This article will dive into how the Preservation Lock works, its benefits, and how to implement it effectively within your organization's data retention policies.
Many organizations face the challenge of meeting regulatory requirements by ensuring the integrity and security of their data. Microsoft 365 offers a powerful feature called Preservation Lock that can help address these concerns. This article will dive into how the Preservation Lock works, its benefits, and how to implement it effectively within your organization's data retention policies.
It should be noted: Preservation Lock currently only works with Static Scopes and Regulatory Records.
Understanding Preservation Lock:
Preservation Lock is a feature available in Microsoft 365 that allows organizations to secure their retention policies and retention label policies against unauthorized changes. With Preservation Lock in place, no one, including global administrators, can disable the policy, delete it, or make it less restrictive. This robust configuration is useful in meeting regulatory requirements and safeguards against any unauthorized actions.
Key Benefits of Preservation Lock:
Protection against rogue administrators: Preservation Lock ensures that even administrators within the organization cannot tamper with important retention policies, reducing the risk of data mishandling or accidental deletions.
Compliance with regulatory requirements: By implementing Preservation Lock, organizations can demonstrate a commitment to meeting regulatory obligations. This feature provides an added layer of security, assuring compliance auditors that data retention policies cannot be altered maliciously.
How Preservation Lock Works:
Preservation Lock operates by enforcing various restrictions on retention policies and retention label policies. Here are some key aspects of how Preservation Lock functions:
Policy Lockdown: Once Preservation Lock is enabled, the retention policy or retention label policy is locked, preventing anyone from disabling or deleting it. This safeguards the policy from any unauthorized changes.
Immutable Locations: Preservation Lock allows for additional retention locations to be specified but prohibits the removal of a location. This ensures that data remains secured and immutable throughout the retention period whilst allowing new locations to receive retention as well.
Extended Retention Periods: While Preservation Lock prevents reducing or turning off a policy, it does provide the flexibility to extend the retention period when necessary.
Implementing Preservation Lock:
To implement Preservation Lock, organizations need to use PowerShell as it is not available through any user interface, including Purview.
Here's a step-by-step guide on how to enable Preservation Lock for your retention policy or retention label policy:
Access PowerShell: Launch PowerShell and ensure you have the necessary administrative privileges.
Identify the Policy: Use the command "Get-RetentionCompliancePolicy" to find the name of the policy that you want to lock.
Enable Preservation Lock : Run the "Set-RetentionCompliancePolicy -Identity "<Name of Policy>" -RestrictiveRetention $true " cmdlet with the name of the policy, and set the RestrictiveRetention parameter to "true."
A prompt will pop-up asking the user to confirm their choices. If they want to confirm and approve the locking of the policy, they must enter the “Y” key.
Confirm Preservation Lock: To verify that Preservation Lock has been successfully enabled, use the "Get-RetentionCompliancePolicy" command with the policy name to display its parameters. Check that RestrictiveRetention is set to true.
By leveraging Microsoft 365's Preservation Lock feature, organizations can fortify their data retention policies and ensure compliance with regulatory requirements by having protection against unauthorized changes to retention policies and retention label policies. The Preservation Lock offers peace of mind by safeguarding organizational data from accidental or intentional modifications. As data security becomes increasingly crucial, implementing a Preservation Lock should be a priority for any organization committed to robust data management practices.