All about managing records and information especially in Microsoft 365
Category: Information Classification
With the large-scale adoption of Microsoft 365 (M365), many records managers have had to find ways to manage the records that have been (and continue to be) captured and stored across the ecosystem, including via Teams, SharePoint Online, OneDrive for Business and Exchange Online. The M365 ecosystem is more complicated than a single server-based Electronic … Continue reading Ten tips for records managers to monitor records in Microsoft 365
Sensitivity labels are one element in a range of tools that can be deployed in Microsoft 365 to protect information, as shown in the diagram below. Image source: Microsoft page 'What is Azure Information Protection' If you are new to information protection, it is important to understand that Azure Information Protection (AIP) is not the … Continue reading Sensitivity labels in Microsoft 365
Two types of retention policy can be created in Microsoft 365: Label-based retention policies, where the label is used to define the retention and retention outcomes. Labels must be published in a retention policy, a process that includes determining where the labels will be applied and appear ('explicit') to end users. Non-label-based retention policies, where … Continue reading What happens if you mix label-based retention policies and non-label retention policies on the same SharePoint site?
Microsoft have improved the Classification section in the Office 365 Security and Compliance centre. The change will help to reduce confusion and make it easier for records managers and security administrators to focus on their individual needs. Previous user interface The primary change is to the menu interface. The previous menu options, shown in the screenshot … Continue reading Office 365 Security and Compliance – classification label changes
In May 2016, I wrote about the creation of security classification labels in the Azure Information Protection (AIP) portal (old post here). Quite a bit has changed since that post, in particular the naming of policies, away from 'High' to 'Low' Business Impact (e.g., HBI - LBI) to real-world words such as 'General' and 'Highly … Continue reading Changes to security classification and records retention in Office 365
A recent (September 2017) article suggested that OneDrive for Business (ODfB) (and by extension SharePoint Online (SPO); ODfB is a SharePoint-based service), a key application in Office 365 was a potential source of data leaks and/or target for hacking attacks. I don't disagree that, if not configured correctly, any online document management system - not … Continue reading SharePoint Online and OneDrive for Business – Preventing external sharing of data
At the September 2017 Ignite conference in Orlando, Florida, Microsoft announced a range of new features coming soon to data governance in Office 365. These new features build on the options already available in the Security and Compliance section of the Office 365 Admin portal. You can watch the video of the slide presentation here. … Continue reading Office 365 – new data governance and records retention management features
From time to time I'm asked about the way records retention policies 'work' in SharePoint. A common criticism has been that SharePoint's retention model is based on applying retention policies to individual records (e.g., documents in a library or individual emails) rather than to aggregations of records, the most obvious of which is a document library. The idea … Continue reading Applying (new) Retention Policies to Office 365 Content
Records about the world 