Simplify the lifecycle of sensitive data
Published Mar 28 2023 08:30 AM 4,192 Views

Data security continues to be top of mind for business leaders. Data security continues to be top of mind for business leaders. The high data breach costs concern everyone, and these costs keep increasing each year. Let’s look at some of the data from 2022[1].


  • The worldwide average data breach cost was 4.35 million dollars per breach. This cost increased by almost 13% from 2020.
  • The average cost of destructive attacks is even higher. A destructive attack involves encrypting files, deleting data, or executing malicious code. The average cost of a destructive breach in 2022 was 5.12 million dollars, which is 16% higher than the cost of an average data breach.
  • A data breach is not a one-time event. The study data reports that 83% of organizations have experienced more than one data breach.
  • If we average the cost of a data breach across the number of sensitive files compromised, the cost per file averages $164. That is a lot of money for a single file.

Fortify data security with a defense in depth approach

As organizations think about protecting their sensitive data, they must create a defense-in-depth approach around it. A defense-in-depth approach uses many layers of security that work together to protect and secure your data. One of these layers is to govern the data lifecycle.


This layer helps to ensure that people can't accidentally or maliciously delete your sensitive data. It also helps to ensure the timely deletion of sensitive data in alignment with your organization's policies. It ensures that if you do have a data breach, you only have those files which still have business value in your environment, potentially lowering the overall cost of a breach and the cost per file.


Now let's get into our new feature announcements, which help to accomplish this vision. You can also watch our Microsoft Secure on-demand session covering these announcements here:


Scope the administration of Data Lifecycle Management

Today's first announcement is a new way to assign administrative privileges in the Microsoft Purview Data Lifecycle Management solution. Zero trust architecture suggests providing users with the least amount of administrative access they need to perform their job duties, called least privileged access. For example, operationalizing this best practice usually requires specifying different administrators for a specific geography, department, or business division.


Today, we announce the public preview of scoped administration in Data Lifecycle Management. Scoped administration leverages the Administrative Units feature in Azure Active Directory. Administrative units define which users can perform certain tenant-level functions for that unit. For example, you might have a unit for Germany, create a unit for the finance department, or use any other sub-division of your organization.

Example administrative units and Data Lifecycle Management adminsExample administrative units and Data Lifecycle Management admins

Scoped administration in Data Lifecycle Management enables you to assign an administrator to configure retention and label policies for only one or more administrative units. They can only see their administrative unit's policies in the Microsoft Purview compliance portal. Previously, you could only assign a tenant-wide admin for Data Lifecycle Management.


The public preview of scoped administration for Data Lifecycle Management is coming in April 2023.


Leverage organization events in Data Lifecycle Management

Our second announcement enables organizations to use events from a line of business applications and systems to manage the lifecycle of files. Today we announce the General Availability of our Microsoft Graph APIs to manage lifecycle events. For example, these new APIs can recognize a resignation event in an HR system and automatically record the event in Microsoft Purview Data Lifecycle Management to trigger the appropriate deletion of data associated with that person.

An example employee resignation event automated with the Microsoft Graph APIsAn example employee resignation event automated with the Microsoft Graph APIs

You can now use our Data Lifecycle Management APIs with application or user permissions.


The Microsoft Graph API to manage event-based retention is Generally Available today in all commercial and government tenants.


Integrate Data Lifecycle Management into business processes

Our third announcement helps you integrate lifecycle management into your existing business processes using Power Automate. Today we are releasing a new Power Automate action to apply a retention label to files in SharePoint and OneDrive as a step in any workflow.


Applying a retention label to a file using an automated workflow ensures your organization follows these policies consistently. You don't have to rely on an end user to remember to act. You can add this action to your existing Power Automate workflows or create a new flow. Power Automate uses a visual no-code interface where you can automate your processes using a trigger and actions.


Our new Power Automate action to apply a retention label to files in SharePoint and OneDrive is now available in Public Preview in all commercial tenants and is coming soon to government tenants.


Please let us know what you think of these announcements in the comments!


Data Lifecycle Management resources

[1] Cost of a Data Breach Report, 2022. Research independently conducted by Ponemon Institute, and featuring analysis by IBM Security

Version history
Last update:
‎Mar 27 2023 04:14 PM
Updated by: