Microsoft 365 continues to grow its built-in records management capabilities as it attempts to provide a realistic alternative to traditional electronic document management systems.

In this article we cover the top five records management features in Microsoft 365 that you need to know!

1) Retention Policies and Labels

If you’re reading this, chances are you a well versed in retention labels in different records management systems. In Microsoft 365, retention labels allow you to classify your information across your organisation and enforce retention and disposal schedules based on these classifications.

When you label a piece of content in Microsoft 365 that content remains in its original location and end-users can continue to work on the content as if nothing has changed. However, when the content is edited or deleted a copy is automatically retained.

When it comes to managing the lifecycle of information in Microsoft 365 you can use both retention policies and labels to accomplish this. Unlike labels, retention policies assign the same retention settings for all content at a site or mailbox level. Labels on the other hand assign retention settings at the item level whether it be for a document, folder or email.

For example, if all documents within a SharePoint site needed to be retained for 7 years you would use a retention policy to apply the same label and 7-year retention period for all documents in the site.

Retention labels, however, have capabilities that retention policies do not have. Firstly, when you copy or move a document with a retention label to another location the label remains. Additionally, you can start a retention period when a label is applied, when it was last modified, when it reaches a certain age or based on an event.

Moreover, retention labels also support disposition reviews so system admins and Records Managers can review content before it is permanently disposed of. You can also mark content as a record in your retention label settings, which means you will always have proof of disposition when content is deleted at the end of its retention period.

Lastly, with retention labels you can take advantage of trainable classifiers, which is Microsoft’s new machine learning technology that enables automated, intelligent classification.

2) Trainable classifiers

Trainable classifiers give you the ability to automatically classify your content and records and work with retention labels to trigger retention periods. Rather than simply looking for keywords or patterns, trainable classifiers in Microsoft 365 Compliance Center use machine learning to analyse the makeup of a document to determine what it actually is.

It does this by analyzing hundreds of examples of a specific type of content such as a meeting minutes or invoice. You can then test the accuracy of the classifier by feeding it both matching and non-matching examples of content and confirming whether it classifies it correctly.

3) Sensitivity labels

With users sharing and collaborating on documents across different devices and apps, one of the biggest concerns Information Managers have is ensuring these documents are secure as they move through different systems. This is where sensitivity labels come in handy as they allow you to classify content to automatically trigger security settings.  

There are several different security settings sensitivity labels can trigger to help safeguard your information. Firstly, they can encrypt emails and documents by allowing you to enforce rules regarding which users and groups can perform which actions and for how long. For example, maybe an external organisation can only view and review a document for 7 days after a sensitivity label has been applied.

You can also mark emails and documents with watermarks headers, or footers. Additionally, you can apply settings to an entire SharePoint site of Microsoft 365 group. These settings don’t label every individual document within the site or group but instead protect content by controlling who has access to the container where the documents are stored.

Moreover, when you download a labelled file from SharePoint or OneDrive, the protections applied to the document are retained and enforced, regardless of where the file is saved. You can also go a step further by using Data Loss Prevention (DLP) policies to cover content in these files.

4) Data Loss Prevention Policies

Every week you hear a new story about an organisation suffering from a data breach where sensitive and often personally identifying data is leaked. For this reason, having data loss prevention policies correctly configured in Microsoft 365 is essential.  

DLP in Microsoft 365 allow you to define policies that govern what can and cannot be done with certain types of data across Teams, SharePoint, OneDrive and Exchange. For example, if you are sharing information with external organisations, DLP policies can prevent documents with sensitive information such as credit card numbers of personally identifiable information from being shared. DLP can also prompt end-users with a warning when they are about to share a document containing potentially sensitive data.

For organisation’s in regulated industries who are required to adhere to data-privacy regulations including GDPR, HIPAA and HRIP; Microsoft 365 data loss prevention policies are essential. If you want a detailed breakdown on how to set up custom DLP policies in Microsoft 365, you can check out our guide here.

5) Communication Compliance

With an ever-increasing volume of communications across different apps and platforms, one of the biggest compliance challenges facing Information Managers is how they can effectively monitor and regulate this.

Those of you that are familiar with the Microsoft 365 Security and Compliance Centers may have heard of supervision policies before. This is the old tool that Microsoft used to manage communications which has now been replaced by their new communication compliance solution.

This tool leverages machine learning to analyse communications across your Microsoft 365 apps such as Microsoft Teams and Exchange Online to flag potential violations. To get you started, Microsoft again comes with out-of-the-box learning models for identifying profanities, threats, physical violence and harassment.

Additionally, Microsoft have also added new eDiscovery capabilities for Microsoft Teams so that you can view the whole context of a conversation. In other words, if you run a search for a message, the message is displayed in a conversation view where you can see previous messages to properly understand the context of the conversation.

As I mentioned early, although Microsoft 365 might not yet have the advanced records management capabilities of traditional eDRMS, it is continuing to add more and more features. For organisations using Microsoft 365, they should familiarize themselves with its built-in records management capabilities to understand what it can do and how it can potentially work in conjunction with other records management systems.