Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
Announcing general availability of Records Management
Published Apr 30 2020 05:55 AM 35.1K Views
Microsoft

On behalf of the entire Microsoft 365 community, I am incredibly excited to announce the general availability of our Records Management solution to help meet your legal, business and regulatory recordkeeping obligations.

 

As remote work becomes the new normal, securing and governing your company’s most critical data is of paramount importance. Records Management provides you with greater depth in protecting and governing critical data. With Records Management, you can:

  • Classify, retain, review, dispose, and manage content without compromising productivity or data security
  • Leverage machine learning capabilities to identify and classify regulatory, legal, and business critical records at scale
  • Demonstrate compliance with regulations through defensible audit trails and proof of destruction

We look forward to hearing from all of you on how Records Management is helping you meet your compliance needs.

 

RMOverview.png

 

 

 

 

Get started

  • Eligible Microsoft 365 E5 customers can start using Records Management in the Compliance Center or learn how to try or buy a Microsoft 365 subscription.
  • Read this blog by Alym Rayani to learn about additional details of Records Management capabilities.
  • Learn more about Records Management in our documentation.
  • Attend an upcoming technical webinar:

EMEA: May 26, 2020 16:00 GMT (Calendar invite, Attendee link)

North America: May 26, 2020 12:00 PST (Calendar invite, Attendee link

 

 

FAQ on Records Management

  • Where can I access Microsoft 365 Records Management?
    • In the Microsoft 365 compliance center, go to Solutions >  Records management
  • Before my organization can use Records Management, does every user in the tenant need a license that entitles them to use it?
  • Why can I see the Records Management solution if I’m not licensed for it?
    • At this time any customer will be able to see the solution even if you’re not licensed for it, although not all functionality will work as expected. In the near future, this will change, and you won’t be able to see records management options if you’re not appropriately licensed.
  • How is this solution different from Information Governance?
    • While our Information Governance solution focuses on providing a simple way to keep the data you want and delete what you don’t, the Records Management solution is geared towards meeting the record-keeping requirements of your business policies and external regulations. This will be the only location where you can create record labels or take advantage of some of our more advanced processes such as disposition review.
  • How is this solution different from SharePoint’s in-place records management or records center?
    • This solution is our next evolution in providing Microsoft 365 customers with records management scenarios. It uses a different underlying technology than our legacy functionality in SharePoint, and also goes across Microsoft 365 beyond just SharePoint.
    • This new solution is where our future investments in records management will be made and we recommend any SharePoint Online customers using SharePoint’s in-place records management, content organizer, or the SharePoint records center to evaluate migrating to this new way of managing your records.
  • What does declaring something as a record do?
    • Our online documentation provides detailed description of the enforcements we add to an item that has been declared as a record. At a high-level, declaring content to be a record prevents any edits to that item and it will be preserved for the period of time you specify.
  • Is Records Management supported in Teams?
    • Yes, users can share, co-author (if unlocked), and access records in Teams through the app, web or mobile. Thanks to the integration with SharePoint document library views, you also can add the retention label to the default view of the Teams document library and see which retention label is applied to each file. To declare files as records or edit retention labels from Teams – you must do this in SharePoint by clicking “Open in SharePoint” from the “Files” tab. We plan to support more records management capabilities in Teams and we will share more details as we get closer to the date through the public roadmap.
  • Can I manage all record and non-record labels, policies and process in records management?
    • Yes. Records management in the Microsoft 365 compliance center is the place to manage your complete retention schedules and processes, even for content that you don’t declare as records.
  • Where can I learn more about records management?
  • Where can I submit feedback or request new features?
  • Do you have additional features coming to this solution?
23 Comments
Steel Contributor

Hi, the question about 'how this is different from Information Governance' has this response: our Information Governance solution focuses on providing a simple way to keep the data you want and delete what you don’t, the Records Management solution is geared towards meeting the record-keeping requirements of your business policies and external regulations. This will be the only location where you can create record labels'

 

Does this mean you will remove the ability to create and publish record labels from the Information Governance section? If so, what will the 'simple way to keep the data you want and delete what you don't want', if this is not based on labels? 

 

Sorry, but it's a bit unclear - my Info Gov (E3) licence still shows the ability to create and publish labels. What will happen to those if you remove the options? 

Microsoft

@Andrew Warland - For E3 customers Information Governance will continue to be able to create and publish non-record labels for manual application (as outlined in our licensing & service descriptions), this experience we'll continue to optimize with the focus of labeling as exceptions to the overall policies in Information Governance. 

In Records Management in contrast, labels (and the ability to declare items as records) will be the way to categorize your data and follow specific processes only available as part of this experience (such as disposition review, proof of disposals, etc.)

 

Hopefully some of our future improvements will help make this distinction easier.

Steel Contributor

In the FAQ above ..

 

"At a high level, everyone with edit access to a location where records management features are used must be licensed."

 

Does this imply that users with Read only access don't need a license ? What about a user that has read only access to a library where a default retention label has been defined - do they need a license ? The PDF guide would suggest they do - as they benefit from the solution.

 

The difficulty here, as always, is figuring out just how many licenses are needed across the organisation because this in turn will inform the design of a RM system.

Copper Contributor

It is generally accepted that records management is a function of information governance. In many organizations records management is a key function of the information governance program. Why separate them? How does separating records management from information governance simplify deployment, adoptability, and everyday usage? 

Microsoft

@Ian Moran - for specific licensing questions, the best bet is to confirm with your account team, they can directly access our licensing experts. 

Microsoft

@aleace - You're correct that in the general definition of the terms they tend to be considered that way. When we think about the intents customers are trying to achieve we do see 2 distinct scenarios at this point, one around broad policies to catch everything and need to do this as simple as possible and then another one when customers are diving deeper into classifying their content, enforcing particular processes and workflows, etc. So faced with the decision of trying to make both intents fit in one experience we've chosen to separate them (while they leverage some of the same underlying technology) to continue to simplify Information Governance and give you more workflow and automation in Records Management.

 

Hopefully this proves as useful as we think and always willing to hear the experiences as we continue to ship towards this vision.

Copper Contributor

Hello team, 

 

So excited to test drive this new functionality!  Question:  Does this mean that in the near future you will be deprecating the Records Center feature of SharePoint?  If so,  that's a BUMMER as many clients of ours still use that feature quite heavily.   And if not,  when will we get an updated Records Center template (and Document Center one too) for SharePoint modern?  Both of those are still very heavily used, specifically during migration efforts where folks do not (or cannot based on compliance rules) delete files but do not necessarily want to surface them to the general public. 

 

Thank you, 

 

Maria E.

Microsoft

@Maria_Espino_Catapult - Great to hear you're excited to test it out!

 

As for Records Center, we've not officially deprecated them but you probably have seen it's pretty hard to deploy them now since they are not modern sites. We would love to hear more about what you would like in a modern Records Center & Document Center, feel free to add this to our UserVoice - IG & RM - User Voice

Microsoft

@Maria_Espino_Catapult - Great to hear you're excited to test it out!

 

As for Records Center, we've not officially deprecated them but you probably have seen it's pretty hard to deploy them now since they are not modern sites. We would love to hear more about what you would like in a modern Records Center & Document Center, feel free to add this to our User Voice - IG & RM - User Voice

Iron Contributor

Any word on availability for GCC?

Microsoft

@Naveen Karla - We are working on ensuring parity with GCC across the board for Compliance solutions. Typically you'll see a delay between something being rolled out to commercial tenants and GCC but we definitely are working on getting this out to GCC.

Copper Contributor

Surely, you have a idea on how long the validation would take. Are we talking 6 months, 12 months, 24 months?   When Microsoft makes these announcements, you must know that the GCC customers are interested also.  We have budget cycles and purchasing regulations that require us to plan out our strategies.  It would be nice to know if I should consider this offering, next year or the next, or consider a large purchase of a product that is currently available.  

I've said this before, Microsoft's product development and release needs to address all customers and communicate. 

Steel Contributor

I agree with @aleace  that it makes no sense to separate records management from information governance. The two scenarios as described don't support the common use of these terms internationally. If anything, your 'records management' could be described as 'Advanced information governance'.

 

I would also add that 'declaring a record' is a peculiarly American practice that means nothing in places like Australia. 

 

You describe two distinct scenarios which I have mapped to the Service Descriptions (the link you included). Please let me know if these are not correct:

 

1. Info Governance (E3/E5) - 'Broad policies to catch everything and keep it simple'. According to the service description 'a single organization-wide or location-wide retention policy and/or manual retention labeling'. These are very useful and are closest to actual records management practices.

 

2. Records Management (E5) - 'Deeper dives into classifying content, enforcing particular process and workflows'. According to the service description, this means 'automatically applying retention labels or policies, starting the retention period of a retention label based on a custom event, triggering a manual disposition review at the end of the label's retention period, importing third-party data through native data connectors, discovering labeled content and monitoring labeling activity.' and 'automatically applying retention labels based on trainable classifiers'. I would also note that you need an E5 licence to keep a year's worth of audit logs (otherwise it's 90 days).

 

There may be some organisations that may want to make use of these options but I haven't seen a single use case that is based on the actual reality of managing records. If anything, it appears to be a way to cull records automatically - which you can do more accurately with standard retention policies. 

 

Incidentally, 'trainable classifiers' are not new - they've been around for close to 20 years in products like Recommind (now part of Open Text).

 

Copper Contributor

@robertoy  - three quick questions for you:

 

Could I confirm that with regards to access to the Disposition area counts as a 'location' in regard to the following statement? "At a high level, everyone with edit access to a location where records management features are used must be licensed."  i.e. that in a predominantly E3 tenancy, where the Disposition area is the only premium feature being used, that only users who require edit access to the Disposition area need premium (E5+) licences (and not all users who need to access content in sites/inboxes, which might later be subject to disposition review)?

 

Secondly, could you clarify licence needs for setting default labels on libraries/folders? Many large organisations I have worked with have invested significantly into architectures that use this feature with Office 365 E3 (or below) - one even got this confirmed by Microsoft as being fine at E3. Could you confirm that default labelling is not counted as automatic classification?

 

Finally, could you clarify the licence requirements for applying immutability to labelled content via PowerShell (as opposed to via the ‘Use label to classify content as a “Record”’ checkbox)? Is this now moving to a premium (E5+) licence too, or does this continue to be available for E3 tenants?

 

 

Copper Contributor

When you filter the roadmap for GCC, nothing shows up as in development on this topic. That doesn't seem to be in alignment with the statement that, "we definitely are working on getting this out to GCC." And, for 12 days now, no response to the question on how long the validation is expected to take. Also disappointing. Our client is a large state (57,000 G5 licenses) that is launching a records management/data retention project next month. I'm guessing that this functionality might be of interest, but with no clue when it will be available, announcements like this create much more frustration than enthusiasm.

Microsoft

Thanks for the interest @JudiP - most of the Records Management functionality should already be there for GCC customers and the rest is coming soon, this is definitely a priority so we would strongly encourage your customers to validate the functionality in their tenant and connect with their Microsoft account team on their needs around Records Management.

Copper Contributor

When it comes to records management, will any consideration be given to compliance requirements in the government sector? For example, under the New Zealand Public Records Act all government agencies are required to retain certain metadata when disposing records, however pending disposition report in the Compliance centre does not allow capturing and exporting that metadata before document disposal (for more information check UserVoice suggestion at https://office365.uservoice.com/forums/289138-office-365-security-compliance/suggestions/34375546-al...).

Unfortunately such limitations make Microsoft’s Records Management solution unfit for purpose in the government sector.

Microsoft

@IrinaWins Thank you for asking about metadata at disposal, check out the details of our "Proof of disposal" feature which is rolling out right now (https://docs.microsoft.com/en-us/microsoft-365/compliance/disposition?view=o365-worldwide#dispositio...), appreciate your link to User Voice, we definitely will continue to prioritize and improve on what information we keep at disposal of records to help organizations meet their standards.

Steel Contributor

@IrinaWins given the very limited metadata recorded when records are destroyed, my recommendation is to use the disposition review option as a heads-up for records managers to go back to the original document library, review the content, export the full set of metadata (which includes the original document library location) and save that to another location (such as an 'Archives' site, which is what we used), then return to the dispositions area to do the deletion (to keep the records there). Then delete the original library, otherwise you will end up with a library that has nothing in it and nothing showing why. It might sound like a lot of work but in practice it's not that bad, especially if you have set up document libraries well (e..g., to map them to activities in a function-mapped site). 

Also, in most cases you cannot reasonably expect end-users to apply label-based retention policies in their mailboxes. I think it's safer to go with a single retention period (say 10 years) for all mailboxes and a longer retention (or permanent retention) policy for specific mailboxes. 

Remember too that copies of Teams chat messages are copied from the backend Azure database to either personal (1:1 chat) or Microsoft 365 Group (channel chat) mailboxes. Increasingly I see the value of using Microsoft 365 Groups (with a mailbox and SPO site, linked to a Team if required) to manage specific types of records. 

In the meantime, while I understand Microsoft's idea of using AI as much as possible to automate the classification and retention/disposal of records, I see too much risk in applying these advanced Information Governance options (aka 'records management') except in specific situations. 

Copper Contributor

Hi @Andrew Warland , Thanks for your comment. We are using this approach as a workaround at the moment. However this workaround does require a lot of time and effort and therefore would not work well for large organisations which are disposing large volumes of records located in different libraries. It would be great to have all metadata available for export as part of the pending disposition review process as well as available in the deleted documents report/'proof of disposal' feature in the system. 

Steel Contributor

@IrinaWins I agree with you, it's cumbersome to have to do this manually. On the other hand, you may be able to 'architect' the environment so that:

  • The majority of records (and other ROT content) are subject to auto-deletion retention policies
  • A specific and much smaller set of document libraries map to label-based retention policies. I know there can be variations, but we found that most of our business areas had no more than 10 active libraries in a smaller set of 'records sites' (as opposed to Group-based or other sites with lower-grade retention requirements).
  • An even smaller subset of document libraries that were used to store records that would be transferred to an archival institution at some point. These will never come up for disposition review. 

While the disposition review process throws up individual documents, these can be filtered by document library; if there is only a smaller subset of libraries (in point 2 above), this may be less onerous. However, the organisation needs a process to ensure that (a) the person doing the review of the library can access all the content and (b) they have somewhere to save the metadata (we used an 'Archives' SPO site for this purpose, also used to manage paper records).  

 

I had another related question last week. Some organisations may want to keep what they call a record 'stub' when a record is deleted (or certain other actions such as migrated) from the library; so the library shows the record USED TO exist but was deleted at a given time, on the authority of someone. I don't think this is possible in SPO unless you export the metadata to a list instead. 

Copper Contributor

I agree with @Maria_Espino_Catapult with little expansion.

There are some old concepts that still hold value. Who ever worked professionally with document/record management and in designing software solutions will tell you that you cannot ask end user to classify documents or to do anything that is outside of the user’s role. If you can provide content for metadata from the system don’t ask user to type it in…

The content management effort culminated in SharePoint 2010 with managed metadata service, taxonomy/term store, content type hub, document centers and record center followed natural information lifecycle and offered “location” context when collaborative structure followed corporate structure. The ability to propagate changes trough the corporate structure with content type hub made the whole thing alive.

Now we are at the beginning again. Garbage in garbage out, clattered libraries with security and auditing nightmare, and most of all one intelligent and promising system was dumbed down to the Box. I think Microsoft had/has chance to build something really special, something that can restructure as the fast pace market requires, the transformers comes to mind. :smiling_face_with_smiling_eyes:

I would ask Kennedy for help here: We choose to go to the moon in this decade and do the other things, not because they are easy, but because they are hard!

Iron Contributor

Hi Sorry to bumb up old thread.

 

I would like to get feedback from other users. Is the record management is working?

 

It has been a month , and I only have 1 disposition alert..

 

Does record management check every day for the documents or records that need to disposed and deleted?

 

Although I have once a disposition review report the counter it still shows = zero.

 

This is really weird

 

Version history
Last update:
‎May 11 2021 01:57 PM
Updated by: