to your retention policies are necessary. Retention labels address such exceptions by applying retention settings at an individual item level, allowing you to retain specific content for longer periods or override automatic deletion. For example, if your retention policy specifies retaining content for three years but you have contract documents that must be retained for seven years, you can use retention labels to address this exception effectively.


In cases where multiple retention settings conflict with each other, it's crucial to understand the principles that determine the outcome.



These principles ensure that data is retained and deleted according to your organization's specific requirements:

  1. Retention Wins Over Deletion: Content subject to retention settings will not be permanently deleted while retention is in effect. Permanent deletion is suspended until the retention period expires.

  2. The Longest Retention Period Wins: When content is subject to multiple retention settings with different periods, the longest retention period prevails.

  3. Explicit Wins Over Implicit for Deletions: Retention labels take precedence over retention policies for deletions.

  4. The Shortest Deletion Period Wins: If conflicts remain unresolved after considering the above principles, content is permanently deleted at the end of the shortest retention period.


For End-Users: Getting started with Retention Labels


Whereas retention policies automatically apply to all items at the container level (such as SharePoint sites, user mailboxes, and so on), retention labels apply to individual items, such as a SharePoint document or an email message.


Apply retention labels to files in SharePoint and OneDrive


User can apply retention labels to files in SharePoint and OneDrive, either individually or collectively.

In OneDrive or a SharePoint library, you can label most any file — an Office document created in Word, PowerPoint, Excel, and so on, or even a OneNote file, you can also label non-Office files such as a PDF.) To apply retention label: 1. Select the item 2. In the upper-right corner, select Open the details pane 3. Under Apply label, select Choose a label to open the list of options.



4. Select the appropriate retention label for your document. (To learn about the differences between the labels, you can point at each one to see a description of it and its retention period.). After a retention label is applied to an item, you can view it in the details pane when that item's selected.​​​​​​​



Selecting labels in SharePoint at the site level


In addition to selecting a label to be applied to a single item in SharePoint, one can set all content to be labeled in the library folder or document set. This allows all the documents to have a default label applied.


1. Navigate to SharePoint and click the settings icon and select Library Settings. On the Documents>Settings page, click Apply Label To Items In This List or Library as shown below.

2. On the Settings>Apply Label page, click the down drop and choose the appropriate retention label.



Working with retention in Teams chat and channel


There is no end user action for retention labels and Teams settings, below are examples of what you could see in Teams should a retention policy be applied.


1. An example of a previous post to a channel that organization removes historic conversations after 1 month.


2. Below is an example of a previous post to a chat that Munson’s removes historic conversations after 1 month.



Retention labels in Outlook


To apply retention label to an email:

1. Select the item

2. On the Home tab on the ribbon, click Assign Policy

3. Choose the appropriate retention label



After the retention label is applied, you can view that retention label and what action it takes at the top of the item. If an email has a retention label applied that has an associated retention period, you can see at a glance when the email expires.



To apply retention labels to Outlook folders as a default label that can be inherited by messages in that folder:

1. Right-click the folder

2. Select Properties



3. Select the Policy tab

4. Select the retention label from the Folder Policy drop-down list you want to use as that folder's default retention label



When you use retention label as your default label for an Outlook folder:

  • All unlabeled items in the folder have this retention label applied.

  • The inheritance flows to any child folders and items inherit the label from their nearest folder.

  • Items that are already labeled retain their retention label, unless it was applied by a different default label.

  • If you change or remove the default retention label for the folder: Existing retention labels applied to items in that folder are also changed or removed only if those labels were applied by a default label.

  • If you move an item with a default retention label from one folder to another folder with a different default retention label: The item gets the new default retention label.

  • If you move an item with a default retention label from one folder to another folder with no default retention label: The old default retention label is removed.


Microsoft Purview Data Lifecycle Management offers a robust solution for managing data throughout its lifecycle. By effectively retaining valuable content and deleting unnecessary data, your organization can enhance security, reduce risks, and maintain compliance with regulatory requirements. Understanding these principles of retention is crucial for achieving these objectives and optimizing your data management strategy.


To help you to have peace of mind knowing your business is secure, click here to schedule a Microsoft 365 Secure Score review with our experts today. We'll evaluate your current cybersecurity measures, identify potential vulnerabilities, and help you implement a strategic security plan to keep your company safe.

12 views0 comments

Comments


Get the Latest News to Your Inbox

bottom of page