All the ways to automatically apply a retention label in Office 365

Reading Time: 2 minutes

Do you want to apply retention labels across your Office 365 tenant, but you’re concerned about relying on end-users to manually apply them? If you do, you’re not alone. Nothing against end-users, but they have other things to focus on… retention isn’t one of them.

Here are the current ways to automatically apply a retention label and a use-case for each one. The options available are license-dependent (shown after the options), however please weigh the license cost against the cost of non-compliance. At the end of the post, I have links to my Ignite video and presentation for more details and a step-by-step walk-thru of each option.

  1. Automatically apply at a document library level
    • Approved Budgets document library
  2. Automatically apply at a folder or document set level
    • Financial Services Fiscal month folders
  3. Auto-apply based on a sensitive information type
    • Custom sensitive information type for customer # content
  4. Auto-apply based on a keyword query
    • Executive team sites
  5. Auto-apply based on a content type
    • Project documents across all Project Sites
  6. Auto-apply based on a metadata value
    • Expired Corporate Policies
  7. Automatically set using Power Automate
    • Custom logic: Approved Budgets over $20K
  8. Auto-apply using Trainable Classifiers (Preview)
    • Machine learning used to intelligently classify your “dark” data

[Update December 6, 2019] To clarify, it is also possible to set a retention label programmatically using  CSOM and Powershell with the SetComplianceTag method. This was not mentioned because the intended audience for this post was power users and not developers.

Retention label licensing as of November 2019

Retention Label licensing

Note: licensing for Trainable Classifiers is yet to be determined.

I did a 20-minute theater session on this topic at the recent Microsoft Ignite conference. Check out these 2 resources for more info:

-JCK


Image credit: Photo by Alex Knight on Unsplash

7 comments

  1. Hi Joanne, thank your for this clear and concise summary of how to auto-apply a retention label.

    Regarding #1 and #2 in your table, I don’t understand why you wrote “No” in the E3 licence column.
    From what I know, an owner can set a default label for a ginv document library or folder, even if this retention label policy is deployed within an E3 licence (and then this “auto-applies” itself on the documents within this container).

    But maybe with Advanced Compliance, we can go further in applying a label at the library or folder level, directly through the rentention label policy settings/rules ? I’m not aware of that.

    Thank you for any piece of information you’ll share regarding my question.
    Romain

    1. Hi Romain,
      The license table was verified by the Microsoft Security & Compliance team. If you have further questions, please follow-up with your Technical Account Manager for a better explanation.
      -JCK

  2. Thanks Joanne, do you have any insight on Microsoft’s view on only giving E5 to compliance admins to start using automate tagging, but leaving the rest of the org on E3 for example?

    This is a question that applies to many areas. For example, at the moment I am avoiding using conditional access that includes “All users”. Even though it works, we do not have AAD P1 applied on all users. I have previously heard that cloud licensing should follow: “all users that benefit from a feature should have the necessary license applied”. Meaning org wide E5 or compliance add on to make use of auto tagging

    Thanks again.

    1. Hi pontust,
      I am not a licensing expert. Please ask you Microsoft Technical Account Manager this question for the best answer.

      To my knowledge, if a user benefits from the service/feature, they need the license. Automated tagging sounds like one of those things – end-users will be using the content that may have an automated tag placed on it. (Particularly if they have contribute permissions or greater to the content) There may be exceptions if they only have read access.
      -JCK

  3. Great post as always, thanks Joanne, I notice there is now a removal of the limts on Flow(Power Automate) runs in a tenant so for those who cannot afford the extra licenses the API option is a really good one.

    I have been also found it possible with CSOM and Powershell options using the SetComplianceTag function is there a reason this wasnt included in your list and any reason why clients shouldnt be taking this route?

    Also looking forward to playing with some of the machince learning pieces!

    1. Hi Colin,
      This post was based off my Microsoft Ignite session and was limited to 20 minutes. I decided to cover off “Power User” options and didn’t include the CSOM/PowerShell options. To be clear, those are perfectly legitimate ways to set a retention label too.

      I will likely add a note to my blog post calling that out. Thanks for mentioning it.

      Thanks for your support!! 🙂
      -JCK

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.