Are you classifying your data in Microsoft 365? You can add data classifications using sensitivity and retention labels but they do two very different things. In this session I will break down what the label options are, how you can use them, and why you should deploy them in your organization to keep your content compliant and secure.
4. Data Classification
Labelling in M365
Sensitivity Labels
Retention Labels
Labelling in Microsoft
365: Retention &
Sensitivity
NA Collab Summit 2022
Demos on Demos
7. The market is fragmented
and confusing
Breach
notification
Supervision
GDPR
Information
governance
Data loss
prevention
Archiving
Fraud
prevention
Information
protection
eDiscovery
Privacy
Records
management
Access
management
Hundreds of compliance controls
Hundreds of vendors
10. Microsoft
Purview
Information protection
Data Lifecycle Management
Insider risk management
Investigations
Compliance management
For risk, compliance,
and legal teams
Risk &
Compliance
For data consumers, data
engineers, data officers
Unified Data
Governance
Data Mapping
Data Cataloging
Data Estate Insights
GA
GA
Preview
11. AzurePurview+Microsoft365Compliance=MicrosoftPurview
Azure Purview portal Microsoft Purview governance portal
Azure Purview Data Map Microsoft Purview Data Map
Azure Purview Data Catalog Microsoft Purview Data Catalog
Azure Purview Data Insights Microsoft Purview Data Estate Insights
Microsoft 365 compliance center Microsoft Purview compliance portal
Microsoft Information Governance Microsoft Purview Data Lifecycle Management
Records Management in Microsoft 365 Microsoft Purview Records Management
Microsoft Information Protection Microsoft Purview Information Protection
Office 365 Data Loss Prevention Microsoft Purview Data Loss Prevention
Insider Risk Management Microsoft Purview Insider Risk Management
Communication Compliance Microsoft Purview Communication Compliance
Compliance Manager Microsoft Purview Compliance Manager
Core eDiscovery in Microsoft 365 Microsoft Purview eDiscovery (Standard)
Advanced eDiscovery in Microsoft 365 Microsoft Purview eDiscovery (Premium)
Basic Audit in Microsoft 365 Microsoft Purview Audit (Standard)
Advanced Audit in Microsoft 365 Microsoft Purview Audit (Premium)
12. Unified approach to discover,
classify & label
Automatically apply policy-based actions
Proactive monitoring to identify risks
Broad coverage across locations and
applications
Data growing at exponential rate
Label
Discover Classify
Unified approach
Devices Apps Cloud services On-premises ISVs, 3rd-party
ď Sensitive data discovery
ď Data at risk
ď Policy violations
Monitor
ď Label Analytics
ď Proactive alerts
ď Supervision
Protection Governance
ď Encryption
ď Restrict access
ď Watermark
ď Header/Footer
ď Archiving
ď Retention & deletion
ď Records management
ď Event based
Apply policy
Comprehensive policies to protect and govern your most
important data â throughout its lifecycle
22. Unified Management in Microsoft 365 compliance center
Classify and label
data in on-prem
repositories
Label and protect
Office files natively
across Windows,
Mac, iOS, Android
and Web Clients
Label and protect
sensitive
SharePoint Sites,
Teams, Office 365
Groups, PowerBI
artifacts
Automatically
label and protect
sensitive files in
SharePoint Online
and OneDrive for
Business
Extend protection
through Microsoft
Cloud App
Security to third
party clouds and
SaaS apps
Automatically
label and protect
sensitive emails in
Exchange Online
On-prem SharePoint
Online
Non-Microsoft
Clouds and
SaaS apps
Exchange
Online
SharePoint
Sites Teams,
Microsoft 365
Groups
Microsoft 365
Apps Across
Platforms
30. Keeping data longer than needed or requiredâŚ
⢠imposes significant costs and risks for your organization
Removing data sooner than you shouldâŚ
⢠may cause undue hardship if itâs required for business reasons
⢠may make you non-compliant with policies and government regulations
tools to manage retention and policy-based deletion are needed to balance these
needs in a uniform way
31. DLM/RM Records
Management
Data
Connectors
Event
Date
Created
Date
Trigger
Retention
Event
Trigger
Data Lifecycle
Management
Auto-Classification
Trainable
Classifiers
Sensitive
Information
Types
Keywords
and
Metadata
Delete content
Retain content
Last
Modified
Date
SharePoint
Syntex
Adaptive Scopes
Immutability
Record Labels
File Plan
Pre-built data connectors
Facebook
Zoom
Twitter
Slack
LinkedIn
WhatsApp
Bloomberg
Verizon
AT&T
ICE
Connector partners
Globanet
TeleMessage
Labeled
Date
Retention Policies
Informed
by IG/RM
eDiscovery
Data Loss
Prevention
Document
Understanding
models
Retention Labels
Form Processing
models
Sensitivity
Labels
Auto-apply/Default
Disposition Review
MoreâŚ
Retention Labels
Policy
Standard
Regulation
Compliance
Manager
Remediations
Controls
Custom
Microsoft 365 DLM/RM Records
Management
Data
Connectors
Event
Date
Created
Date
Trigger
Retention
Event
Trigger
Data Lifecycle
Management
Auto-Classification
Trainable
Classifiers
Sensitive
Information
Types
Keywords
and
Metadata
Delete content
Retain content
Last
Modified
Date
SharePoint
Syntex
Adaptive Scopes
Immutability
Record Labels
File Plan
Pre-built data connectors
Facebook
Zoom
Twitter
Slack
LinkedIn
WhatsApp
Bloomberg
Verizon
AT&T
ICE
Connector partners
Globanet
TeleMessage
Labeled
Date
Retention Policies
Informed
by IG/RM
eDiscovery
Data Loss
Prevention
Document
Understanding
models
Retention Labels
Form Processing
models
Sensitivity
Labels
Auto-apply/Default
Disposition Review
MoreâŚ
Retention Labels
Policy
Standard
Regulation
Compliance
Manager
Remediations
Controls
Custom
Microsoft 365
32. Retain Retain and Delete Delete
Retention canâŚ
Keep Access Requests for
at least 5 years
Keep customer information
for 10 years and then
delete
Keep Team collaboration
content no longer than 8
years
34. ⢠Best for targeted retention scenarios
⢠Can be applied automatically or by end-
users
⢠Have more choices than a Retention
Policy for timing
⢠Can trigger a disposition review before
removal
⢠Can add metadata to label to enhance
administration
35. Chosen during label creation⌠(canât change the label type once saved)
Regular label Record label Regulatory Record label
The only type you get with Data
Lifecycle Management
36. Location
⢠SharePoint, OneDrive, Exchange, Microsoft 365 Groups
Metadata and property (uses KQL queries)
⢠Content type, metadata (built-in and custom)
Keywords
⢠âProject XYZâ
Out-of-box and custom Sensitive Information Types
⢠Financial, Healthcare, Privacy
Out-of-box and custom Trainable Classifiers
⢠Contract, HR, Finance, Tax, IT, Healthcare, Procurement
PowerShell, Code, Power Automate
⢠PnP PowerShell, REST API
SharePoint Syntex
⢠Document Understanding model
⢠Form Processing model
Automatically Apply based onâŚ
Default
Retention/Deletion period
⢠Retention length
⢠Expiration length
Level of immutability
⢠Regular label
⢠Record label
⢠Regulatory record label
Actions to take
⢠Label Only
⢠Retain Only/ Retain and Delete/ Delete Only
⢠At end of retention:
⢠Disposition review
⢠Power Automate Flow
⢠Apply a different label
Period start
⢠An event
⢠Date created
⢠Date last modified
⢠Date labeled
Classify
Label Definition
Automatic
Default
Manually Apply
Manual
Library, Folder,
Document Set
Ways to APPLY a retention label
Labeled
Document
Labels all
documents
within
37. Licensing for DLM provides these capabilities:
⢠Manually label content with a regular retention label (not a record)
⢠Publish a retention policy at a container level only for:
⢠SharePoint site(s)
⢠OneDrive(s)
⢠Microsoft 365 Group(s)
⢠Yammer Community(s)
⢠Teams channel message(s)
⢠Teams 1:1 and group chat(s)
⢠Scope your retention policies and label policies using Static Scopes
38. Licensing for Records Management provides extra capabilities:
⢠Label content as a ârecordâ or âregulatory recordâ
⢠Migrate and manage your retention requirements within the File Plan
⢠Start different retention periods when an event occurs
⢠Review/approve disposition with disposition reviews and proof of deletion
⢠Export information about all disposed items
⢠Launch a Power Automate flow at the end of the retention period
⢠Daisy-chain retention labels together
⢠Scope your retention policies and labels using Adaptive Scopes
⢠Set permissions for RM functions in your organization
⢠Set tenant level RM settings to tailor your experience
39. CAPABILITY REGULAR LABEL
RECORD LABEL
UNLOCKED
RECORD LABEL
LOCKED
Edit file contents
Edit properties, including file rename
Delete the file
Copy the file
Move within container (OneDrive,
SPO Site, Exchange mailbox)
Move across containers (OneDrive,
SPO Site, Exchange mailbox)
Open/Read file
Change retention label on the file
Remove retention label from a file
REGULATORY
RECORD LABEL
If never
unlocked
Container
Admin
Container
Admin
Container
Admin
Container
Admin
Behavior of retention label types
43. What are the things I can do today based on my licensing?
Automatic = E5
44. Utilize a crawl â walk â run strategy for implementation
Whatâs the advantage of
this strategy?
Ideas for each phase Time to get started
âA measured, gradual approach to adopting something new
allowing for incremental improvements along the way.â
45. Some starting tips
Donât just use ITâs
decision on labels
Use the power of
the cloud for
identification
Concentrate on
the user
experience and org
change
Some protection
and retention is
better than
nothing