Deletion of an SharePoint website with an adaptive scope
We are using a retention label "Keep forever" which we have published via a retention policy. In this policy, we have established an adaptive scope based on a KQL query which selects a large part (but not all) SharePoint websites in our tenant. Since there are several new sites created every day in our tenant automatically, adding sites manually to a static scope doesn’t make practical sense. This has worked well. Now we ran into the usecase that we would like to delete a number of (old and not used anymore) SharePoint websites. My first idea was to change the KQL statement and add a NOT Operator inside of the statement. This was fine. However, from studying the material on MS learn, this will trigger a 30 Grace Period for these sites that have been removed from the adaptive scope, although they are not part of retention policy anymore (visible by the policy lock up function). I read that there is a way to EXCLUDE sites from a retention policy (which doesn’t trigger the 30 Grace Period), however this option seems only to be available when using static scopes and not adaptive scopes. Does anyone know a way to retain the flexibility provided by the adaptive scope and not be affected by the Grace Period?
Retention label creation issue in purview
Hi all, I am facing issue with creating retention labels in microsoft purview, when i tried to create it getting an error like below I have tried in different browsers and also ensure that i have Compliance Administrator role. Is there anything i am missing out ?Auto retention label policy does not work in SharePoint Online
I have created an auto retention label policy and ran and tested it in simulation mode two weeks back, but when I run the same policy with the same query in simulation mode, it does not give any matching result; always it comes with 0 matches found. However, when we test the same query in SharePoint Online search, it gives a result. The policy is completing on time; sometimes it takes hours to days to complete, but sometimes it completes on time as expected. What could be the reason? Are you also facing similar issues? Thanks!Microsoft Purview Best Practices
Microsoft Purview is a solution that helps organizations manage data and compliance. It also uses AI to classify data, monitor compliance, and identify risks. Key features include data discovery, classification, governence, retention, compliance management, encryption, and access controls. Purview ensures data security, prevents insider threats, and helps implement data loss prevention policies to meet compliance requirements. Hello everyone - This is just a short introduction, I am Dogan Colak. I have been working as an M365 Consultant for about 5 years, holding certifications such as MCT, SC-100, SC-200, SC-300, and MS-102, with a focus on Security & Compliance. This year, I am excited to share what I have learned with the Microsoft Technology Community. In the coming days, I will be publishing videos and articles based on the training agenda I have created. I will also share these articles on LinkedIn, so feel free to follow me there. I am always open to feedback and suggestions. See you soon!Retention Labels - PowerAutomate integration doesn't support solution flows?
Hi there, As explained in the documentation https://learn.microsoft.com/en-us/purview/retention-label-flow, you can now call a PowerAutomate flow when a retention label reaches the end of its retention period, which is great. However, based on my tests, this functionnality does NOT support flows that are part of a solution. It only works for flows created in "My Flows". Am I the only one thinking no serious enterprise would handle a process as big as tenant-wide retention using a "personal" flow created by a random user in "My Flows"? I would rather use a "corporate" flow that is packaged, service-principal-owned and deployed through staging environments using ALM best practices but somehow someone decided that solution flows weren't supported, which makes the functionality useless 😞 Anybody found a workaround to make it work with a solution flow? Thanks!
DLP rule - Document Property is: 'ComplianceTag:\0'
Is an expression like the one below supported by the "Document Property Is" condition when setting a DLP Policy in Purview? I'm trying to set a rule that applies a DLP alert to files in SharePoint that do not have a retention label applied to them. Would using the null character regex work for this? Document Property is: 'ComplianceTag:\0' Alternatively, is it possible to set a rule when a document property does NOT contain something?
Restrict applying retention labels in sharepoint site documents
My organization is looking to use retention labels on documents within sharepoint sites, but wants to only allow sharepoint administrators or site owners to be able to do this. They don't want to allow sharepoint site members from applying a retention label in order to prevent other users from applying retention labels on non-relevant documents. Is this possible?Site Owners Can Remove Retention Labels
With a site owner I can remove/clear a retention label, but a member account can not. When a member attempts to remove a label I see the message "Error: The label that's applied to this item prevents it from being edited or deleted. Check the item's label for more details." One would think this would be the same behavior for an owner but that does not appear to be the case. Has anyone else observed this behavior? Does anyone know how to prevent site owners from removing retention labels?Retention policy to remove older than 30 days items from the Deletd Items folder "doesn't work "
Recently I worked with this scenario and faced the following "issue": After a hybrid Exchange migration, we needed to replicate the onprem retention policies. Basically, enforce a policy that removes all the messages older than 30 days from all the mailboxes Deleted Items folder. That's something quite easy to configure, ( done thousand times ), and will not get deeper in this technical details. The case is that, after the setup, we noticed that many old items, ( even from last year and older ), were still in the user's Deleted Items folder without any action from the policy. Of course that I know that the Managed Folder Assistant, ( in charge to check those policies and apply any action if required ), runs automatically once por week +- and we can force it with the cmdlt: Start-ManagedFolderAssistant <UserEmailAddress> And in order to recalculate all retention tags and apply them to the required folders, we can run: Start-ManagedFolderAssistant <UserEmailAddress> -FullCrawl But even running both commands and waiting more than 48 hours nothing happend. After further investigations and the help of a MS engineer we got the point: The retention age is calculated based on "Date of delivery or creation unless the item was deleted from a folder that does not have an inherited or implicit retention tag. If an item is in a folder that doesn't have an inherited or implicit retention tag applied, the item isn't processed by the MFA and therefore doesn't have a start date stamped by it. When the user deletes such an item, and the MFA processes it for the first time in the Deleted Items folder, it stamps the current date as the start date." https://learn.microsoft.com/en-us/exchange/security-and-compliance/messaging-records-management/retention-age In fact, we verified that with some random old messages in some mailboxes and all those had the first MFA run as the start date stamped. After waiting 30 days the messages were correctly deleted. Hope that this helps someone facing the same behavior, avoiding spend so much time as I spent on this 🙂How to "bypass" an Exchange Retention Policy Preservation Lock
I have a scenario with a complete Exchange Retention policy with a preservation lock. As you already know, once a preservation lock is in place, nobody can turn off the policy, delete the policy, or make it less restrictive, ( neither the Global Admin ). Now we need to modify it for a couple of mailboxes, but as those mailboxes, ( like all the mailboxes ), are included in the locked retention policy, there's "no way" to do it. Well, I figured out one chance... 😉 Here starts to play the principles of retention. As the mentioned retention policy is applied to the whole Exchange environment, and as per the principles of retention explicit wins over implicit for deletions, we can create a new policy that applies to the required specific mailboxes in order to delete the content sooner. " If a retention policy for a location uses an adaptive scope or a static scope that includes specific instances (such as specific users for Exchange email) that retention policy takes precedence over a static scope that is configured for all instances for the same location ". https://learn.microsoft.com/en-us/microsoft-365/compliance/retention?view=o365-worldwide That should solve the issue "bypassing" the locked policy. But note that this principle only takes advatage in the case of deletions. For only retention, that wins always over deletions. Maybe not the best solution, but people should be aware about such kind of things before locking a retention policy. Feel free to let me know your thoughts.
