img img
Practice Exams:
View All
  • Home
  • SC-400 Microsoft Information Protection Administrator – Configuring Retention Policies and Labels

SC-400 Microsoft Information Protection Administrator – Configuring Retention Policies and Labels

  1. Creating and Applying Retention Labels

One of the considerations that we have in our organizations is not just the concept of collecting information, collecting data, but we also have to think about how long we keep it right. In some different agencies and compliance laws, whether you’re dealing with HIPAA compliance or the legal world or the payment card industry, there are certain regulations that kind of dictate how long you can keep information.

Okay? So what we want to do is we want to be able to allow our users to label information or even have auto label of that information and control how long that information is retained. So to do that, we have these things called retention labels and policies that we can apply in our environment that’s going to make that happen. So I want to start by showing you how to create a retention label. All right, we’re going to start here on Portal Microsoft. com. We’re going to click the show all lip symbol. We’re going to go down and click the Compliance blade, and that’s going to bring us into the Compliance center. Once we get into the compliance center, we’re going to go down here to where it says Information Governance. We’re going to click on the Information Governance blade. And just like that, we are now officially looking at the area where we can create labels, all right? So right here under Labels, we’re just going to click Create a Label.

So to create a retention label, the first thing you’re going to do is give it a name. All right? Now let’s say that I want to create a label that’s going to do a seven year retention, all right? And so we’ll say seven year retention just for a nice clear name on what this is going to do. Of course, you can also give a description to your users. You can give a description to your admins, and so you can kind of decide what you want that description to say. In my case, I’m just going to leave those two things blank and just give it a name. From there I’m going to click next. And this is where the fun happens right here. So this is where you get to decide how this is going to all happen, what is it going to do when it’s done? All right, so in my case, when I say when it’s done, I mean when the retention label is applied and how it’s going to react when data is flagged with this retention label. So in my case, I’ve got retain items for a specific amount of time. So I’m going to have this information retained for seven years. This is actually the default, so I named it based on kind of like the default here, but you could select five years, seven years, ten years, or a custom period of time based on years, months and days.

All right? But in my case, I want to do seven years, okay? Because that’s based on what I named it, seven year retention. And then it says start the retention period based on well, when items were created. So for example, if whatever year that item was created, then it would start seven years from that day. So if I created a Word document, for example, and flagged it with this retention label, then essentially add seven years to that and then that’s when this bottom area would kick in, which I’ll explain in a minute. All right. Now I also could select when items were last modified. So for example, maybe the Word document was created this year, but then it was modified again three years from now. Well, that’s when the seven year period would begin for that. So keep that in mind that if you do last modified, that’s how that’s going to get handled.

You’d also say when the label was created or an employee activity. Now that gets into events and you’ll see you have create an event right here and you can create events. We don’t really get deep into events just yet, but with the events you basically could have something like maybe an employee joins the company or employee leaves the company and based on that event, you could have this information go away. Or perhaps, maybe it expires or a termination of a contract agreement or product lifetime. Those are the different events. And if you’re planning to take the test, the exam, that’s really all I would be familiar with. There would be those events. It’s not something they beat you to death with at all, but knowing what these first few here is probably the most important. And so there we go. We got when the items created, I’m going to say when the item was last modified, that’s what I’m going to select.

And then from there it says at the end of the retention period. So in other words, when the seven year period is up, what do you want it to do? Delete the items automatically, trigger a disposition. Now, by the way, when I say delete items automatically, what ends up happening is it deletes the items, it goes into recycling bin for 30 days before it permanently gets deleted. So even though it says delete the items, it’s seven years and then 30 days, you have 30 days after that to retrieve that item out of their cycling bin. Then you got trigger a disposition. So trigger a disposition basically means that administrators are going to be notified and then when they are notified, they will have the ability to basically say, hey, I don’t want to delete this item or I do want to delete this item. So you’re going to let somebody decide what to do after the seven years is up? I could do nothing. Which basically says items are just left in place and then you can manually delete them.

And basically what happens is the item will be flagged as with this label, but it doesn’t at the end of it, actually get rid of it. You can do an audit, though, and you can see which items have this label and when the label has expired, but ultimately it’s not going to delete the date. You can also say retain the items forever, by the way. I’m going to set it to delete items automatically. But let me explain these other ones as well. I can say retain the items forever, and it tells you that labeled items will be retained forever even if users delete them. So what will happen there is the copies will be stored in a secure location known as an archive, and admins can go and retrieve that information if they need to, especially if there’s some kind of a legal thing going on and we need to retrieve it for legal purposes.

You’ve also got only delete items when they reach a certain age, so labeled items won’t be retained, but when they reach the age you choose will delete them from where they’re stored. Okay? So only delete items when they reach a certain age, all right? And so you can do that, and then you can select seven years from when it was created instead of doing this retained. And really the difference here, you’ll notice you have a few more options up here, and you can do the disposition and all that if you stick with this option right up here. All right? And also you’re not dealing with the recycling bin when you do that. So up here, though, I like the recycling bin feature. So I’m going to stick with this here. The last thing you’ve got is don’t retain or delete items, okay? So if you go down here and you choose that labeled items won’t be retained or deleted, and it tells you to choose this setting if you only want to use this label to classify. So you’re basically saying don’t delete it. But I want to classify the label or classify the document with this label so that somebody can just analyze and scan and see that this document has been labeled with this retention label.

But in this case, it is actually the items are not officially going to be deleted. An admin can go and eventually delete this if they go through and do an audit and they see that it has this label on it. But in this case, it doesn’t have to just automatically delete it. So mostly this is just a classification thing, all right, as opposed to it going through and actually deleting it after a certain period of time. But I’m going to go with retain items for a specific period, delete items automatically. We’re going to click next and we’re going to click create a label, all right? And just like that, after a minute or so, it will create the label. Now again, I want you to consider something when you create a label. You need to give it time it can take as long as 24 hours, especially on a trial tenant. If you’re doing this in a test environment, a trial tenant, it can take up to 24 hours before these things can become available to you to use. Okay? Plus, you still have to before the label is available, you’re going to come across this final screen here, and it’s going to ask you if you want to publish the label. Now, I’m not going to publish the label in this example here, but publishing the label is what makes it available in your different locations. All right? And you’ve also got the auto apply label to a specific area. You can have it auto applied to certain data, or you can say do nothing. Now, for now, I’m going to say do nothing in this particular video. Okay? And at that point, we click done. And we’ve officially created our retention label. It has not been published yet, so nobody can use it, but we’ve officially created it.

  1. Creating and Applying Retention Label Policies

Now on top of creating retention labels, you have to follow that up with something known as publishing the labels as a policy or what we call label policies. Now the interesting thing about this is that you can group a bunch of labels together into a single policy if you want. So if you created more than one label and you wanted to group those together, together into a policy so that users can use all of the labels in a certain area, you could totally do that. So for example, I could have a set of labels that are just for Exchange or just for SharePoint or Microsoft 365 Groups which you can go into teams.

I can do that if I want. I can actually create a policy just for Exchange or just for SharePoint or all that. And for now though, what I’m going to show you is just how we can apply our label to all the locations, okay? And we’ll go deeper. But here we are, we’re on Portal, microsoft. com, we’re going to click the show all lip symbol, go to Compliance. That’s going to bring us into compliance. Microsoft. com. We’re going to click on the information governance. Blade So we go down here, click on that, and then at that point you have a couple of things you can do, a couple of options. You could say Publish the Label or to click Label Policies and go there. It doesn’t really matter.

Either solution is going to get the job done. Okay? I’m going to go here to label policies and I’m going to click publish labels. All right? I’m going to choose which labels I want to publish. Now in my case I’ve only got one, but again, if I had a group of labels that I wanted to be available, I could, I’m going to click just the one. I’m going to click Add and then I’m going to click Next. In my case, I’m going to publish to all locations. But keep in mind you could do specific locations if you wanted, okay? Exchange SharePoint OneDrive, all that. All right? We’re going to do all locations. In this particular example though, from there we’re going to click Next and we’re going to give it a name. We’re just going to call this seven-year deletion for all locations. All right? That’s what my policy is going to be called and I’m going to go ahead and click Next. All right? It tells you everything that’s going to happen. It also throws out a warning.

It says it will take up to one day for labels to appear to your users. Labels will appear in Outlook and Outlook web app for mailboxes that have at least ten megs of data. Okay? So that’s your little warning message. And as always, you have to be patient when you do this. Don’t expect to be able to start using these labels for at least 24 hours, especially if you’re using a trial tenant like I am here. So if you’ve set up a new tenant, it can take a while. Trial tenants are sitting on the hardware that’s not processed quite as fast as a production tenant is. So just keep that in mind. I’m going to go ahead and click submit. And at that point, it is now submitting. My policy and my policy was created. And at that point, my label eventually will make its way out there and I can start using it in those different locations.

  1. Configuring and Publishing Auto-Apply Label Policies

Now that you have an understanding of retention labels and policies, I want to take a look now at the concept of auto applying these labels. All right, so this is a neat little feature that you can use where the Microsoft 365 service will analyze information in your environment just like with sensitivity labels and determine if it should have a retention label applied. In fact, it can actually analyze sensitivity label information and use retention based on that.

Or you can use keywords or trainable classifications, things like that, which is really neat. So let’s take a look at that. Here we are on Portal Microsoft. com. We’re going to go to the show All Lip Symbol and we’re going to go to Compliance. So as usual, once we’re in the Compliance center, we’re going to go down to Information Governance and we’re going to click on label policies and we’re going to look at this area here called Auto Apply a label. So we already have a policy, seven year Deletion. But what I want to do now is I want to do an Auto apply label. So we’re going to click on that, all right? And we’re just going to give this a name. I’m just going to call it Auto Apply or Apply auto label seven-year deletion. Okay, so we’re going to click Next on that. So there are three options. One is to use a sensitivity label.

All right? So if I want I can go here and I could choose something like Financial, maybe go with like US financial and then click Next. Another option is to do a specific word. So maybe I’m looking for a specific word. Like I could do keyword legal or something. It’s got the word legal in it. Or we could say Customer record or something like that. It could be based on that as a condition. Or lastly, you can do trainable classifier. So if you’ve implemented the Trainable classifier feature where it goes through and picks up on certain classification information, keywords and stuff, it’ll source code harassment, profanity, threats, resume, offensive, language discrimination, all that, you could base the label on that. All right, so really neat. I’m actually going to go with the sensitive info one and we’re going to select that, click Next and let’s go with Finance and we will do the US financial data. All right.

So then we’ll click Next and then of course it’s ranked on instances high, medium, medium for the different numbers. You can adjust that. So if you’ve learned sensitivity labels you should already know what all this stuff means, all right. And that you could add additional sensitive info types if you wanted. If I wanted to add something else to this, I could an additional number to look for, but I’m not going to do that. I’m going to go ahead now and click Next and I can choose the locations that this is going to be applied. In my case I’m just going to choose all locations, all is included. I’m not going to exclude anything. Just remember though, with many other things in Microsoft 365, exclusions will override inclusions. So if I go and I exclude something, like if I had a group that it was being applied to, and then I had another group that I excluded, anybody that’s in both groups is going to get excluded.

So exclusions will always override inclusions. So then we’re going to click next, and then we’re going to say, okay, which label are we going to apply? So we’re going to apply the seven year retention label here. We’re going to add that if we had multiple, we could. All right, so, you know, it’s going to keep for seven years and then it’s going to delete it. We’re going to click next, and then it kind of gives us a summary of what we’ve done. And we’re now going to click to submit. All right. It’s at that point it’s going to submit. And I know I probably sound like a broken record, remember that this could take 24 hours before it’s actually applied in your environment. So don’t get too excited and think you’re just going to immediately start seeing this get applied, especially if you got a trial tenant. It takes time, it can take up to 24 hours. But once I’ve done that, I can click done. And I’ve now officially got my auto apply label.

  1. Understanding Conflicting Retention Policies

Now something else that needs to be considered when working with retention is if there is a situation where you have conflicts, okay? For example, if one label says to keep something seven years and another label says to keep something ten years. So let’s think about that for a minute. And to start, let’s take a look at our retention area of our compliance center. So we’re going to go to portal my Microsoft. com. We’re going to go to show all click on compliance.

That’s going to bring us over to the compliance center, all right? And then from there we’re going to go down here to information governance, all right. And let’s look at our label policies here. All right, we got to consider we have some different label policies here and here’s one for seven years. Here’s one for ten years. All right. Now let’s say that you’ve got both of these applied to something. So you end up with a conflict where you’ve got policies that are saying delete something in seven years. You’ve got another conflicting policy that says deleted in ten years. So Microsoft handles this a very simple way. They basically say the longest lived policy is the one you’re going to go with.

All right? So in other words, if you’ve got a seven year policy and you got a ten year policy applied to the same locations and it’s being auto applied and all that, then basically the ten year is going to take precedence. Okay? Another thing is if you’ve got something that says don’t delete something and you have another thing that says delete it, well it’s not going to get deleted so it’s going to save it. So as you can see, Microsoft is always going to lean more towards keeping your information versus deleting your information. And so that’s what you want to remember about that. Very simple idea, very simple concept. The longest lived policy is the one it’s going to go with, all right? Meaning if there’s ever a conflict, I want to keep information versus deleted, I’m going keep it. And if there’s ever a period of time on deletion, the longest period wins.

Related posts:

  1. 10 Classy Cloud Storage Services You Can Use for Free
  2. 2018’s Top 10 Certification Exams In IT
  3. 25 Important Project Management Terms That Will Lead You to Success
  4. 98-381 Microsoft Introduction to Python – Arrays
  5. Best Paying TECH Careers In IT
  6. Boost Your Career With Cisco Certifications (Part 2)
  7. Dive into the World of Microsoft MCSE Certifications!
  8. Explore the Best Computer Jobs to Take Your First Step into the Future
  9. Tips To Write A Perfect CV
  10. Top 5 Networking Certifications: Do You Want to Boost Your Career Potential in 2020?

Popular posts

Top Vendors On The IT Certification Market

Case Study Hillary’s HillRaisers raising cash for Obama inauguration

Top 5 Agile Certifications You Should Pursue in 2020

SY0-501 Section 1.1- Implement security configuration parameters on network devices and other technologies.

Your Best Career Path With EC-Council Certification

Job Opportunities For MCSE Certification

First Day at a New IT Job: Do’s and Don’ts to Master Your New Role

Reasons To Get Microsoft MCSA Certification

SY0-501 Section 3.2- Summarize various types of attacks.

SY0-501 Section 6.2- Given a scenario, use appropriate cryptographic methods.

Recent Posts

img