Microsoft Information Governance helps organizations classify and govern data at scale. It retains data and manages records where users collaborate to prevent productivity loss. Microsoft Information Governance allows organizations to keep what they need and delete what they do not need.
We are excited to announce adaptive policy scopes, which add a new way to deploy retention in Microsoft 365. With this new feature, we can deploy retention policies and labels to groups of users, SharePoint sites and Microsoft 365 Groups (including Microsoft Teams) dynamically using attributes and properties to determine inclusion or exclusion from the policies.
Adaptive policy scopes also work within our Microsoft Records management solution. Before we dive into the announcement, let us set some context by looking at how retention works today.
How retention works today
Currently, when you create a retention policy or a retention label policy, you need to make three decisions:
- Decide the policy configuration settings. These settings include configuring the retention and deletion settings for your policy. A retention label can have disposition review and you can prevent users from editing files with this retention label.
- Decide how to apply the settings. Options include automatically applying the retention policy or having end users manually label content.
- Decide where to apply the settings. This option allows you to choose locations where the policy will be active. For example, SharePoint, Microsoft Teams, or Exchange.
Figure 1: Decisions to create a retention policy or a retention label policy – before adaptive policy scopes
The retention policy can also include or exclude specific locations. For example, if you want the retention policy to apply to only specific SharePoint sites or specific mailboxes. However, including or excluding locations requires you to comply with per policy include/exclude limits on the number of specific locations. If you exceed these limits, you must create additional policies with the same retention settings. You can see the specific limits for each location here.
Our customers have given us feedback that these types of static scopes work well when you want to set a retention policy for one or more entire locations. For example, applying a policy to all Microsoft Teams chats. It also works if there are a small number of inclusions or exclusions to the policy which do not change often over time. However, many organizations have requirements to apply certain policies to certain sites, locations, departments, and more.
As an example, you might want to apply a different set of retention policies to all users, SharePoint sites, teams, and Yammer messages for content assets in Germany. Because new users are joining and leaving the company, and there are often new sites and teams, and organizations need to dynamically update these policies without manual intervention. Previously, organizations had to manually maintain these policies and customers were building complex PowerShell scripts to manage these static scopes at scale.
Announcing the public preview of adaptive policy scopes
We are introducing adaptive policy scopes to help solve the challenges above. Adaptive policy scopes:
- Manage policy targeting with user, group, or site attributes. Microsoft Information Governance updates the scopes automatically, so policies stay current as users join and leave roles, as users create and delete SharePoint sites, and throughout the Microsoft Teams lifecycle.
- Adaptive policy scopes are not subject to per policy limits. They are not subject to the include/exclude limits we discussed earlier.
- A new policy lookup tool. This tool helps administrators understand which policy applies to a specific location. For example, you can lookup a user's mailbox and see all the retention policies and retention label policies that apply to that location. More information on policy lookups.
Figure 2: Decisions to create a retention policy or a retention label policy – after adaptive policy scopes
With this change, we are adding an additional retention option for where organizations can apply retention. We are also renaming the previous location selection option to a Static scope.
- Static scope (previously the only option): Choose the location containing the content you want to retain. If locations change after you create this policy, for example, if a SharePoint site is added or removed, you will need to manually update the policy.
- Adaptive scope: Consists of attributes or properties, e.g., Department or country, that define the users, groups, or sites in your organization. You will choose supported locations containing the content you want to retain. The policy will automatically update to match the criteria defined in the scope.
A policy will have a dynamic scope or a static scope. You still have the option to choose specific locations where the policy will be active, which allows for a lot of flexibility in how retention policies are deployed.
How to define an adaptive policy scope
How do you create these policies? The policies are defined using attributes available on a user's profile, on the Microsoft 365 group, or in the SharePoint site property bag. For those familiar with Azure Active Directory dynamic group membership, adaptive policy scopes work in a similar way.
Figure 3: Creating an adaptive policy scope
For a full list of attributes that are available along with the locations they support, please click here for more information.
Please let us know how you plan to use adaptive policy scopes in your organization. If you have any ideas you would like to share or questions, please put them in the comments below. If you are ready to try adaptive policy scopes, please sign up for an E5 Compliance trial or purchase licenses here.