At some point in the future, your enterprise may be required to preserve content for a specific period of time or indefinitely, due to regulatory, legal, or business requirements. Fortunately, Microsoft is revamping its compliance arsenal for Office 365, bringing new features to the service that will make this task significantly easier. Managing all of your content and controlling what you store can be accomplished using retention and preservation policies. Actually, that’s now a bit out of date, because Microsoft removed some of the naming confusion and unified these two process, without removing features. In this article we’ll take a look at retention policies, what has changed, and how you can put all of this to work.
Office 365 Retention Policies: 6 features you should know about
1) Litigation holds and in-place holds to cover all bases
Just a few years ago, the only option you had to satisfy a legal requirement to conserve specific communication was to set litigation holds on entire mailboxes or on all of your storage. This meant that even though only a few items needed preservation, all of the data had to be kept in place untouched.
Microsoft now gives you the option to set in-place archiving and in-place holds on specific pieces of information that meet search criteria defined in eDiscovery. The spectrum of options has also widened: you’re not limited just to Exchange but can also work with data in SharePoint, Skype, OneDrive, and Yammer.
As you might guess, one user can be subject to multiple in-line holds, but a litigation hold is either enabled or disabled for the whole mailbox. These can coexist, meaning that removing a litigation hold won’t affect in-place holds set on that mailbox. All of the items can be kept for any period or indefinitely, as specified in the hold settings.
The main purpose of using these two features is to manage legal issues that you might encounter. This need may not arise, but if it does, taking these steps might be a life-saver for anyone handling the enterprise store.
2) Preservation and retention policies of old
Retention policies are not new—they were always used to get rid of data, either by pushing it to an archive or by deleting it.
That is why Microsoft created preservation policies, which were intended to retain and safeguard the content. You previously could find them in the Security & Compliance Center. Don’t worry, though; if you previously had preservation policies set up, you can still find them on the Retention page in the Security & Compliance Center. You can edit their retention periods, but cannot make other changes, like adding or removing locations.
3) Preservation and retention policies now
Microsoft added another layer of complexity for administrators by removing the preservation feature and creating a new generation of retention policies that include all of the functionality that preservation policies had before.
I would advise no longer using old retention policies and retention tags (also known as Messaging Records Management or MRM) because they are obsolete. Their scope is very limited, applying only to Exchange stores and to messages. Organizational information today flows through other sources as well, like SharePoint, OneDrive, Skype, Yammer, and Office 365 groups, so the scope of these policies must widen, from specific locations to organization-wide policies that apply to all locations.
4) How to set up retention policies
An organization-wide unified policy, assuming it applies to entire locations, has no limit to the number of mailboxes, sites or OneDrive accounts it can include. You can, however, choose to fragment the range of your policy—you can enable or disable locations, like Exchange, SharePoint, Skype for Business, etc. You can also limit the recipients that you want to be affected, by using inclusions or exclusions. It’s worth mentioning that new recipients will inherit existing policies; for example, new mailboxes created after a retention policy that applies to the entire Exchange location will also be subject to that policy.
Some enterprises will need to comply with rules defined by regulatory entities like the Securities and Exchange Commission, which force you to lock certain retention policies. You have an option to help with this called Preservation Lock. This feature will lock the policy so that nobody—not even a full-fledged administrator—can disable the policy or make it less restrictive. Basically, you are locking the policy and throwing away the key. It’s as crazy as it sounds, so you must really understand the compliance requirements of your organization before you commit to such an action.
If you are a strong advocate of data governance, you should also keep in mind that, at least for the moment, there is a per-tenant limit of 10 policies that are organization-wide or for an entire location.
5) Labels to help you organize
Across your business, you have multiple types of information that need to be managed differently to comply with various internal and external regulations. For example, you may have tax forms, research documents, press materials, etc. You can use labels to organize this data for governance and then create a retention policy based on these classifications to retain this content, delete it, or push the data to the archive.
6) Extra mailbox storage with archiving in Office 365
Office 365’s In-Place Archiving provides users with extra mailbox storage space. An abundance of it, in fact: up to 100 GB. Previously, if this quota was reached, organizations had to contact Microsoft to increase it. That’s no longer the case, however; now the storage automatically expands, being incremented in chunks until storage needs are met, with no upper limit.
Retention policies are one of Microsoft main foci
Compliance has become one of Microsoft’s main focuses in Office 365, as you can tell by the number of changes they have made recently. As the amount of data an organization uses continues to increase at a rapid rate, the importance of governing it effectively does as well. You need to know how to use these Office 365 features, so that next time you encounter litigation, industry regulations or internal policies, you’ll be able to tackle them in the best possible way.