Security & Compliance Labels - Still Not Working

Copper Contributor

I raised a query last year with the Data Governance team about Labels not working correctly.  I also note that others have raised issues with this feature not working correctly. (New Labels feature does not work)

With GDPR laws coming into force in the UK very soon, I need to implement retention and deletion policies as a matter of urgency.  However it still appears that the released functionality still does not work as intended.

 

For my current issue, I have create a Label to retain content (not marked as a record).  I have applied this Label Policy and associated label to my SharePoint Online library.  I am unable to delete documents with the label applied.  My understanding is that the item should appear to be deleted but moved to the Preservation Library.  It appears that the Preservation Library is not created.

Would it be possible to receive clarification on this functionality and when this will work as expected?

It is critical that we (all European users) are able to apply Labels in a simple, transparent and non-obstructive way.  Given that GDPR comes into force at the end of May I am concerned that we do not have the tools to implement proper procedures within O365.

31 Replies

Hi Craig,

 

I'm experiencing the same thing.  I'd suggest, however, that what we're experiencing is the desired functionality and that, simply, Microsoft have failed to update their documentation.  

 

What is interesting, however, is that you will be unable to delete the Document Library containing these files (give it a go, you get an error message) but O365 will let you delete the site without a trace.  I've raised a question to Microsoft about this so let's see if they respond to me as I notice nobody's got back to you yet.

 

Regards,

 

Ady

Thanks for your reply Ady as I still have received no word from Microsoft. 

 

With 25 days until GDPR comes into force, I am concerned that I will not be able to implement our desired data protection policies.

I've raised the same issue with 365 support, and they told me it was expected behaviour (which I disagree with, and their documentation disagrees with).

https://techcommunity.microsoft.com/t5/SharePoint/Retention-policy-via-label-unable-to-delete-conten...
Thanks for your reply. At least now my sanity is not in question. :)

Yes, pretty sure they changed direction on this during the implementation of the technology.  The documentation was created whilst this was in preview and doesn't look like it's been updated to the way the implementation actually works now.  Preventing deletion of items makes sense - but they don't prevent deletion of the Site Collection/Group which doesn't make sense.  Thus it's easy to overcome retention schedules/record declaration - with potentially grave consequences for a business who was relying on this technology.

The way I see it, is that the retention policy should behave the same if it is 'delivered' by a label or directly (e.g. by being applied to a workload / product such as SharePoint sites).

If we configure 2 retention policies with exactly the same settings, then apply one directly to a SharePoint site, and the other via a label, we see different behaviour.

Interestingly, it is only the 'delete' user action that behaves incorrectly - you can still edit, rename and update items as expected.

Hi Rob,

 

That's interesting - I actually haven't played with applying retention without using labels.  Will do that and note down the differences.  I agree with you that it really ought to be the same as it's just the application method that changes when you use a label.

 

With GDPR just around the corner, I would've hoped Microsoft would have a more coherent offering around labels and retention.

 

Regards,

 

Ady

I am seeing the same thing. I had actually only played with global retention without labels and it works very nicely. You can delete stuff but it goes into the preservation library. You can't remove it from there, you can't delete the site, you can't delete the group even as tenant admin with PowerShell. Exactly as it should be.

 

Retention via a label works completely differently. and you can delete the group, after a while the SharePoint site goes. Therefore it is completely unfit for purpose.

 

It is imperative that this gets resolved ASAP.

Just a note that the compliance searches 'finds' the deleted content but then the export fails as it can't get the content  as it no longer exists.

I have received the following reply from Microsoft Support.

 

"I am writing this email in order to provide some information on the Preservation Hold Library. What you are experiencing now is by design behavior. A Preservation Hold Library is not being created in SharePoint Online, however the content will not be deleted with the correct labels and records and you will see a message in red explaining why the content cannot be deleted. While in OneDrive when you apply a label, then you will be able to see the Preservation Hold Library after deleting an item. Therefore, to recap the Preservation Hold Library will work only in OneDrive. The experience in SharePoint Online is different by design.  "

That sounds like complete rubbish to me....

I wonder if @Bill Baer is able to shed any light on this behaviour...

That's all good - but what happens to the 'preserved' content when you delete the entire SP Site Collection?  It seems to completely disappear.  Surely that's not by design.

I have been assured this is being raised with the "Technical Advisors":

"I am currently discussing the issue with my technical advisors and we probably will engage some higher level of support. I completely understand your issue so I really want to assist. Keep in mind that I will contact you as soon as I have more information. Thank you for the cooperation and patience."

Has anyone noticed a change with this? I just managed to get an item to get deleted and moved to a preservation hold library as a result of a label based policy...which is different to the previous behaviour.

I have received a phone call to let me know that this is now being investigated by the appropriate people and that they recognise there is a problem somewhere.  If they have updated the behaviour to what is expected (or wanted) then that's great.  It's would also be concerning if such major changes to behaviour were rolled out without an appropriate notice being given.  I suppose we will know shortly.

I have also just tested and I am still seeing the original behaviour.  No changes for my tenant.

 

Ion,  I'm afraid that you have not understood the specific issues here.  This is not Azure Information Protection or Firewall Related.  

I am beginning to doubt myself here. The "change" I think I have seen is using labels on OneDrive. I wonder if they always behaved like that anyway and when I tested labels previously I only did SPO.

 

i.e. the current situation is:-

 

OneDrive:  Labels OR Global retention  = preservation library

 

SPO: Global retention = preservation library, Labels = in-place but can be deleted by deleting the group

 

Does that sound about right?