Blog Post: 2 minute read.
Today I had the opportunity to try out the new label feature in the Office 365 Security & Compliance center for classifying data. This is not to be confused with labels you can apply in Azure Information Protection (AIP) as I’ve previously blogged about (AIP Labels: Keep it Simple). The retention labels I’m discussing in this post can be applied across Exchange, OneDrive, SharePoint and Office 365 Groups and retention can be applied based on this classification.
Check out this article by Microsoft explaining this feature: Overview of Labels.
Labels are configured in the Classifications section in the Security & Compliance Center in O365. First you add labels(1) and then you publish them as policies(2). This makes them available to apply to content. Below are 4 label policies I’ve defined in my tenant to cover different content and retention scenarios:
I’m a SharePoint gal from a ways back and I’m familiar with the traditional retention options available in SharePoint so I set out to discover how this new technique worked. Microsoft’s guidance is to start using these labels rather than In place records management and Record Centers for retention and Information Management Policies for deletion so I wanted to start thinking about how labels may affect the setup of libraries, sites, and even content types in SharePoint in the future.
First off, I really like the approach Microsoft is taking with data governance and retention in general. With the proliferation of content strewn across Outlook, OneDrive, SharePoint and now Office 365 Groups, we need a way to encompass all of these services when applying governance. I’ve talked about this numerous times before both in previous blog posts as well as presentations I’ve given. The inability to manage content across all services in the new collaboration world is very concerning for Information Management (IM) teams in most organizations.
Organizations need to empower employees to reap the benefits of new collaboration tools in the digital workplace, but they can’t compromise the security, compliance and protection of corporate assets while doing it.
Ideally we want to be able to govern retention across all O365 services using one classification scheme. This is where labels come into the picture…
For example, if you want to retain any content relating to Contracts across your organization, this would include not only documents sitting in a SharePoint document library (both in and outside of an O365 Group), but also emails sent back and forth with the contract vendor. Ideally, we should be able to classify content from all places consistently (by one standard label) and have the same retention apply to all.
Traditionally I would have defined an Information Management Policy within SharePoint to apply a retention for Contracts either at a content type or document library level, however this is not an option in an O365 Group’s site and wouldn’t have applied to emails related to those contracts. (A separate policy would have had to be set up for email retention)
This can now be accomplished with the new labels feature. We would add a “Contracts” label in the Security & Compliance Center and publish a policy to include the label to the entire tenant. Once published, it will be made available for end-users to apply to their content in Outlook, SharePoint, OneDrive and even an O365 Group.
When you publish a label to a policy you can target either the entire tenant or a specific SharePoint site. Please note that this is a site collection and not a web.
Exchange public folders and Skype do not support labels.
Optionally, you can also set a default label for a document library if, for instance, you had a library containing a specific type of content with a specific retention. This could also be done in our “Contracts” example if there was a document library that housed all of an organization’s contracts. Once the default label has been set, you can optionally apply the label to existing items in the library. You do this in Library settings by selecting the ‘Apply a label to items in this library’ option. In this example, I’ve published a “Litigation” policy to retain for 10 years from the time the item was labeled.
This does have limitations if you want to store content with different retention in the same library. Options?
- don’t store content with different retention in the same library OR
- since the label is only a default, it can be changed to a different label for any document if required.
The takeaway from this is there is still work to be done to appropriately plan your environments to take advantage of the new label feature.
What does the end-user see?
All published policies will be available to the end-user and will allow them to apply a label to their content if the label has been published to that location. To apply a label, you will see it as an option in the Document Details pane when you select a document in SharePoint. All label policies published to this site collection will appear in the drop-down. In this example shown, I’ve published 2 policies: 1 for Contracts and another for Budget. In Outlook, you right-click the item, select Assign policy and select the appropriate label.
Soon, you will be able to auto-apply a label based on managed properties marked as ‘searchable’ in the SharePoint search schema. This will be very helpful for targeting specific types of content in SharePoint you want to apply a specific label to. I look forward to seeing how this functions for environments making heavy use of content types and managed properties to drive different retention.
User Education is still key!
One thing I’m realizing about applying labels is user education is key. Similar to the application of AIP labels I discuss in my recent post, it is crucial for end-users to understand their role in the compliance picture in your organization. Although there can be controls put in place to auto-apply labels and I’m confident those features will become more sophisticated over time, it is still important for end-users to understand your organization’s classification scheme and how the data they’re working with fits into it. They can help ensure it is labeled correctly to drive compliance from the ground up.
I like what I’m seeing in this new wave of features for security and compliance across the O365 services and look forward to more capabilities being introduced in the coming months.
Thanks for reading,