If the Microsoft 365 service is integrated with an EDRMS or ECM system then disposal controls can continue to be applied in that system through traditional methods (such as assigning retention periods through the business classification scheme and folder structure).
If there is no integration, disposal will need to be managed within Microsoft 365, which uses a slightly different approach. Please note that manual processes may be required, and that functionality will depend on the license held, as well as configuration settings that have been applied.
Disposal in Microsoft 365 environments can be managed through setting retention policies in the Security and Compliance Centre. These may be set up and applied through either of the following:
- Classification through use of labels and labelling policies
- Data Governance-Retention via a retention policy
Classification through the use of labels and labelling policy can be automated. Otherwise the labels must be manually applied, which requires the user to select an appropriate label to apply where multiple labels exist. To do this the user must be aware of agency retention policy in order to select the appropriate label for their data.
Using the Data Governance application may be a better approach as it enables retention to be applied “behind the scenes” without user action. When applying retention policies, consider the most appropriate level to apply the policy to. For example:
- If applying at a high group level it may be useful to flatten retention periods to a few big buckets that round retention up to the relevant disposal class with the longest minimum required retention period.
- If everything except a couple of records is subject to one retention period, a separate retention for those records may be applied at the document level; however this can be very onerous and document level retention is not usually advised.
The following information about Records Management functionality is from the Microsoft 365 website:
- Microsoft 365 E5/A5. Microsoft 365 E5/A5 Compliance, Microsoft 365 Information Protection and Governance, Office 365 E5/A5, Office 365 Advanced Compliance provide the rights for a user to benefit from Records Management including declaring items as records, automatically applying retention or record labels and executing disposition review processes (excluding automatically applying a retention label based on trainable classifiers).
- Microsoft 365 E5/A5. Microsoft 365 E5/A5 Compliance, Microsoft 365 Information Protection and Governance provide the rights for a user to benefit from automatically applying retention or record labels based on trainable classifiers.