Ecm in Sharepoint Online

ECM in SharePoint Online https://www.skillpipe.com/api/2/content/ddc18610-51f2-4a12-96c1-0d8...
ECM in SharePoint Online
Copyright © Combined Knowledge LTD All rights reserved. No part of this manual may be reproduced in any form
or by any method without expressed, written consent from Combined Knowledge Our manuals are printed in color;
black and white copies are illegally obtained.
Please call +44 (0)1455 200520 for more information or if you suspect piracy.
V 1.0
Table of Contents
Table of Contents
Module Overview
Components of ECM
Office 365 versus SharePoint classic compliancy
In-Place Records Management
Record Declaration Settings
Allows Record Declaration at the List and Library Level
Planning for In-Place Records Management
The Records Center – Classic template only
Planning for the Records Center
Content Organizer and Send to Functionality
1 of 67 28/08/2020, 14:19
Configuring a Tenant Send to Action
Configuring the Routing Rules and Permissions
Managing the Records
Generate an Audit Report
Security and Compliancy Center
Data Loss Prevention
Classification and Data Governance
Labels
Module Summary
Module Overview
2 of 67 28/08/2020, 14:19
Enterprise Content Management (ECM) is defined by AIIM as: the strategies, methods and tools used to capture,
manage, store, preserve, and deliver content and documents related to organizational processes. ECM tools and
strategies allow the management of an organization's unstructured information, wherever that information exists.
In this module, we are going to look at the capabilities of Enterprise Content Management (ECM) in SharePoint
Online and Office 365 via the security and compliancy center. We will start by looking at the core components of
ECM followed by looking at specific components in the complete compliancy story around records management,
compliancy and eDiscovery.
• Components of ECM
• Office 365 versus SharePoint classic compliancy
• In-Place Records Management
• The Records Center
• The Security and Compliancy Center
– eDiscovery
– Data Loss Prevention
– Labels classification and data governance
Components of ECM
3 of 67 28/08/2020, 14:19
There are many benefits for using the ECM functionality available in SharePoint; too many to list, but there are a
few key benefits that are worth mentioning when considering the use of SharePoint:
If you want to learn more about these components from a configuration perspective, you should consider attending
the Power User and Site Collection Administrator classes.
• Increased Productivity and Information Value - With SharePoint so tightly integrated with Microsoft Office,
the SharePoint content provides a familiar user experience, so they adopt it and are more willing to use it. They
are also able to find the information they need more easily, and their work is easily managed from start to finish.
• Easier Integration Meaning Fewer Systems - SharePoint makes it easy to manage documents, records, Web
content, and even rich media all on a single platform, which reduces IT costs.
• Drive Compliance and Reduce Risk - SharePoint along with the Office 365 security and compliancy center
makes it easy to apply retention, labels and policies to your data in SharePoint.
• Compliance Everywhere – With new requirements around GDPR and other strict guidelines for many
companies being able to manage data within SharePoint and Office 365 is critical. Document management
within SharePoint helps with a lot of the collaboration elements of compliancy.
Within SharePoint’s built-in ECM functionality, you have several powerful features to work with, including these top
ECM features:
4 of 67 28/08/2020, 14:19
• Document Management - The lifecycle of documents in your organization — how they are created, maintained,
published, and ultimately disposed of or retained for a specified period.
o Types of documents created
o Template associated with each document type
o Metadata associated with each document type
o Location of documents during their lifecycle
o Access of documents during their lifecycle
o Policies associated with documents during their lifecycle
o Management of documents to meet legal and corporate requirements
• Managed Metadata - A hierarchical collection of centrally managed terms that you can define and use as
attributes for items throughout SharePoint. Managed metadata has several definitions which make it easier to
understand how the managed metadata is used.
o Term – Word or phrase that can be associated with a SharePoint item
Often pre-defined in an organized hierarchical format
Words or keywords added in a non-hierarchical format and are all part of a
o Collection of related terms
◼ Local Term Sets – Created within context of a site collection for consumption within that site collection
◼ Global Term Sets – Created at the farm level for consumption within multiple site collections
***Note*** Managed metadata is a way of referring to the fact that terms and term sets can be created and
managed independently from the columns themselves.
• Labels – Similar to Metadata that enabled a property value to be associated with an item, the main difference
with labels is that they are created at the Office 365 \ Azure layer and can be applied through manual process,
automated policy assignment based on conditions and via client apps to allow simple click and assign method.
Labels can also form part of a more advanced template option for sensitivity types and rights management
encryption. Labels are created through the Security and Compliancy center or via Azure information protection.
• Records Management – A record is a document, or other entity, that serves as evidence of an activity or
transaction that occurred, that requires a retention period be assigned to it. The Records Management process
includes:
o Determining what needs to be considered a record
o Determining how active documents should be handled while being used, and how they should be managed
after they are declared as records
o Determining the retention period of each record type, ensuring they meet legal, business, or regulatory
5 of 67 28/08/2020, 14:19
requirements
o Researching and implementing technology that complements the business processes and ensures the
organization complies with its records management requirements
o Performing records-related tasks, such as disposal of expired records, locating and protecting records from
being destroyed if they are related to external events such as lawsuits
• Rich Media Management – Rich Media is often referred to as a digital asset which is an image, audio, or video
file, or other reusable rich content that the entire organization uses across the enterprise. The SharePoint Asset
Library enables users to easily create, retrieve, and reuse existing digital assets within the organization.
• Document IDs - Creates identifiers that can be used to retrieve items independent of their current location. The
Document ID service that supports it generates and assigns document IDs to the eligible items using a prefix
that you can define or a default prefix that the system generates.
It is important to understand that as part of any compliancy story for SharePoint you must include the Office 365
compliancy and Security center as part of the strategy. SharePoint is where the data is created and stored and
even though you can use only SharePoint to control document management it is a combination of SharePoint
metadata along with Compliancy labels for example that builds the full compliancy picture.
Throughout this module you will learn where SharePoint can bemleveraged and also where the security and
compliancy can be leveraged and where they work together.
• Document Sets – A document set is a content type, you can create a Document Set to manage related content
as a single entity, speeding up common processes.
The Document Set can have a Document ID associated with it for easy retrieval of the Document Set and the
documents within the Document Set. Think of a document library as a filing cabinet and a document set as each
folder in the cabinet.
6 of 67 28/08/2020, 14:19
Document sets carry several features that give them more functionality over folders.
You can also manage a document set as a single object for example as part of a workflow so that the document
set and all its content can be treated as a single compliant record in the records center.
◼ Search Results include the Document Set icon
◼ Search can be performed within Document Set
◼ Content Search and Content Query Web parts recognize Document Sets
◼ Better developer support through Client and Server side API improvements
◼ Folders supported, including the option to use folders as a default document
◼ Versioning improvements, full document set captured as a version
• Content Organizer - The Content Organizer manages or routes documents that users add to sites and uses an
advanced routing engine in conjunction with routing rules (defined by site administrators) to determine what
libraries the documents are stored. These libraries can have Information Management policies assigned to them
to control the retention period of those routed documents. An Information Management (IM) Policy is a set of
rules defined on a document library, content type, or part of a site policy, which enables administrators to control
information retention, auditing, and disposition of a document.
7 of 67 28/08/2020, 14:19
The content organizer is only enabled by default on the records center template however the feature can be
enabled on any SharePoint site to allow the automated routing of items once they arrive at the organizer
endpoint. This endpoint is a web service officialfile.asmx and once the feature is activated this endpoint now
becomes added to the site URL such as https://ckXXX.sharepoint.com/corppolicies/_vti_bin
/OfficialFile.asmx This URL could now be used as part of a workflow for say inter departmental item routing
without the need for records centers configuring.
Site-Level Policies
Compliance policy features of SharePoint can be created at the site level as well as policies being applied to the
content type. You can create and manage site policies in the site collection and the policies are applied to the
SharePoint sites and any Exchange team mailboxes that are associated with the sites as shown below.
8 of 67 28/08/2020, 14:19
Polices definitions can include:
• The retention policy for the entire site, and the associated team mailbox
• What causes a ‘project’ to be closed
• When a project should expire
The process for creating and configuring a site policy includes the following steps:
1. Project owner creates a SharePoint site and an Exchange team mailbox
2. Project owner applies the appropriate policy template, and invites team members to join the project
3. Retention policies are applied as the team adds documents to the site, sends email messages, and creates
4. When the project is completed, the project owner closes the project – this also removes the project's folders
from the team members' user interface in Outlook
5. After the specified time in the policy, the project expires, and the content and email associated with the project
are deleted
You must ensure that the feature for allowing site policies is enabled before you can use them in the site collection.
9 of 67 28/08/2020, 14:19
Once a policy has been created at the site collection it can then be used in the site.
Discovery
As data gets stored into SharePoint and indeed all over various systems such as Exchange there will always be a
time where the business needs to know where specific data is and if the company is in breach of specific data laws.
The Security and Compliancy center has dedicated search and discovery tooling to enable the business to identity,
detect and take action against data that is in breach of specific requirements.
It is often the case that compliancy offices or auditors are not part of the Office 365 management or IT team but
they must be included as part of the compliancy spearhead group and all administrators need to understand where
SharePoint is used and when the compliancy center takes over. For discovery all is now done via the compliancy
center. More on this later in the module.
Office 365 versus SharePoint classic compliancy
10 of 67 28/08/2020, 14:19
As Office 365 has evolved a lot of the previous SharePoint on premises features have been moved over to newer
Office 365 tools. It is important as part of this module and beyond to understand the capabilities of each option and
when to use what.
The primary reason why Microsoft is investing heavily in the Security and Compliancy feature set is that in Office
365 you have many services talking to each to work with data. You have SharePoint integrated with Teams and
groups, you have chat conversations happening in teams and there are still many people using email and
SharePoint Online as a method to share and collaborate on data externally.
With all this data flying around Office 365 Microsoft needs to create a single way to create policies and manage the
way data is being secured / retained and protected. To do this they have brought many of the compliancy features
from SharePoint / Exchange and Azure rights management into the security and compliancy center.
Office 365 has several ways to manage compliancy and in the last 6 months Microsoft has merged many of its
Azure rights management features now known as Azure Information Protection (AIP) into the security and
compliancy center including sensitivity labels. So, for many companies there is an upskill requirements to
understand how rights management and compliancy are now being weaved together into a single management
console. This isn’t to say you cannot create policies and labels in Azure, you can, and you use the AIP
management dashboard in Azure to do this.
11 of 67 28/08/2020, 14:19
For companies that have been using rights management for some time and are now seeing that AIP is bringing
everything under one configuration you may need to upgrade some of your templates to work in the new model.
Refer to this article for more information on converting rights management templates: https://docs.microsoft.com
/en-us/azure/information-protection/configure-policy-migrate-labels
Therefore going forward, you will have one location to manage labels and rights management templates in the
classifications management in the security and compliancy center.
Labels do not replace Managed Metadata for assigning items properties in SharePoint, and metadata is still a key
document management feature for the collaboration space and can still be powerful as part of a records
management solution, Labels and Office 365 classification extends this capability for beyond SharePoint and also
allows automation of data management which previously was not available out of the box in SharePoint Online.
As part of the migration feature process SharePoint Online is no longer used to manage several previous
compliancy functions. This functions include:
• eDiscovery
12 of 67 28/08/2020, 14:19
• Data Loss Prevention policies
• The Compliancy Policy center template
• In-Place Hold site template
All of these functions are now all managed in the security and compliancy center and we will be covering them in
more detail later in this module.
Even though many of SharePoint’s compliancy features have been moved it doesn’t mean that SharePoint has no
features left, in fact there are still many useful features in SharePoint Online that can be used as part of a bigger
story and also important if migrating from SharePoint on premises that is in classic mode templates.
The primary features that SharePoint Online still uses include:
• SharePoint Library support for labels
• Record Center for long term storage repository
• Content types using metadata assigned to lists and libraries including Enterprise content types
• Local library rights management policies
When it comes to managing SharePoint compliancy many companies still use the record center as a long term
repository of data, it can be data assigned with metadata columns or labels or both. SharePoint has the ability to
host as many record centers as the company needs and can expand with storage requirements and use workflow
as a means to manage the data over long periods of time.
SharePoint libraries also support the use of labels from the compliancy center on top of metadata. This means you
can have document libraries that have columns showing both types of information.
In-Place Records Management
13 of 67 28/08/2020, 14:19
In-Place records management provides functionality to help companies architect a compliancy and record
declaration mechanism:
• Allowing Record Declaration at the list and library level
• Works in both classic and modern libraries
• Delegating User Control for declaring records
• Declaration using a workflow
• Commonly used in established sites like Document Centers
• Often have non-records alongside declared records
Enabling auditors and administrators to declare records in their current location, without having to copy or move
them to an official records center or both, allows for a more granular approach to managing records, as the files can
remain in their collaborative space. This method, however, means that records and non-records can exist in the
same location. For files to be declared as records where they exist, the In-Place Records Management feature
must first be activated at the site collection level.
14 of 67 28/08/2020, 14:19
Record Declaration Settings
When the In-Place Records Management feature is activated, you will now have Record Declaration Settings under
the Site Collection Administration section in Site Settings.
Here, you can define how records are handled for the site collection. The settings include:
• Record Restrictions – Define the restrictions on records, such as Block Edit and Delete (default setting), Block
Delete or No Additional Restrictions
• Record Declaration Availability – Choose whether lists and libraries allow for in-place records declaration by
default (lists and libraries can define their own settings, discussed in the next section)
• Declaration Roles – Define who can declare and undeclared records (e.g. All list contributors and
administrators, Only list administrators or Only by policy actions)
Allows Record Declaration at the List and Library Level
By default, official record declaration is governed by either a policy or a workflow that invokes the declaration. It is
possible however to allow records declaration at the list or library level. There are two options when enabling this
option:
• Manual Record Declaration Availability
• Automatic Declaration
Manual Record Declaration
For a user in a list or library to manually declare a document as a record, he or she must have the permissions to
do so. By default, this is not enabled and can only be enabled at the site collection. To allow the user to override
this setting you need to enable 'Always allow the manual declaration of records' which is in the Record Declaration
Settings.
15 of 67 28/08/2020, 14:19
1. Go to the library you wish to enable the manual record declaration
2. Click on Library Settings
3. Under Permissions and Management click on Record declaration settings
4. Select 'Always allow the manual declaration of records’
5. Click OK
Depending on what library view you are using determines how you can manually declare the record. If you are
using the classic view when you go back to the library and click on a document, you will notice a new icon that
allows you to declare a record. Simply click the Declare Record button to change this from a non-record to record
status.
If you are using the ‘modern’ library settings, then you need to go to the compliancy page property of the document
to manually declare a record.
16 of 67 28/08/2020, 14:19
You also can un-declare the record if the document no longer needs to be treated as an official record.
Once the document has been declared you will notice that the document is locked and checked out and in the
classic view indicated by a small padlock icon (You may have to refresh the screen to see this). By default, a locked
document cannot be edited unless it is undeclared and checked back in. Also, now that it is a record it can become
part of a hold process if legal or compliancy details are requested.
As part of the declaration process the compliancy details of the document also changes and can be seen when
viewing the compliancy properties in the drop-down advanced choice menu of the document.
17 of 67 28/08/2020, 14:19
In the Compliance details page, you can now Un-declare the document assuming you have the necessary
permissions. Contributors will not be able to do this only Administrators and those with Audit management rights.
Automatic Declaration
For some lists or libraries, you will want to have all documents become a record and although the list or library may
exist in a standard collaboration site it may hold formal records such as a Document Center that contains a library
for all company sales contracts.
For this process, simply go back to the Record Declaration Settings in the library and check the box to
'Automatically declare items as records when they are added to this list'. A notification screen will be displayed
informing you that a check in is required to change the document to a declared record and checkout is required
before you can edit the document.
***Note*** for any existing items in the library you will need to check them out and then check them back in to apply
the lock. For all new items the process is automatic as you check in the document.
Planning for In-Place Records Management
With the availability of In-Place records management you can create complete business logic around your
document lifecycle throughout your entire site collection. Also with the use of Enterprise content types and
Managed Metadata at the farm level there is a lot more planning necessary to ensure these areas are set up
correctly prior to going live. One area of records declaration that requires custom development is the addition of
workflows that will automatically trigger when a document goes into a specific state.
For example: A salesman begins creating a sales proposal for a client in the sales collaboration site. Various
documents and spreadsheets are created, along with a PowerPoint presentation for the client. Eventually the sales
contract is drawn up but it requires several amendments over a few days for the client to accept it. Eventually the
sales contract is marked as final as chosen by a choice selection field. At this point we do not want to rely on the
salesman to initiate a workflow as all too often he is too busy selling. So, it makes more sense to have this as part
18 of 67 28/08/2020, 14:19
of an automated workflow that is kicked off automatically when the field value is changed to 'final contract'. As part
of the process we may also need the document to be taken from the sales collaboration site and moved to the
sales contracts library in the sales document center, possibly leaving a link in the original location as a pointer to
the documents new location.
The workflow that needs creating will require a developer to create the custom workflow, although some workflows
can also be done using SharePoint Designer. It will be important for whoever is designing workflows to understand
the capabilities of both Visual Studio and SharePoint Designer for custom workflows.
The workflow will require several steps to comply with the records management requirement:
1. The workflow must be initiated when the document is set to final contract
2. The contract cannot be edited after this stage
3. The workflow must be initiated automatically
4. The salesman cannot change the workflow process once started
5. The document is moved to the document center sales contract library
6. A link must be left in the sales library pointing to the moved document
7. Once at the destination site it must be declared a record, as automatic declaration is not enabled due to non-
As you can see this is just one process out of many to automate many of the business requirements. Furthermore,
there needs to be a training program to get your Power Users and Compliancy experts knowledgeable with how
SharePoint handles this functionality.
The Records Center – Classic template only
19 of 67 28/08/2020, 14:19
Earlier you learnt how SharePoint utilizes many document management and retention settings. In this section, we
will discuss the Records Center site collection template, why we need it and what features are included by default.
Planning for the Records Center
If you can have both Declared Records and Non-Declared Records in the same list or library and use Document
Centers to control high-level repositories, then much of the work a Records Center does is taken care off in the
collaboration environment.
However, many companies will still have a need to create Records Centers for longer term compliancy needs and
needing to be able to group different types of records into a single location based on a file plan logic.
For this model to be designed correctly, your company will need to design a file plan that matches the exact
requirements of information that is stored in the Records Center. A file plan is a matrix that lists all the information,
how it is managed, for how long it is retained, and what happens to it during different stages.
A file plan also defines who has access to what information after it is stored in the Records Center such as auditors
needing read-only access. Very rarely does a normal user have access to a Records Center and although they can
be setup to submit items it is usually policy managers or audit managers who are granted access.
An example of a file plan matrix is shown below.
Record Type Required Metadata Expiration Policy Audit Policy
Accounting Statements Statement Date (date field) Assign Barcode Retain for 8 years after Statement Audit View events
Date.
Delete on expiration.
Project Deliverables Delivery Date (date field) Label with Delivery Retain for 5 years after Delivery Date. None
Date (read only) Review by project management for
deletion
20 of 67 28/08/2020, 14:19
Record Type Required Metadata Expiration Policy Audit Policy
E-mail Correspondence Subject (string property, single line of text) Retain for 3 years from date created. None
Delete on expiration.
To setup a Records Center you will need to configure some functionality:
• Content Organizer (To manage the routing of documents)
• Metadata Navigation and Filtering (To aid in the discovery process)
• Information Management Policies (To define how long the item is held)
The document routing process can take place automatically using the Content Organizer as the routing mechanism
within a Records Center. In fact, when a Records Center is created all document management site features are
enabled (if they aren't already) as part of the process to make sure it functions correctly.
Often most Site Collections will not require all these features to be enabled and from a design and architectural
perspective it rarely makes sense to put a corporate official Records Center as part of a collaboration model. Most
companies require strict security and processing isolation for these sites, so you should always consider giving the
Records Center its own site collection.
After first creating the Records Center site the owner gets a custom welcome page that presents him or her with
suggestions for training topics and suggested links to include on the site. There is also a button to submit records, a
Search by Document ID web part, and list to display any pending records you’ve submitted. Additionally, the
Records Center template includes two libraries: Record Library and Drop off Library. The latter is utilized by the
Content Organizer feature.
To get your Records Center ready for use, the following steps will need to be taken:
1. Create the required content types
21 of 67 28/08/2020, 14:19
2. Create the record libraries
3. Create Content Organizer rules
4. Design the Site Welcome Page
These steps are listed on the Records Center Management page, which is listed under the SharePoint cog
menu➔Manage Records Center.
As you have already seen previously in this module, you will need to create document libraries with the specific
information management policies assigned to them (and/or have added the relevant content types with their own
information management policies) and then configure the Content Organizer rules to define which content type gets
routed to which library based on the conditions of the rule.
The site welcome page can be customized and Web Parts can be added to include the setup tasks, for example.
The Records Center Management page also displays a list of common Records Management tasks, such as
Discover and Hold Records and Generate a File Plan Report.
22 of 67 28/08/2020, 14:19
If you need to return to the page at any time go to the SharePoint cog➔Manage Records Center.
Once you have your primary configuration steps done the next step is to define how information will get sent to the
Records Center. There are several ways this can happen:
• Using the Send To function (uses the officialfile.asmx web service)
• Using an automated workflow (Again using the officialfile.asmx web service)
• E-mail journaling (configured along with Exchange Server)
• Submitting a record manually
Content Organizer and Send to Functionality
To use the Content Organizer function, you must first activate the Content Organizer feature in the site where the
23 of 67 28/08/2020, 14:19
document is being sent to, however in the Records Center Site, this feature is already activated by default. Once
activated, a new document library will become available called the 'Drop off Library.’ This library acts as a routing
mechanism for incoming documents and using a routing system (Content Organizer Rules) to match the content
type and metadata with the correct document library.
In our example from the In-Place Management section, the sales contract is sent (copied) to the Document Center
it was created in using the Sales Contract content type. This content type contains several metadata required fields
such as customer name and region.
For the document to be routed to an appropriate library, a new 'content organizer rule' must be created that defines
the content type match and the condition of the match, which then determines which document library the
document is routed to when it arrives in the Drop Off Library. In the above example, you would need a condition that
stated when Region=North and the Content Type = Sales Contract then route the document to the Sales Contract
North document library in the Document Center. The same concept applies to routing documents to a Records
Center.
When specifying a content type to be used, it must also exist on the destination library in the Records Center. This
means in the above example the content type of Sales Contract must be created in the content type gallery and
assigned to the Sales Contract North library.
24 of 67 28/08/2020, 14:19
If you wish, you can add multiple conditions as well such as Region=North and Product=Train which are based on
metadata values from a term store or fixed column values as defined in the item columns when created.
On the site where you are creating the actual documents in the collaboration space you now need to configure the
'Custom Send to Destination' functionality. This is done via the Advanced Settings in the Library Settings menu.
You can only create one Custom Send to Destination per document library although using workflows you could
create many send to locations based on business logic and status of the document.
When creating, the custom send to location, ensure that you specify the Drop Off Library as the destination URL, as
only the Drop Off Library has the Content Organizer rule listening on it.
When a document is now uploaded, or sent to the Drop off Library it will be routed to the correct library.
Configuring a Tenant Send to Action
The 'Send to' function can be defined at two locations - using the advanced properties in a document library as
discussed in the previous section or using the tenant option in SharePoint records center administration page
accessed via ‘More features’.
The advantage of configuring Send to locations in the tenant level is that once they are created here they are
available to users in every site collection. This makes it easier to deploy the Records Center Send to location
25 of 67 28/08/2020, 14:19
regardless of the collaboration model.
Another advantage of using the tenant method is that you can now configure multiple Send to locations which is
very useful if a company has more than one Records Center.
To configure the tenant 'Send to' locations go to the records management page.
To create the connection, you must specify the URL of the Records Center plus the addition of the officialfile.asmx.
For example: A Records Center is created in the site collection https://CKXXXX.sharepoint.com/sites/corprecords.

The correct URL to be used in the Send to location will be https://CKXXXX.sharepoint.com/sites/corprecords
/_vti_bin/officialfile.asmx
You also need to put a user-friendly name in the Name field. This is the name that users will see when they select
the document in the library and navigate to the Send to option on the Files ribbon. Naming conventions will be very
important if you have multiple Send to locations that are available.
You can also choose if you want to allow the manual use of Send to in the Records Center. If your planned
approach for official files is to have the process automated by a workflow only, then you would deselect this
checkbox.
Finally, you need to choose what to do with the item being sent to the Records Center. There are 3 options:
• Copy
• Move
26 of 67 28/08/2020, 14:19
• Move and Leave a Link
Once you have decided which option to choose, click Add Connection to create the Send to connection.
Configuring the Routing Rules and Permissions
As you have already seen in this module, in order to automatically route documents to the correct library you will
need to configure routing rules based on content types and metadata values. Therefore, you will need to create the
necessary records libraries that match your required file plan logic. A records library is an enhanced document
library that already has the document and content type options enabled.
1.
2. Configure the library by adding the content types it will use.
3. Add any custom metadata required on the library
4. Create the Content Organizer rules and any conditions required by the rule
5. Point the content type and any additional names used to the Drop Off Library
Once the rule is created you need to grant submission rights to the accounts allowed to submit to the web service.
You have 3 options for this group:
• By Application pool ID
• By a workflow assigned user ID
• By a security group. For everyone you could choose Authenticated users.
27 of 67 28/08/2020, 14:19
Now that the routing rule and required libraries are in place it is now ready for the users to submit records. Because
'Allow manual submission' was left enabled you can now test the Records Center routing by sending a document
that has been created with a matching type from a document library.
From a document library select a document and in the ribbon under the Files tab (Note – This manual option is only
available in classic view libraries not the new experience) select the Send to option and then select the Records
Center name that you configured in the farm Send to settings.
Once the record has been submitted you will get a submission successful unless there is additional metadata
required on the destination library that is in addition to the metadata already stored on the content type itself.
If this was part of a workflow, then no manual process would be required and the document would be correctly
routed at the time that the request was made to submit the document, this would be the recommended approach.
Managing the Records
At some point, there may be a time when certain compliant actions may need to be completed on the documents
submitted to the Records Center and also other documents in the system that have been declared as a record. The
Records Center carries certain unique compliancy management functions to enable you to do this:
• Discover and Hold Records
• Generate a File Plan Report
28 of 67 28/08/2020, 14:19
• Generate an Audit Report
To access the three options, you can use the Manage Records Center page under the SharePoint cog menu or in
Site Settings where you will also find the Hold management.
Discover and Hold Records
In a situation where a company is being called into litigation and as part of that legal case all records pertaining to a
specific contract are required, it is important to be able to track down all items that match that requirement. With the
Discover and Hold settings you can issue a search query to locate the items in question and then issue a hold on
those records. There are three configuration options:
1. - Define the URL and the search query context for discovery
2. Local Hold or Export - If Local Hold is selected then the items remain in their current location but cannot be
deleted even if an information management policy was defined to delete after a certain timeframe. The item
will remain until the hold is lifted. If Export is selected, then you can choose another location to copy all of the
discovered items to and the hold will be placed on the copied items.
3. Relevant Hold - Specifies what the item on hold is subject to. First you create a hold, and then you can
create multiple hold descriptions and attach files if required. The items on hold will have the relevant hold
information associated with them.
Once you have finished your query and defined the actions to take select 'Add results to hold' and the items
discovered will not be placed on hold.
It is possible for an item to be held more than once as would be the case if more than one litigation case was
launched. In these instances, an item would still remain on hold even if one of the holds was lifted.
Generate a File Plan Report
This option allows you to create an Excel file that outlines your file plan as currently figured on your Records
Center. To create the file, plan you need to specify a location to store it.
Once generated you can obtain detailed information on many aspects of the configured file plan such as:
• Site Details such as Declaration settings and number of items on hold
• Content Types used in the policies
• Policy names associated with the content types
29 of 67 28/08/2020, 14:19
• Policy description details
• Retention details - drill down into more information on this secondary sheet
• Folder details - Drill down of information on folders such as item total and security
Each new report will be stored separately in the folder specified.
Generate an Audit Report
Auditing reports allows you to drill down into specific areas of declared records activities. When running a report,
you need to specify a location for each report generated which could be the same library or a different one. Once
generated you will be able to view the report that is broken down into four categories each containing specific
reports:
• Content Activity Reports
o Content Viewing
o Content Modifications
o Deletion
o Content Type and List Modifications
• Information Management Policy Reports
• Security and Site Settings Reports
o Auditing Settings
o Security Settings
• Custom Reports
o Run a Custom Report - Allows you to specify selection criteria.
30 of 67 28/08/2020, 14:19
◼ Select the date range
◼ Select the users the report is restricted to.
◼ The Events criteria is taken from the available auditing options made available from the information
management policy
As time progresses and more information is generated the reports will be a vital piece of information for the
compliancy officers or auditors and could be required as part of a litigation enquiry. Consider using custom reports
for a more detailed picture of specific events.
Security and Compliancy Centers
With so much of the compliancy feature set moving to the security and compliancy center we are now going to take
a tour of the features that have moved and also look at some of the new ways to use eDiscovery, retention, search
and discovery and Data loss prevention.
31 of 67 28/08/2020, 14:19
It is important that your users who manage the compliancy space fully understand the differences between
SharePoint online possibilities and security and compliancy. The feature set is being expanded all the time in the
compliancy center and we usually take a day to go through all the features with these teams as a workshop. If you
are interested in learning more about these workshops contact sales@combined-knowledge.com for more
information.
The Security and compliancy center is broken down into several categories. Not all of them involve data for
SharePoint. The categories that work with SharePoint are:
• Classifications
o Labels, Label policies and sensitive information
• Data loss prevention
o DLP policies for detecting data breaches
• Data Governance
o Retention policies
• Search & Investigation
o eDiscovery, item search, hold and exports
eDiscovery
eDiscovery, or electronic Discovery, is the process of identifying and delivering electronic information that can be
used in legal matters or audits. SharePoint Online is no longer the place where eDiscover is managed, although for
companies that have migrated SharePoint on premises site collections that includes eDiscovery templates that will
continue to be supported.
You can apply a hold to SharePoint and Exchange content that you discover to ensure that a copy of the content is
preserved, but still allow users to work with that content. After identifying the specific items that you will need to
deliver, you can export them. The general process of creating and managing an eDiscovery cases is shown in the
following diagram.
32 of 67 28/08/2020, 14:19
It is no longer supported to create new eDiscovery site collections in SharePoint as Office 365 does now include a
new management page for legal and compliancy discovery and management. You can find this page via the
Security & Compliance Admin page in the 365 tenant. You create new eDiscovery cases via the security and
compliancy page but any old case sites stored in SharePoint will still be available.
Creating an eDiscovery case
33 of 67 28/08/2020, 14:19
To create a new case, you must first go to the security and compliancy center and from there expand the
eDiscovery section.
Click on the ‘Create a case’ button or open an existing case.
Give you case a meaningful name such as a data type discovery or a case ID number and description of the
contents of the case.
34 of 67 28/08/2020, 14:19
Next you will need to open the new case to configure the parameters of the query to be used.
The case page has a home page and 3 tabs for configuring Hold, Search and Export. On the home page the only
option available is to close a case once it has been completed.
35 of 67 28/08/2020, 14:19
Hold Tab
The hold tab is where you can run a query for specific search terms and then based on the amount of results put a
hold on the items identified. At this stage, you probably don’t know what is required in a legal court case but putting
an item on hold allows it to be retained and therefore cannot be deleted until the hold is released. When a
document is put on hold for example in a SharePoint site the site is listed with a padlock indicating that there is
content within the site that has a hold on it.
To create a new hold query, click on the +Create button in the menu. Give the hold a name such as ‘Contract ID
number’. You then need to decide where you want to query for data. As part of a hold you can look for data
matching a query from SharePoint, Mail, Teams messages, Onedrive, To Do, My Anayltics and Office 365 groups.
Although Microsoft is constantly adding more services to this option.
Note: At any time, you can always go back and edit the location list.
36 of 67 28/08/2020, 14:19
When choosing users/groups and locations to query for data and put on hold you can target specific mailbox’s or
site collections for example or you can target all mailboxes which will potentially find a lot of data.
37 of 67 28/08/2020, 14:19
Once you have chosen your users or groups and locations click next, but you can always come back and edit the
locations later.
Click on next to continue and you are presented with a keyword query box where you can build a search query and
conditions to build a refined a search query for content such as looking for credit card data that had been authored
by a specific user.
38 of 67 28/08/2020, 14:19
Once you have defined your query you can create the hold.
Search will be used to discover the items that match the query. All items found that match will be put on hold until
the hold is released. Even if there is a retention policy which deletes the item it will still be preserved as the hold
wins against a retention policy because often legal cases can last a long time.
You can modify searches on the Search tab and then build custom search queries on either all locations or specific
locations. You can also run a search against existing items that have been put on hold so you can then filter the
items potentially needed for court.
If you get an error when doing a search that you do not have permissions then you need to get the administrator of
the security and compliancy center to grant you access to the results by making you at least an eDiscovery
manager.
**note** You may need to log out and back in before you get your new permissions to enable you to view the
search results.
39 of 67 28/08/2020, 14:19
There are several permission groups available in the security and compliancy center and you can also build your
own bespoke groups. For eDiscovery the minimum you need is eDiscovery manager which grants search and put
on hold rights.
Once you have the necessary rights you will be able to preview and see how much results have been found.
40 of 67 28/08/2020, 14:19
Once your new query has been created you need to wait for a short time for the status to be enabled and then it will
show you the number of items that the query has found. Once it has finished you can now build the export job when
you are ready to take it to court.
When you export the results you get options for what aspects of the data you want to take. For example for
SharePoint content you can exclude any encrypted documents that used rights management for example. And you
can include all versions.
41 of 67 28/08/2020, 14:19
**Note** to export data you must have the organizational management role, which is part of the eDiscovery
manager group permission.
Once the report has been generated and ready for downloading you can go to the Export tab and select the report
to download.
As part of the download you will need to copy the Export Key as this will be needed when using the download
manager client on your client pc to authorize you to connect to the export file in Office 365.
42 of 67 28/08/2020, 14:19
The first time you do an export of content you will be asked to install the Export tool, this is only needed once on
your client pc.
Once installed you will be presented with the fields to specify the export key which can paste in here from the
previous screen and also the destination to save the content to.
43 of 67 28/08/2020, 14:19
Click Install then paste the download key into the first the field and then choose a location to download the files to.
Click on start to begin downloading the content. This can take some time depending on how much content is being
exported.
Opening the destination folder will list the manifest and the report.
44 of 67 28/08/2020, 14:19
Opening the Export Summary will show you a breakdown of the items exported and the timestamp for doing the
export.
45 of 67 28/08/2020, 14:19
Data Loss Prevention
46 of 67 28/08/2020, 14:19
Data Loss Prevention (DLP) is a method to discover (find) and restrict sensitive data being put into SharePoint that
matches specific criteria through defined industry templates and thus avoid breaches of corporate data leaving the
company. Such data could include credit card details or employee national insurance or social security information
and they are specific to regional requirements. The basetemplates derive from the old Exchange templates which
can be seen in the below link however you can also build your own custom templates with specific search criteria.
https://technet.microsoft.com/en-us/library/jj150541(v=exchg.160).aspx
If you expand these policies shown on the website linked before you will notice that each policy has some defined
criteria that uses patterns and confidence levels to match data in the document to trigger the DLP policy to act
against the document. You will also notice that each template has specific keywords that form part of the detection
criteria. The aim here is to flag items that clearly breach the rules of a policy and not flag items that may include
certain keywords but have no legal implication. For example, a sales person has a document in SharePoint that
outlines to a client that they can pay via credit card. The keywords of credit card in this scenario do not warrant it
being locked down by a DLP policy, but someone storing 50 custom credit card details in SharePoint clearly would.
As you can see by the credit card template you have both keyword verification and keyword name to include card
numbers as well as card type so for these templates to be triggered there must be clear matches against the
template criteria. It is also possible to build custom templates when creating a policy.
Before we start creating some DLP policies I first want to break down the two main options that you have in around
47 of 67 28/08/2020, 14:19
DLP and that we are going to look at later in this module. The two main elements are:
• Discovery
• Policy
An important point to mention here is that both options do apply to both items stored in SharePoint and Items
stored in OneDrive.
Discovery
As a company, you may not actually know how many items are currently in your organisation’s data that are in
breach of your own compliancy regulations. Having the ability to do a DLP query based on specific DLP templates
across all your data will allow you to quickly identity areas that need managed policies and fixing the existing
breaches. This discovery process relies 100% on search having crawled the items in Office 365.
The Security and Compliancy admin center replaces the old SharePoint Online Policy center site collection
template and allows more than just DLP queries for SharePoint and allows compliancy officers to have a single go
to location for DLP queries, reports, device management and policy control including data and emails.
Policy
The obvious way to avoid sensitive data being available to others is to put in place a policy that restricts the
document itself when it is put into SharePoint, OneDrive or even in Emails. A DLP policy enables the compliancy
managers to create these policies and apply them to your office 365 environments which can include policy tips,
email notifications and blocking of the content once it matches a specific DLP policy template.
Now that the core concepts and components have been outlined let’s look at the process involved. The first thing
48 of 67 28/08/2020, 14:19
you want to do is get a document ready to test that the DLP Query is working correctly. For this example, I am
going to use a generic credit card list which you can obtain from here https://www.paypalobjects.com/en_AU
/vhelp/paypalmanager_help/credit_ca rd_numbers.htm and copy the table into your own word document and
save. You now need to upload the document into a document library, in my test I am going to upload into a team
site document libraries and OneDrive.
Now that you have added your documents with the credit card data into SharePoint you now need to wait for Office
365 to crawl your data. As the DLP is based on a query the search index in Office 365 must have the document
information available.
Part of the crawl process is to analyse the content through the content processing component and part of this
process includes a new component in SharePoint called the Classification Operator. Along with other processing
components such as word breakers and document parser. Once processed the classification results are stored in
the Index ready for a query to be used against it.
Once the crawl has finished you can now start configuring your DLP query and policy configuration in the security
and compliance center.
49 of 67 28/08/2020, 14:19
The Security and Compliancy center
In your office 365 admin centers open the security and compliancy admin page. Although this course is focusing on
the SharePoint and DLP component we do have an workshop designed only for compliance and protection if Office
365. Please ask your instructor or account manager for more information.
To create DLP policies expand the Data loss prevention category and click on ‘policy’. You can also edit a policy
here.
In the new policy page select the vertical sector that matches your needs such as Financial alternatively you can
build your own custom policy. For this example, I am going to build a financial policy to detect any documents
containing credit card data in my organization that is in breach of the UK data protection law.
Once you have chosen your template give the policy a name and a meaningful description.
You must decide what content to run the query against, this can be SharePoint, Exchange Online and OneDrive or
just set it to all of Office 365 where data is stored. By default, the query will run against all of them but you can
50 of 67 28/08/2020, 14:19
choose a set of specific locations if you wish.
It is important to remember that even if you upload files into groups and teams the data is still stored in SharePoint
libraries so a DLP policy is still looking for data regardless of how it was put it into SharePoint.
The next step allows you to choose if you want to detect items that are shared internally or externally and also if
you want to define specific groups to apply the rule to. If you choose to use advanced options you can also define
conditions to detect the breach of data via specific labels, by IP address range, specific domains and also by
document attachments in email.
You can also build your own custom rules and conditions within the chosen template.
51 of 67 28/08/2020, 14:19
Custom rules and conditions allows you to build Match accuracy thus enabling you to capture more potential
matches but also the potential to capture too many false positives if you set your criteria matching too low.
The next option is to configure your action, notifications and trigger quantity for instances of the same sensitive
information type and also if you want to show a policy tip to highlight to the user that an item is blocked and why.
One option on this page is to block content from sharing, this will trigger an item found with a block that will restrict
the general visitors to the library from seeing the item and only the author and owners will be able to see the
blocked item. Only once the data breach is resolved will it be viewable.
It can take some time before an item that is blocked is shown in a library, this is due to the timer jobs and search
updating the content and matching to the policy at the back end. This is an important design consideration that
should be discussed with the compliancy team in terms of its effectiveness. It is not possible at this time to block an
52 of 67 28/08/2020, 14:19
item at point of upload.
You can also customize the incident report to add specific recipients of the notification and what information is
included.
The next page allows you to define extra settings for what happens to the data if you block it.
You can Block it from only external or for external and internal except the owner and the site administrator. Once
blocked you can also allow the file owner to override the policy tip but you can then select an option to require a
justification to overrde which therefore adds an auditing process.
The final step is to decide if you want to test the rule, make it live or simply create it and then decide later.
53 of 67 28/08/2020, 14:19
It would usually be recommended to test the rule first before applying it to your production tenant to stop any
incorrect blocking of documents for example.
At the summary screen click create to build the policy.
Testing the policy depends on what actions you selected. If you want to simply see how many items in your tenant
match the policy, then you need to go to the Content Search option under Search and Investigation.
From here you can create a new search based on the DLP policy. The query will then return the amount of results
that match the policy conditions. To run this query however you must be a member of the compliancy managers
group or you will get an error trying to get the results.
54 of 67 28/08/2020, 14:19
If you then click on preview results you will see the items listed and previewed that match the policy. If required, you
can also export a report for filing.
If you have also defined a block for the items and potentially a policy tip then you will be able to see the item shown
in the offending document library.
55 of 67 28/08/2020, 14:19
If a policy tip is applied it will be viewable in the properties of the item
Classification and Data Governance
56 of 67 28/08/2020, 14:19
As part of a lifecycle management design documents and emails will often fall under a further management and
control criteria. As part of this additional control there may be a need to assign additional properties to an item such
as a classification label or a specific action such as retain the item for a set amount of years and then delete it as
part of a compliancy policy.
Labels
Labels are a way that a user can assign a property value to an item or have a policy that auto applies a label value
based on conditions. Previously labels had to be created in Azure Active directory as part of the Azure information
protection management page. Now these labels can also be created and deployed through the security and
compliancy center.
SharePoint can apply properties through metadata to a column but a classification label can be used across data
and emails in Office 365 so they have a much broader reach and are therefore much better suited to compliancy
identification in Office 365.
Labels can be found in the classification section in the compliancy section and they are broken down into 2 different
types of labels, Sensitivity and Retention. Labels can also be applied in two ways, manually be the user or
automatically via a policy.
Automatic label application requires an E5 license or a Plan 2 of AIP.
57 of 67 28/08/2020, 14:19
Sensitivity labels used to be known as rights managed protected labels. This means that you can assign an extra
layer of security to a document when a label is selected or applied. This security could be added encryption using
the rights management service in Azure or adding a watermark to a document such as ‘confidential’
Retention labels are used to discover and apply additional conditional properties to a document such as preserving
the document for a certain amount of time, deleting a document, applying more logic like classifying it as a record
and triggering a disposition review.
When you create a label it is stored in Azure as well as shown in the compliancy center. Labels are also available
through the AIP client which you can install onto your desktop which then integrates into your Office client. When a
user chooses one of the labels the sensitivity policy is applied to the document or it simply applies the label value
as an additional property value.
58 of 67 28/08/2020, 14:19
You can download the Azure information protection client from this URL https://portal.azurerms.com/#/download
there are versions for windows and for mobile devices. Note that for the latest Office Apps the AIP client is now built
in by default and you can select labels from the ribbon.
59 of 67 28/08/2020, 14:19
Mobile devices can only use the client to view files that have been encrypted via the label security you are not able
to apply labels to mobile files using the mobile client. Once you have signed into the client using your Office 365
account it will always allow access to encrypted files that have been assigned a policy via Office 365 labels with a
sensitivity label applied.
To create a label simply decide which type you want to create, in this example we will create a retention label.
First you need to create a meaningful label name clearly showing a user what it means to use this label and then
give it a description. In this example I called my label Public consumption to indicate this file is fit for anonymous
external sharing.
On the next screen you can add additional conditions call ‘File plan descriptors’ that allows records managers to
build various sort types and descriptors to look for when identifying data. These conditions allows records
managers to not only apply labels based on very specific condition criteria but also build file plan reports later to
show data that has been retained based on the values being matched. It is not required to have any descriptors you
can create labels without these if you wish.
60 of 67 28/08/2020, 14:19
On the next screen you need to decide if this label is to have a retention policy or not. If you choose not to have a
retention policy element to the label then the Label will act as an item property that can be assigned to say a
document in a library much like a metadata property.
There are several conditions you can change for retention action:
• Delete automatically based on a time frame
• Trigger a disposition review which notifies reviewers to decide if they still need the document
• Do Nothing
You can also add a second condition which is based on what triggers the retention in the first place.
61 of 67 28/08/2020, 14:19
• From the date it was created
• When it was last modified
• When it was labelled
• An event.
o An Event requires that an event is created first. When selecting this option you will be taken to an option to
use or create a new event that acts as a trigger such as ‘project ended’ or ‘left employment’
As you create more events then they can be selected for other retention policies to maintain consistency of trigger
actions across the business.
You can also choose to simply set a specific expiry date which means after say 12 months all data using the label
will simply be deleted.
Finally you can choose to classify the item as a record. As a record the label will be locked as read only. This works
in much the same way as in place record management but by using the label instead of the declaration action in the
library item option.
Once you have chosen your options you can create the label. After creating the label you can then publish the label
and setup auto apply label. You can only auto apply labels however with an E5 tenant license or a Plan 2 of AIP.
62 of 67 28/08/2020, 14:19
When publishing the label you can choose which labels are published together and then you can choose where the
labels in 365 are pushed to. If preferred you can specify specific locations such as SharePoint sites, specific people
such as mail recipients and groups such as Office 365 groups.
Finally you need to name you policy with something meaningful, especially if it contains multiple labels as part of it.
Click next to proceed to the creation summary page. You will not on this page that labels do not get deployed
immediately. It can take up to 24 hours for labels to be available by the users so keep this in mind when building /
deploying.
63 of 67 28/08/2020, 14:19
Finally publish the label to make it available. Once the label gets deployed across the tenant you will then be able
to select it in the locations / users it has been pushed too. If the user is using the AIP client it will appear in their
labels menu and if you are using SharePoint for example it will be available to select as part of a label column.
If you are auto applying labels they will be applied when content is found that matches the conditions, if manually
assigning labels go to the library settings and choose ‘Apply label to items in this list or library’. You can then select
which label is applied by default.
You can only have one default label per list or library and if required you can automatically assign the label to any
new or existing items.
64 of 67 28/08/2020, 14:19
If an item in a library is identified as one to be auto applied through a specific condition or an item has been
identified through a sensitivity label such as a date breach then the item will have that label applied to it instead of
the default library label. In this situation both labels will be shown in the label column in the library.
As labels are applied the crawl process will index the items and the labels. You can then use labels as part of
search queries and custom search filtering. Labels can also be used by the eDiscovery case owners and as part of
a hold and export process.
Unlike managed metadata which is SharePoint specific having labels cross organisational for key document
management, discovery and legal identification is the main reason this should be used instead of managed
metadata for this type of data.
You can also add classification labels to the classic enterprise search center as a refiner and have it as part of a
filtered view in the results of a search.
65 of 67 28/08/2020, 14:19
It is also worth noting that retention policy labels can also be created in the information governance section and the
classification sections in the compliancy center but they are both pointing to the same label list.
Module Summary
66 of 67 28/08/2020, 14:19
In this module, you covered the ECM aspects of SharePoint online including document management and records
management and then looked a the compliancy options in the security and compliancy center for managing labels,
policies, data loss prevention and eDiscovery
• Components of ECM
• Office 365 versus SharePoint classic compliancy
• In-Place Records Management
• The Records Center
• The Security and Compliancy Center
– eDiscovery
– Data Loss Prevention
– Labels classification and data governance
67 of 67 28/08/2020, 14:19

Ecm in Sharepoint Online

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Ecm in Sharepoint Online

Uploaded by

Copyright:

Available Formats

ECM in SharePoint Online https://www.skillpipe.com/api/2/content/ddc18610-51f2-4a12-96c1-0d8...

ECM in SharePoint Online

Office 365 versus SharePoint classic compliancy

In-Place Records Management

Record Declaration Settings

Allows Record Declaration at the List and Library Level

Planning for In-Place Records Management

The Records Center – Classic template only

Planning for the Records Center

Content Organizer and Send to Functionality

Configuring a Tenant Send to Action

Configuring the Routing Rules and Permissions

Managing the Records

Generate an Audit Report

Security and Compliancy Center

Data Loss Prevention

Classification and Data Governance

• Office 365 versus SharePoint classic compliancy

• In-Place Records Management

• The Records Center

• The Security and Compliancy Center

– Data Loss Prevention

– Labels classification and data governance

o Types of documents created

o Template associated with each document type

o Metadata associated with each document type

o Location of documents during their lifecycle

o Access of documents during their lifecycle

o Policies associated with documents during their lifecycle

o Management of documents to meet legal and corporate requirements

o Term – Word or phrase that can be associated with a SharePoint item

Often pre-defined in an organized hierarchical format

Words or keywords added in a non-hierarchical format and are all part of a

o Collection of related terms

o Determining what needs to be considered a record

◼ Search Results include the Document Set icon

◼ Search can be performed within Document Set

◼ Folders supported, including the option to use folders as a default document

◼ Versioning improvements, full document set captured as a version

Polices definitions can include:

• What causes a ‘project’ to be closed

• When a project should expire

1. Project owner creates a SharePoint site and an Exchange team mailbox

Office 365 versus SharePoint classic compliancy

• Data Loss Prevention policies

• The Compliancy Policy center template

• In-Place Hold site template

The primary features that SharePoint Online still uses include:

• SharePoint Library support for labels

• Record Center for long term storage repository

• Local library rights management policies

In-Place Records Management

• Allowing Record Declaration at the list and library level

• Works in both classic and modern libraries

• Delegating User Control for declaring records

• Declaration using a workflow

• Commonly used in established sites like Document Centers

• Often have non-records alongside declared records

Record Declaration Settings

Allows Record Declaration at the List and Library Level

• Manual Record Declaration Availability

Manual Record Declaration