Blog Post: 3 minute read
Based on the recent numbers shared during the SharePoint Virtual Summit in May 2017, the amount of data inside O365 is growing at a staggering rate (300% increase in the amount of content stored in SharePoint in the past year). For those heavily regulated organizations, Information Management teams within them are looking at these numbers with growing concern. Although it can seem like a daunting task to implement retention and protection for content across all O365 services, there is a measured approach you can take to start you down the path to success.
Remember… starting is way better than standing still. 🙂
The following is my measured approach to get started. Each organization will differ according to their own regulatory and compliance requirements; however, I believe they will all primarily follow the same steps.
The typical teams involved in the process:
- Information Management (IM) Team – this team is responsible for defining the retention schedule and classification. The retention schedule typically include security, retention and handling controls (can it be shared externally, when should it be destroyed, can it be destroyed?).
- Information Technology (IT) Team – this is the team that is responsible for understanding and configuring the Security & Compliance features in O365.
- Change Management (CM) Team – this team communicates the change to the organization based on the impact to the end-user. They provide the business value and “What’s in it for me” answers.
Continue reading “O365 Data Governance and Retention: A Measured Approach”
Blog post: 2 minute read
I’m working with the new Retention classification feature in O365 and was confused when I noticed there were 2 places in the Security and Compliance Center where a Retention policy could be created:
The first one is by going to the Classifications section of the Security & Compliance Center, adding a label and publishing it to a policy. I’ve previously blogged about this here: Label Retention across O365. The screenshot below shows a Contract Policy that has been published using this method. It includes one label, Contract, that has been published to a specific O365 Group. From here, you can add additional labels to this policy or set up conditions to auto-apply it.
The second way to create/publish a policy is by going to the Data governance section of the Security & Compliance Center, clicking Retention and clicking ‘Create‘. I’ve previously blogged about this here: Retention in O365. The new way. The screenshot below is what I see when I go to the Data governance…Retention section. It not only shows the ‘Joanne’s Preservation policy’ retention policy I’ve created in this Retention section but also the Contract Policy created via a label shown above. BOTH policies will show in this list regardless where it was created.
What’s the difference? Here’s what I’ve discovered…
Continue reading “O365 Retention Policies… labels optional”
Blog post: 1 minute read.
I’m spending some time learning about the new unified Retention policies in Office 365. I really like the unified approach for retention and deletion policies as it is a “one-stop shop” to encompass all services across O365 including:
- Exchange email
- SharePoint sites
- OneDrive accounts
- Office 365 groups
- Skype for Business
- Exchange public folders
Over the past few years I’ve learned a lot about the Information Management discipline and how the new O365 collaboration services are disrupting their world in a big way. Information Management teams will need to translate their organization’s retention schedule into the capabilities of the Retention Labels/Policies feature in the Security & Compliance center in Office 365. Depending on the regulatory requirements of an organization, this task will range in complexity. Continue reading “Office 365: Certificate of Destruction”
Blog post: 3 minute read.
Azure Information Protection(AIP) is a cloud-based solution that helps protect an organization’s documents and emails. AIP provides protection for your data in 3 main ways:
- Classification and Labeling
- allows you to classify data at time of creation/modification and stores a label embedded directly as metadata in files and email headers as clear text. This allows other services (Data Loss Prevention for example) to read the classification and take further action. Due to the fact the label is in clear text and stored with the document, it remains protected regardless of its location. Refer to my recent blog post: AIP Labels: Keep it Simple (or KISS).
- Protection and Use Rights
- optionally protects data by persistent encryption and allows only authorized users to access. This ensures data is protected at all times regardless of where its stored or with whom its shared. The protection technology uses Azure Rights Management (Azure RMS) in the cloud and Active Directory Azure Rights Management (AD RMS) on-premises.
- Tracking and reporting
- provides the ability for users to track their documents and revoke access if they suspect risky behaviours.
This blog post will address the last bullet above – document tracking. Continue reading “Tracking documents with Azure Information Protection”
Blog post: 3 minute read.
Retention. It’s not the most exciting topic in the world of Office 365, but it is a very important one. It’s the feature that ensures your organization is keeping things for as long as you should and, just as important, disposing of things as soon as you should. My current focus within Office 365 is to understand the new Retention features and how they work across the O365 collaboration services.
Retention policies are administered from the Security and Compliance Center in O365 within the Data governance section. Whether the policy has been defined via a published label (Label Retention across O365) or by creating one directly within this Retention section, they will all appear on this page. A Retention policy can include content from not only Exchange mailboxes, public folders, Skype conversations, SharePoint sites and OneDrive for Business content but also Office 365 Group mail and files. A retention policy is the only feature that can both retain and delete content across Office 365. As content is spread across these services, this is your “one-stop shop” for retention. A very good thing.
Here is the official Microsoft link describing what a retention policy is and when you might want to have one: Overview of retention policies.
Follow along for a quick walk-thru of adding a retention policy for an O365 Group’s site and the ‘magic’ behind the scenes. Continue reading “Retention in O365. The new way.”
Blog post: 2 minute read.
Are you suffering from label confusion in Office 365? Well I sure was. I set out to understand what all these labels were being used for and what the relationship, if any, was between them. In this post, I’ll use real-world examples to illustrate the differences between the two types of labels.
Azure Information Protection (AIP) labels are used to apply a sensitivity setting to documents across Office 365. They are defined in the Azure Information service of the Azure portal. (Read my post on how to get started with AIP labels) When applied, it appears as a sensitivity setting in the UI ribbon (in the Office client) and is stored in clear text as a property in the document backstage in ‘Advanced Properties’. The label can be manually set by an end-user, can be recommended to an end-user based on document/email content or it can be automatically based on document/email content (based on an appropriate O365 license). Continue reading “AIP and Retention Labels: What’s the diff?”
Blog Post: 2 minute read.
Today I had the opportunity to try out the new label feature in the Office 365 Security & Compliance center for classifying data. This is not to be confused with labels you can apply in Azure Information Protection (AIP) as I’ve previously blogged about (AIP Labels: Keep it Simple). The retention labels I’m discussing in this post can be applied across Exchange, OneDrive, SharePoint and Office 365 Groups and retention can be applied based on this classification.
Check out this article by Microsoft explaining this feature: Overview of Labels.
Labels are configured in the Classifications section in the Security & Compliance Center in O365. First you add labels(1) and then you publish them as policies(2). This makes them available to apply to content. Below are 4 label policies I’ve defined in my tenant to cover different content and retention scenarios:
Retention labels in O365
I’m a SharePoint gal from a ways back and I’m familiar with the traditional retention options available in SharePoint so I set out to discover how this new technique worked. Microsoft’s guidance is to start using these labels rather than In place records management and Record Centers for retention and Information Management Policies for deletion so I wanted to start thinking about how labels may affect the setup of libraries, sites, and even content types in SharePoint in the future. Continue reading “Label Retention across O365”
Blog Post: 3 minute read.
Have you been tasked with implementing Azure Information Protection (AIP) in your organization? If the KISS principle ever applied to anything in the O365 service, it definitely applies to the AIP world of classification and labeling. Get too complicated and your users will hate the control “IT” is forcing upon them and will look to other tools to “get the job done”.
What is Azure Information Protection (AIP)? It lets organizations classify, label, and protect data at the time of creation or modification. With AIP, users can:
- Classify data based on sensitivity, and add labels – manually or automatically
- Protect data using encryption, authentication and use rights
- Enable intuitive, non-intrusive experience for end-users
-Microsoft Azure Information Protection team
In AIP, you use labels to apply classification to documents and emails. The labels are stored in clear text as either metadata in files (you’ll see the label as a sensitivity property in Advanced properties) or in email headers to allow other services (DLP, custom solutions, etc.) to identify the classification and take appropriate action.
What are some strategies you can use to keep your AIP deployment simple? Read on. Continue reading “AIP Labels: Keep it Simple (or KISS)”
If you grant SharePoint users the Full Control permission level in a SharePoint site this gives them the ability to administer their own site, including permissions. You will likely find yourself needing to facilitate a “SharePoint Permissions 101” training session at some point. I’ve given a few of these sessions and there are some common questions I consistently hear from site owners; this post will list these questions and my answer for each.
Note: This applies to standard SharePoint sites and NOT a SharePoint site provisioned with an Office 365 Group. In an Office 365 Group site, permission administration is accomplished using different methods.
“Who can edit SharePoint group membership?”
You determine this by clicking Site permissions under the Users and Permissions group in Site settings of any site. You will see a list of all SharePoint groups defined for the current site. If you click into any one of the SharePoint groups and then select the Group Settings ribbon option shown beside the blue star you can see who has the ability to edit that SharePoint group’s membership. Continue reading “SharePoint Permission Tips for Site Owners”
Blog post: 2 minute read.
[Update: April 14, 2017 – Social Media added]
I’m a small business owner with a mighty staff of one. 🙂 I’m also an O365 consultant with an Office 365 Business Essentials tenant. This gives me the opportunity to eat some of my own cooking when it comes to O365 adoption and setting up my tenant to work effectively for me and my business. In this post I’ll share some simple tips for SMBs when setting up their own O365 tenants to help streamline some typical processes.
I’ll cover these things:
- Provision those Office 365 Groups!
- Stay on task with Planner Hub
- Staying organized for speaking and travel
- Keeping track of receipts
- Social media [New]
Have an idea for your own tenant that would work for an SMB? Let me know! I’d love to hear your ideas…