Show all

The SharePoint information retention mannequin in Workplace 365 – Considering Information

At a meeting of the public IRMS group in London yesterday, I heard how Rob Bath compared the on-premises records retention model with the one offered in Office 365.

Rob described the two models available locally in SharePoint:

  • The Record Center Model where important elements are moved to a Records Center – the downside of this model is that it removes content from the context by removing it from the context SharePoint sites where users interacted with it;
  • The existing record management model where end-users can click a button to identify individual items as records. The downside to this model is that SharePoint provides information managers with no reporting function to view and manage the items distributed in their SharePoint implementation that have been declared as records.

Both the Record Center model and the In-Place model are still available in SharePoint Online in Office 365. However, Office 365 provides another way to manage SharePoint Online content retention. This new method is not in SharePoint Online. It resides in the Office 365 Security and Compatibility Center, which manages content across the entire Office 365 application family.

The Security and Compliance Center provides the ability to set up retention labels and retention policies:

  • Retention Labels can be applied to containers in SharePoint sites, such as libraries or folders.
  • Retention Policies can be applied at the SharePoint site level.

Rob concluded that the retention label / retention policy model offered in the Office 365 Security and Compliance Center is a simpler and more effective way to manage SharePoint content than the two models available in SharePoint itself. A member of the audience asked him if there were circumstances in which he would recommend using the Record Center model or in-place model instead of (or in conjunction with) the retention label / retention policy model in Office 365 Second after and then said "no".

In the remainder of this post, I'll be thinking about why, after so many years on such bulky storage in SharePoint, Microsoft has done something better for Office 365.

Office 365 must have a retention model that goes beyond SharePoint.

Microsoft wanted a record retention model for Office 365 that is not specific to a specific Office 365 application, but can be applied to all major applications in the Office 365 family. This forced them to develop a model that was not based on SharePoint-specific features. Specifically, this has broken the link between retention of records and SharePoint content types.

The need to develop a model that could be applied to applications such as SharePoint Online, the Exchange Online e-mail system, and the OneDrive file-sharing application meant that Microsoft had a common denominator between the various applications had to search. The only common denominator between applications is that all content aggregates.

The retention model for records in Office 365

The retention model in Office 365 is very simple. For each application a basic aggregation is identified. In Exchange, it's the email account. In SharePoint, it is the site. OneDrive is the OneDrive account, and so on. In the Office 365 Security and Compliance Center, you can take advantage of the fact that all content in SharePoint is stored on Web sites and all content in Exchange is stored on email accounts, and so on to apply your retention rules.

Essentially, the Security and Compliance Center offers two different strategies for linking retention rules to content:

  • The most basic approach is to apply retention at the level of fundamental aggregation. You set up Retention Policies in the Security and Compliance Center and specify which SharePoint sites (and / or which Exchange email accounts, which OneDrive accounts, and so on) you follow each policy want to apply.
  • A more sophisticated approach is to manage retention at a level below fundamental aggregation. In this model, you set up your retention rules as retention labels (and not as retention policies) in the Security and Compliance Center and align the rules to the SharePoint sites / Exchange email accounts, and so on where you want them to be available to users to promote content

Applying Retention Policies and / or Retention Labels to Content in Exchange Online and in SharePoint Online

It's possible to use different strategies to apply retention labels / policies in different Office 365 applications in different ways.

I prefer e-mails to set a retention policy for e-mail accounts based on the business value of the correspondence (depending on the role of the individual e-mail account holder) and above In addition, to allow users to use a retention label to identify personal correspondence, so that a shorter retention period may apply.

Following his presentation I asked Rob Bath if he preferred to apply retention policies or retention labels in the SharePoint environment. He said a SharePoint site is usually too big to apply a retention policy. He prefers to install storage labels on libraries and folders within locations. To do this, set your retention rules as retention labels and identify for each label the SharePoint sites for which it is also relevant. As a result, most SharePoint sites have only a small number of retention labels available to manage content. While creating a new library or folder, the library / folder can be configured to apply one of these retention labels to all content stored inside it (see here).

It's important to ignore Microsoft's moving of retention tags so that end users can flag individual items in SharePoint. An end user has no incentive to set a retention period for a single document. In general, it is not recommended that end users be asked to do something that you know they will not do. In the SharePoint environment you should either:

  • Set retention labels as the default for libraries or folders. OR
  • Set retention policies as the default for SharePoint sites (if you can not set library / folder retention labels, this may be because your SharePoint installation is too large, and so does the Number of Information Governance Staff Low, your rollout schedule is too short, or you are using retention labels / policies in an older environment.)


I like Loading …

Comments are closed.