5 thoughts on “Managing the retention of records in Microsoft 365 with an E3 licence

  1. Interesting article Andrew and helpful for those struggling with how to manage retention on an E3 licence. One point – you state that you can auto-apply labels with an E3 licence however the licensing information from Microsoft is pretty clear that with an E3 your only options are to manually apply labels or apply a basic policy to ‘workloads, specific locations or users’. So the options of managing retention with an E3 are really pretty slim. No auto-apply, no default labels for libraries and so on, leaving just the ‘safety net’ broad policy applying to a SP site and users or admins applying labels manually. Not scalable or sustainable.

    1. Thanks Alexander. I have an E3 licence. From the Compliance admin portal > Information Governance section, when I click on the ‘Labels’ tab, and then click on any label, the option ‘Auto-apply a label’ appears. However, the options are limited to (a) Apply label to content that contains sensitive info [unlikely to be used since retention is rarely based on sensitivity], (b) Apply label to content that contains specific words or phrases, or properties [keyword searches], and (c) Apply label to content that matches a trainable classifier [only uses the out of box 6 basic classifiers with an E3 licence]. Can you let me know if you don’t see those options?

  2. Hi Andrew – in the summary of options at the end of this really interesting article, you suggest
    Auto-apply some labels to specific content stored in SPO
    In https://docs.microsoft.com/en-us/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance
    MS write
    Microsoft 365 E5/A5/G5/E3/A3, Office 365 E5/A5/G5/E3/A3, and SharePoint Plan 2 provide the rights for a user to benefit from a basic SharePoint or OneDrive retention policy and/or to manually apply a non-record retention label to files in SharePoint or OneDrive.
    Microsoft 365 E5/A5/G5/E3/A3 and Office 365 E5/A5/G5/E3/A3 provide the rights for a user to benefit from a Teams retention policy.
    Microsoft 365 E5/A5/G5, Microsoft 365 E5/A5/G5 Compliance, Microsoft 365 Information Protection and Governance E5/A5/G5, and Office 365 E5/A5 provide the rights for a user to benefit from automatically applying retention labels

    I believe Microsoft are deliberately ambiguous with the term ‘automatically’. Do you have a view on whether it matters where or by what the retention label is applied automatically? If it was applied automatically by a feature within SP, then fair enough, a premium feature has been used and additional licence payment is due, but what if an external script created the retention label using (say) the SharePoint REST API or something similar? Wouldn’t that be using SharePoint as intended, not using a premium feature within SP and, as a consequence, permissible within an E3 licence?

    1. Thanks Tim, good points. E3 licence holders have the ability to auto-apply retention labels in three ways: (a) sensitivity, (b) basic keyword search, (c) six quite limited trainable classifiers (E5 holders can create their own trainable classifiers or potentially do this by using Syntex for certain commonly occurring document types).
      The meaning of ‘manually’ apply is interesting – when you publish labels as a retention policy to a SharePoint site, the Site Collection Admin or Owner has to go to the library and ‘manually’ select a default retention label that will by default apply to all the content in the library. Anyone with Member rights can ‘manually’ remove or change the default retention label (this is the case with auto-applied labels too, unless the item is declared a record or made read-only).
      One of the biggest challenges with retention labels (which nicely map to retention classes) is applying them correctly, whether automatically or manually. The Microsoft view seems to be that there is too much content, go with the automatic approach. My preference would be to non label-based retention policies (what I call ‘safety net’ policies) and use the labels selectively for specific content that has to be kept for longer.
      Also keep in mind that disposition reviews only work with labels but there are shortcomings with the reviews (insufficient information to make a decision) and the disposal (insufficient information retain about what was destroyed).

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s