top of page

Applying Retention Labels to Sensitive Information In Microsoft Purview

In this article, we'll explore how you can apply a retention label on documents with Sensitive Information.


Microsoft Purview offers a range of retention policies and retention labels to help organizations manage their data effectively, reduce risk, and maintain compliance. One of the key features of retention labels is that they allow you to retain or delete content based on specific conditions. In this article, we'll explore how you can apply a retention label on documents with Sensitive Information.


First, let's briefly review what retention policies and retention labels are and how they work. Retention policies and labels are tools that enable organizations to manage their data according to legal, regulatory, and business requirements. They allow you to define how long you want to keep data and what you want to do with it once it has reached the end of its retention duration (relabel, review, delete, etc.).


When content has a retention policy applied to it, that content remains in its original location, and most people continue to work with their documents or mail as if nothing has changed. However, if they edit or delete content that's included in the retention policy, a copy of the content is automatically retained. The copy is retained in secure locations such as the Preservation Hold library (for SharePoint and OneDrive sites) or the Recoverable Items folder (for Exchange mailboxes).


Retention labels, on the other hand, can be used to assign retention settings at a much more granular level, such as document libraries, folders, documents, or emails. Unlike retention policies, retention labels and the associated rules travel with the content if it's moved to a different location within your Microsoft Purview tenant. In addition, retention labels have several capabilities that retention policies don't support, such as trainable classifiers to identify content to label, metadata triggers to auto-apply labels, and disposition reviews to review the content before it's permanently deleted.


Now, let's look at how you can apply a retention label to documents with sensitive information. This can be done using an Auto-Apply policy. Auto-Apply policies can look through various locations, such as documents, libraries, and sites, and look for various conditions. One such condition is sensitive information types. This can be used in conjunction with a DLP policy to further restrict what happens to items that contain these sensitive information types. These DLP policies can do many things, such as preventing documents from being shared or encrypting documents from external users.


How to Create an Auto-Apply Policy for Sensitive Information Types:

  1. Create a retention label with the appropriate retention settings you want.

  2. Create an Auto-Apply policy and give it a name.

  3. Select “Apply label to content that contains sensitive info”.

  4. Search for any of the built-in sensitive information types or create a custom type and rules.

  5. Define the content that has the sensitive information.

  6. Choose the location(s) to publish to.

  7. Select the label you made in Step 1.

  8. You can then select to turn on the policy right away or run a simulation.

  9. Review your policy and then Submit it.


Once you've created the auto-apply policy, documents with the sensitive information will be tagged with the label in a few days. This goes for current content and new content on a go-forward basis. These documents will live out the duration of the retention label. Once this duration has expired, the configured settings will occur (delete, disposition review, relabel, etc.).


By defining specific conditions for applying retention labels, you can ensure that sensitive information is retained or deleted in accordance with various regulatory and business requirements. Microsoft 365's retention policies and retention labels provide powerful tools for managing data in a compliant and secure way.




Comments


bottom of page