Cloud & Networking
Reader small image

You're reading from  Microsoft 365 Security, Compliance, and Identity Administration

Product typeBook
Published inAug 2023
PublisherPackt
ISBN-139781804611920
Edition1st Edition
Concepts
System Administration
Right arrow
Author (1)
Peter Rising
Peter Rising
author image
Peter Rising

Peter Rising has over 25 years' experience in IT. He has worked for several IT solutions providers and private organizations in a variety of technical and leadership roles, with a focus on Microsoft technologies. Since 2014, Peter has specialized in the Microsoft 365 platform, focusing most recently on security and compliance in his role as a Consulting Services Manager for Insight. Peter is heavily involved in the wider Microsoft community and has been recognized by Microsoft as an MVP. He holds several Microsoft certifications, including MCSE: Productivity; Microsoft 365 Certified: Enterprise Administrator Expert; and Microsoft 365: Cybersecurity Architect Expert.
Read more about Peter Rising

Right arrow

Managing Microsoft Purview Data Lifecycle Management

Planning the lifecycle of your organization’s data is a crucial task for Microsoft 365 compliance administrators, and it is vital to have the correct strategy in place to ensure that your organization is protected and compliant. There are several ways to manage the lifecycle of the data hosted in your Microsoft 365 environment, the principles of which will be introduced in this chapter. You will learn how to view and interpret Data Lifecycle Management reports and dashboards, configure retention labels and policies, configure retention within Microsoft 365 workloads, find and recover deleted Office 365 data, and configure and use adaptive scopes.

These topics will be covered in the following order:

  • Planning for data lifecycle management
  • Analyzing reports and dashboards
  • Configuring retention labels and policies
  • Planning and implementing adaptive scopes
  • Finding and recovering deleted Microsoft 365...

Planning for data lifecycle management

The complexity and volume of data that is stored and processed by organizations is ever increasing. Data can be stored within email messages, documents, Teams chat and channel messages, and more. It has never been more crucial to effectively manage and govern the data that you store in order to do the following:

  • Comply with internal policies or industry regulations and retain content for only as long as it is needed
  • Permanently delete old and unnecessary content to reduce risk in the event of a security breach or litigation
  • Ensure that your organization’s employees work only with content that is current and relevant

The starting point for compliance administrators when planning for data lifecycle management is retention. With retention labels and policies in Microsoft 365, you can take actions that will either retain or delete content in line with the set retention periods. This will result in the following outcomes...

Analyzing reports and dashboards

Microsoft provides administrators with a great deal of information relating to data lifecycle management, which can be accessed from the Microsoft Purview compliance portal. Regularly reviewing this information enables you to stay one step ahead in ensuring that your organization meets its compliance and regulatory obligations. It also allows you to make logical adjustments to the existing compliance settings that you have already configured. The Microsoft Purview Data classification page provides you with visibility on the following details:

  • Items classified as a sensitive information type (SIT) and what those classifications are
  • The most frequently applied sensitivity labels
  • The most frequently applied retention labels
  • A summary of activities that users are carrying out on your sensitive content
  • The locations of your sensitive and retained data

In order to view this information in the Microsoft Purview compliance portal...

Configuring retention labels and policies

In this section, we will learn how to create retention labels, retention label policies, and retention policies and apply them to Microsoft 365 workloads, including Exchange Online, SharePoint Online, OneDrive, and Teams, from the Microsoft Purview compliance portal.

Retention labels are generally intended for when you need exceptions to your retention policies. Typically, you would use retention labels to retain specific items for longer periods than an applied retention policy. For example, you may set retention policies on SharePoint sites to retain content for five years. However, you may also have some documents within the SharePoint site that need to be retained for a longer period—say seven years—for regulatory compliance reasons. Retention labels could be applied to that content. First, we will see how retention labels are used at the item level and applied to content with retention label policies, and then how retention...

Creating a retention policy

As stated earlier in the chapter, retention policies are used to retain content at the service or container level. This means that retention is applied broadly and, as already demonstrated, you can make any exceptions using retention labels. Also note that users never have the option to apply retention policies themselves. It is something that happens automatically without any user involvement. Administrators must create retention policies based on organizational policies or regulatory obligations.

To create retention policies within Microsoft Purview, complete the following steps:

  1. Log in to the Microsoft Purview compliance portal at https://compliance.microsoft.com, then navigate to Data lifecycle management | Microsoft 365 and click on the Retention policies tab. You will then see the list of policies, as shown in the following screenshot:
Figure 13.30: Retention policies tab in the Microsoft Purview Data lifecycle management section

Figure 13.30: Retention policies tab in the Microsoft Purview Data lifecycle...

Planning and implementing adaptive scopes

As you have already seen in this chapter, when you create a retention policy or retention label policy, you are required to choose between adaptive and static scope types to define the scope of the policy. In previous examples, you have used static scopes wherein the administrator chooses the locations and the criteria for retention. Static scopes have more limited configuration options, such as including or excluding locations and instances within those locations.

With adaptive scopes, you can specify queries that enable the dynamic inclusion of users who should be targeted by the scope. Adaptive scopes run daily to pick up any changes that may apply, such as a new user account being added to Microsoft 365 that has a department field selection or a job title selection that matches an adaptive scope query. It is possible to use multiple adaptive scopes within a single policy.

Some advantages of using adaptive scopes include the following...

Finding and recovering deleted Microsoft 365 data

In addition to retention, it is important to have an understanding of what happens when content is deleted from locations in Microsoft 365 and what steps you can take to recover that content. First, let’s take a look at how this applies to user mailboxes.

User mailboxes

There are two types of deleted Exchange Online user mailboxes. These are hard-deleted mailboxes and soft-deleted mailboxes:

  • A hard-deleted mailbox is a mailbox that has been soft-deleted for more than 30 days, and the associated Azure AD user has been hard-deleted. There are various scenarios that can apply to hard-deleted mailboxes. Refer to the Further reading section for links to more information about this. Hard-deleted mailboxes cannot be recovered.
  • A soft-deleted mailbox is one that has been deleted either via the Microsoft 365 admin center or using the Remove-Mailbox PowerShell cmdlet, after which it has remained in the Azure AD recycle...

Summary

In this chapter, we were introduced to the principles of data lifecycle management and retention within Microsoft 365. We learned how to use Microsoft Purview dashboards for data classification, view Content explorer to see where sensitive info is detected in Microsoft 365 locations, and utilize Activity explorer to view user activity such as applying a label. We also learned how retention policies in Microsoft Purview are used to retain content at the container level to comply with organizational policies and regulatory requirements, and how retention labels can be used as exceptions to those policies when item-level content such as individual documents need different retention settings from those more broadly applied by retention policies. Finally, we learned how content can be recovered if deleted from Microsoft 365, such as mailboxes and OneDrive.

In the next chapter, we will learn about managing and analyzing audit logs in Microsoft Purview. We will examine the concepts...

Questions

  1. When a user object is soft-deleted from Microsoft 365, how many days do you have to recover the user mailbox before it is permanently deleted?
    1. 60 days
    2. 30 days
    3. 120 days
    4. 90 days
  2. True or false? Retention labels can be used as exceptions to your retention policies.
    1. True
    2. False
  3. Which of the following locations cannot be present in a retention policy designed to cover all Microsoft 365 locations? (Choose all that apply)
    1. Exchange email
    2. Teams chat
    3. SharePoint sites
    4. Teams channel messages
    5. OneDrive
    6. Teams private channel messages
  4. Which feature in Microsoft Purview would you use to identify Microsoft 365 data containing sensitive info?
    1. Activity explorer
    2. Content explorer
    3. Alert policies
    4. Assessments
  5. True or false? Adaptive scopes require an M365 E5 license.
    1. True
    2. False
  6. Which two sections in Microsoft Purview can be used to configure retention labels?
    1. Data classification
    2. Data lifecycle management
    3. Records management
    4. Compliance manager
  7. What will happen if you try to include Teams channel...

Further reading

Please refer to the following links for more information:

lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 17 of 25
Next Chapter
You have been reading a chapter from
Microsoft 365 Security, Compliance, and Identity Administration
Published in: Aug 2023Publisher: PacktISBN-13: 9781804611920
© 2023 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at AU $19.99/month. Cancel anytime

Author (1)

author image
Peter Rising

Peter Rising has over 25 years' experience in IT. He has worked for several IT solutions providers and private organizations in a variety of technical and leadership roles, with a focus on Microsoft technologies. Since 2014, Peter has specialized in the Microsoft 365 platform, focusing most recently on security and compliance in his role as a Consulting Services Manager for Insight. Peter is heavily involved in the wider Microsoft community and has been recognized by Microsoft as an MVP. He holds several Microsoft certifications, including MCSE: Productivity; Microsoft 365 Certified: Enterprise Administrator Expert; and Microsoft 365: Cybersecurity Architect Expert.
Read more about Peter Rising

Personalised recommendations for you

Based on your interests and search pattern

Designing and Implementing Microsoft Azure Networking Solutions

Designing and Implementing Microsoft Azure Networking Solutions

Designing and Implementing Microsoft Azure Networking Solutions Exam Ref AZ-700 is an all-encompassing guide to the AZ-700 exam and contains all the information you need to succeed in the world of virtual networking with Azure. With this book, you will be fully prepared for the exam and the world of cloud networking.

BookAug 2023524 pages
Microsoft 365 Security, Compliance, and Identity Administration

Microsoft 365 Security, Compliance, and Identity Administration

The Microsoft 365 Security, Compliance, and Identity Administration is a comprehensive guide that helps you employ Microsoft 365's robust suite of features and empowers you to optimize your administrative tasks.

BookAug 2023630 pages
Zero Trust Overview and Playbook Introduction

Zero Trust Overview and Playbook Introduction

Get started on Zero Trust with this step-by-step playbook and learn everything you need to know for a successful Zero Trust journey with tailored guidance for every role, covering strategy, operations, architecture, implementation, and measuring success. This book will become an indispensable reference for everyone in your organization.

BookOct 2023240 pages
The Self-Taught Cloud Computing Engineer

The Self-Taught Cloud Computing Engineer

This self-study book helps you master multiple clouds, including AWS, Azure, and GCP, and serves as a roadmap to becoming a certified cloud computing expert. The book will guide you to develop a professional cloud career by helping you build a broad cloud knowledge base, developing hands-on cloud computing skills, and getting cloud certified.

BookSep 2023472 pages
Technology Operating Models for Cloud and Edge

Technology Operating Models for Cloud and Edge

This book will help you build and create ownership of a technology operating model, as well as connect your leadership with engineering and operations, keeping your internal and external customers in mind. It provides practical tips on why, where, and how to make the cloud and edge platform paradigm sing for you, your team, and your organization.

BookAug 2023228 pages
Azure Architecture Explained

Azure Architecture Explained

Azure is the preferred platform to build mission-critical and secure apps. This book provides comprehensive coverage of essential Azure products, services, and solutions vital for every solution architect's success. Elevate your knowledge and master the critical components of Azure to excel in your role with Azure Architecture Explained.

BookSep 2023446 pages
Pentesting Active Directory and Windows-based Infrastructure

Pentesting Active Directory and Windows-based Infrastructure

This practical guide helps you explore the pentesting of Microsoft infrastructure in detail, and enhances your offensive skillset by showing you the different ways to perform security assessment. This book will help blue teamers and IT engineers get up to speed with possible security issues they may encounter in their Windows environments.

BookNov 2023360 pages
Practical Ansible

Practical Ansible

In Practical Ansible, you'll work with the latest release of Ansible and learn to solve complex issues quickly with the help of task-oriented scenarios. You'll start by installing and configuring Ansible to automate monotonous and repetitive IT tasks and get to grips with concepts such as playbooks, inventories, plugins, collections, and network modules.

BookSep 2023420 pages
Windows 11 for Enterprise Administrators

Windows 11 for Enterprise Administrators

Microsoft’s launch of Windows 11 is a step toward satisfying the enterprise administrator’s needs for better management and enhanced user experience customization. This book provides the enterprise administrator with the knowledge needed to fully utilize the advanced feature set of Windows 11 Enterprise.

BookOct 2023286 pages
The Linux DevOps Handbook

The Linux DevOps Handbook

This book is for software and IT professionals seeking knowledge on Linux systems and DevOps practices. This book will provide you with guidance and tools to learn and gain proficiency in managing Linux-based infrastructures and knowledge of DevOps.

BookNov 2023428 pages2