The content below is taken from the original (Office 365 Data Governance Framework Spans Multiple Workloads), to continue reading please visit the site. Remember to respect the Author & Copyright.
Compliance and Regulations
Given the somewhat litigious nature of today’s business world, there is no surprise in the number of compliance features Microsoft builds into products like Office 365. In fact, the breadth and depth of those features is one reason why I think Office 365 is more popular with large enterprises than its major competitor, Google G Suite.
But good as the Office 365 compliance features are, gaps still exist. Yammer is an example of a product that has weak compliance functionality. Teams and Planner are others.
Keep What You Need and Get Rid of the Rest
Microsoft’s tag line for data governance is that “you keep what you need and get rid of what you don’t”. Last week, Microsoft made new functionality available through the Security and Compliance Center to help tenants keep content that they need and remove what they do not want to keep. The new functionality comes in the form of classification labels and retention policies, both of which combine to give tenants different options to control how long content exists in mailboxes, sites, and other Office 365 locations.
You create classification labels under the Classifications section of the Security and Compliance Center. When ready, you publish sets of labels in label policies, which then show up as retention policies under the Data Governance section. That seems a tad confusing, but it all comes together in the framework. Think of it this way: labels are the way to control content at a precise, item-specific level. Retention policies offer broad-brush coverage of content at volume. Together, the mixture of specific and general control affords tenants flexibility in how they build a data governance strategy for the organization.
Best of all, the new framework is designed to work across Office 365, including Office 365 Groups. It is a big step forward and is in line with other projects to offer cross-workload functionality in content searches and Data Loss Prevention (DLP).
Office 365 Retention Policies
Since their first appearance in Exchange 2010, retention policies have let administrators configure and apply policies to on-premises and cloud mailboxes to help users control items through a mixture of system-controlled tags and personal tags. Actions specified in the tags control how long items are kept in the mailbox and what happens once their retention period expires.
Retention policies work well for Exchange and Microsoft has gained a lot of experience in how customers use retention policies to manage content since 2010. All of which leads to the introduction of Office 365 retention policies to deal with Exchange (mailboxes and public folders), SharePoint, OneDrive for Business, Skype (IM conversations), and Office 365 Groups.
This is Microsoft’s second version of multi-workload retention as they launched preservation policies in 2015 to control content stored in Exchange mailboxes and SharePoint and OneDrive sites. Any preservation policies that exist in a tenant are automatically upgraded to become retention policies that keep but do not remove content after the retention period expires.
Expanding Retention Policies to deal with Multiple Office 365 Locations
To make retention policies available to other Office 365 workloads, Microsoft has evolved and expanded the core principles behind Exchange retention policies. In doing so, they have had to drop some Exchange-specific features, like the ability to move items to archive mailboxes.
Losing the ability to archive items automatically is regrettable (but only for Exchange). On the upside, retention policies incorporate the ability to set in-place holds so that users cannot permanently remove items if those items come within the scope of a policy. The simplest kind of policy puts every item in a mailbox or site on hold while more complex policies cover items that match queries or (for SharePoint and OneDrive for Business) or hold certain kind of sensitive data, like social security numbers or other “personally identifiable information” (PII). The same sensitive data types used in Data Loss Prevention policies are supported for retention.
It is all very flexible, and best of all, these policies implement the same processing across all the supported workloads. One policy to rule them all is so much better than having to configure multiple policies that work differently across different applications. The introduction of service-wide retention policies is yet another example of how Office 365 is fast leaving its roots of “cloudified” on-premises products behind.
Like Exchange Retention Policies but Better
Anyone who has ever worked with Exchange retention policies will find similarity with Office 365 retention policies. However, some significant differences exist:
|Exchange Retention Policies||Office 365 Retention Policies|
|Apply to||Exchange mailboxes (including shared mailboxes)||Exchange mailboxes
Office 365 Groups
SharePoint document libraries
OneDrive for Business sites
Skype for Business IM
** Microsoft says that Yammer and Planner will be supported soon.
|Assignment||Assigned to mailboxes (the default policy is assigned to all Exchange Online mailboxes)||Policies are assigned to mailboxes and other locations, but locations can also be excluded from policies.|
|Composed of||Each retention policy consists of a set of folder tags for specific system folders (like the Inbox), personal tags, and default tags. Three default tags can exist in a policy (for deletion, archive, and voicemail).||Policies function like default tags in that the policy applies to all items in a location that are not otherwise tagged (for instance, with an Exchange personal tag or an Office 365 classification label).|
|Actions||Move to Deleted Items
Move to Archive
|Keep and then remove content
Keep and do nothing
Remove old content
|Enforced by||Managed Folder Assistant||Managed Folder Assistant (for Exchange and Office 365 group mailboxes); other background processes service the other locations.|