1. Configuring Labels for Records Management
Now, something that can be very important in our organization and businesses is the idea that information needs not only be labeled with sensitivity labels and retention labels that are going to decide how long that information is kept, but also things like the business function and department that that information is tied to. And we need to be able to categorize all of that information as well. So in Microsoft 365 they give us a way to do this, all right, we can actually go through and we can do what’s known as records management. And this allows us to label information with things like finance, human Resources, information Technology, legal, marketing, sales, products, services, there’s various business functions that we can tie things to or departments that we can tie things to and then we can even categorize information as well.
So for example, maybe the business function I’m going to label my data as is going to be finance and then perhaps from there I could have a payroll label created so that if information is related to payroll then of course it can be tied to anything involving payroll. And from there we could actually go a step further and mix this with data loss prevention and all of that stuff as well. So this is a really cool feature known as records management and you can get to it by going to portal Microsoft. com, click the Show All lip symbol, go down to compliance and that will bring you into the compliance Microsoft. com which is the compliance center. And then towards the bottom of the list here you will see Records management.
Now real quick, one thing I do want to clarify is you need to make sure that you have the proper licensing for this. And one thing I always encourage people to do to familiarize yourself with the security and compliance licensing is if you just go out to Google real quick and just search these names here, Microsoft, this name Microsoft 365 Guidance for Security and Compliance. If you do a quick search on that you can pull up this article, all right? Microsoft 365 guidance for security. If you click that, this has got all these different license requirements in it that you can look at. So kind of scroll down here and towards the bottom you’ll see Records management. Of course, if you’re like me and you don’t like having to search with your eyes, you can have the browser do it for you.
So just put in the word records, for example and you’ll be able to find that pretty quickly. So here it is right here, records Management. And you guys can see what the license requirements are. So these licenses here, so the big thing you want to remember about this one is the number five. All right? You’ll see that you have to have e five A licenses in order to get this. So make sure that if you’re doing this in your organization, your business that you do have one of these licenses. Okay? In my case, I do have the office. 365 E five license. So that’s what is going to make this possible for me. Okay, so jumping back over here to records management, you’ll get a quick overview and this will just give you some information on if any of your documents have been labeled with records management.
The next thing you’re going to do is you’re going to actually build a file plan which is going to let you create a label that will label your documents. Interestingly enough, you can mix this with your retention policies as well. So you’ll understand what I’m saying. In a minute when I actually create one of these in another video, you’re going to see how retention policies and tension labels mix with this as well. So not only can you have table labeled with something like payroll or if it’s finance or whatever, you can also have it mixed with retention and have it deleted after a certain amount of time also. And so you’ll create a label. You’ve got label policies here. So this is the label and then the policy which you’ve seen before in other areas of retention. You also can create events that are going to let you go through and basically have something triggered to occur.
Like for example, if I had some personal information that was tied to an employee that we had to keep on file, maybe for legal reasons, I could have that information deleted in a situation where an employee left the company. Okay? And that’s what an event is going to be. And then lastly, you have disposition which gets into having a disposition where information is tagged with this label. And then employees, a certain employee or a group of employees can make a decision on what to do with that information, whether we want to keep it for a longer period of time or whether we want to delete it or whatever. All right, so that’s a quick look at the concept of configuring your records management. As we move into this next little section here, we’re going to actually look at implementing it.
2. Managing and Migrating Retention Requirements with a File Plan
So now I want to take a look at actually going through the process of creating a records management label using the Compliance Center. So we’re going to start here on Portal Microsoft. com. We’re going to click the Show All lip symbol here and we’re going to click on Compliance. Okay. Once we get into Compliance, we’re going to scroll down and go to the Records Management blade. Here it is right here. And from there we’re going to click on File Plan. All right, so this is where we’re going to create our label. All right. Now you’ll also notice that you’ll see some retention labels that we’ve already created show up here and I’ll get to why those are there coming up, all right? But for now I want to create a new label. So we’re going to click to create a label, all right.
We’re going to give this label a name. We’re just going to call this Financial Data Label, all right. And we’re going to click next. Of course you could have given a description and all that. So this is where things get a little bit interesting. You’ll notice that up here at the top it’s telling you we’re creating a retention label. That’s because records management labels are retention labels, believe it or not, but they’ve got this additional capability associated with them. And so you’ve not seen this before, but you will have seen these next screens coming up if you’ve gone through the retention policies and all of that stuff. So here we go. We got business Function Department. Oh, and I’m sorry I can give a reference ID.
So if I want to have a specific ID, I associate with this and this would be for our database or something like that. If we had a database that was tracking specific ID numbers of information like different codes that we’re using, we could assign an ID to it if we want. All right, so maybe financial data in our database is five. Okay, so then you’ve got business function department. We’re going to click choose, all right? And you’ll see that we’ve got a bunch of these already here. We could add additional ones if we want, but I’m going to go with Finance. All right, but as you can see we’ve got Finance, Human Resources, Information Technology, Legal, Marketing, Operations, Procurement, Products, Sales and Services, and again you could add other ones if you wanted to.
Okay. You’ll notice that it’s only going to let you select one there, but I’m going to go ahead and click choose and then we have a category that’s going to be associated with that function department. So we’re going to click category and figure out what was this going to be for? Is this? Accounts payable? Accounts receivable, administration compliance, contracting, financial statements. What is this information going to involve? I’m going to say Financial statements and then we’re going to go ahead and click choose and then we can also have a subcategory if we want. All right, you’ll notice that in this case there is no subcategories, but if we wanted to create one, we could. All right? From there, we’re going to specify the authority type. So we’ll choose and we can choose.
What is this going to be? Business, legal, or regulatory requirements? I’m going to say business. All right. And of course, if you wanted to create a new authority, you could so we’ll say choose and then provision citation. You can choose that. And you’ll notice that if you’re in a US. Tenant, you’ll already have some US jurisdiction based citations that you can choose from. Now, if you are in a different country tenant, you’ll notice you might have some other options there. Okay? But the other thing you can do is you can create citations, create new citations as well. I’m going to go with let’s go back in here. Let’s go with truth in lending. Federal Trade Commission. So we’ll do that. But you’ll see, there are some other ones here.
You can also go out there and read about these citations as well and what they mean, what they’re for, and all that fun stuff. So I’m going to go ahead and click choose, though. Then we’re going to go ahead and click next. All right, so this is business as usual. If you’ve gone through the retention area, you’ve already seen all this. All right, so I’ve got retain the items for a specific amount of time, seven years when the item was created, when it was modified, labeled employee activity. I’ve actually explained all this in a previous video. During the retention period, retain items, even if users delete it, that means that if they delete the item, it’ll retain it. Even if it’s deleted out of the recycling bin, it’s going to get retained.
Now, in my case, I’m just going to mark the items as a record because I’m just using this for records management. In my case, I’m not wanting to have this deleted after a certain amount of time. So from there, I’m just going to say mark items as a record. Okay. And then at the end of the retention period, do I want to delete it automatically, trigger a disposition, or do nothing? So I’m just going to say do nothing. I want it just to be marked, and that’s all I want. So I want this information. If, say, somebody in our financial department wants to label a document with this financial label, they can, and it will officially be labeled with that. And at that point, we would be able to search financial records. We could use it for ediscovery forensics if we needed it for evidence.
We just want our documents marked with this label. All right. I could also choose retain items forever. Only delete items when they reach a certain age, and then don’t retain or delete items, which, again, if you’ve gone through the retention area of the course, I’ve already explained what all that means. Of course, most of it’s pretty self explanatory if you just read the description. I’m going to go ahead and click Next, and then we’ve now got a summary of what it’s going to do. And I’m just going to click to create the label, all right? So after that screen is done processing, you’ll see these three options here, which you’ve actually seen before in looking at retention policies and labels earlier. You can go ahead and publish the label. You can auto apply the label or do nothing.
Okay? So from there, in my case, I’m going to say do nothing. I’m going to click done. All right? And the file Plan Records Management label should now be created. Financial data label right here. And then I can go over here and say, label policy, publish. I’m going to publish the financial data label. Remember, this is not going to be available until you publish it, all right? And we can choose the locations. I’m just going to say all locations and we will go ahead and call this financial records policy. We’ll click Next and click Submit, and there you have it. All right, give it time for it to process and you can come back and try to apply it to something later. Now, the other thing I want to show you is how you can migrate a retention label into a records management label, which is really a hybrid.
It’s a records management retention label. Essentially, if you come over here to file plan, you’ll see the retention labels that were created earlier. I can go right here and I can choose one of these. For example, maybe I’m going to choose this five year deletion for retention. I could select that and then I can edit that. Click Next and see we now have the same options that we had when we were creating the record just a minute ago. So you didn’t see these options when you were creating the retention label earlier, but you will see it now. Okay, so I can go through and I can choose, what is this going to be for? Maybe I’m going to do legal, and then I can do a category. We’ll say Accounts payable and then authority type, so on and so forth.
Legal provision. Citation. Sarbanes oxyact. Click Next. You’ll notice that these are the options that we chose earlier. Okay, I can’t notice how it’s all grayed out, right? So then I can click Next, click edit the label. All right? And away we go. All right. So that’s how we could migrate an existing label. I actually don’t want to do this to my retention label right now, so I’m not going to do that. But that would be how you would do that. And then of course, you come over to label label policies and go from there, all right? So you can choose to have it all published and all that fun. Stuff. Okay, so that is how we can officially create a file plan, records management label and have it published, as well as how we can edit to migrate existing labels over. Okay.
3. Configuring Automatic Retention and Sensitivity Classification Records
Now something else we can do involving records management and retention is we can also apply records management with auto labeling, all right? And it’s not really very different than what we’ve done in the past involving auto labeling with retention. It’s just through records management and File Plan. So we’re going to start out here on Portal Microsoft. com. We’re going to click the show all loop symbol here. We’re going to go go down to compliance. It’s going to bring us into the compliance center and we’re going to go in here to records management, all right. From there, once it loads up, we’re going to click on File Plan and we’re going to click to create a label. Let’s just create a new label. This one will be we’re going to call this Legal Record.
All right, click next. And so we’ve got our Descriptors. So that’s another thing obviously we’ve had to do when creating a record. We have descriptors. We’re going to choose if we’re going to do a reference ID. I’m not going to do a reference ID this time. I’m going to go with Business Justification, legal, and we’ll go with Category. And why don’t we go with Compliance, all right? And then from there authority type. We’ll choose legal and then provision citation. Let’s go with the sarbanes. Oxley act. All right. Again, you can familiarize yourself with these if you want. You can look them up and remember that if you are in a different country, you may have a different tenant, you may have different citations. So we’ll click choose and we’re going to click Next and then it’s business as usual.
Okay. So we have the same stuff we’ve seen before, all right. I’m going to say Mark is a record and we’re not going to have it deleted. We’re going to click Next and we’ll click to create the label, all right? So then it’s going to go through, of course, the process of creating the label and then at that point we’ll be able to go if we wanted to publish it, we could we can also say auto apply this label to a specific type of content. So we’ll select that. We’re going to click Done. It’s going to go ahead and bring us right into the auto labeling policy, which I also show you that you could have done that even if you finished this wizard out, you could have done that separately. So I’m going to say auto apply for legal Docs. Or we’ll say legal Info and we’ll click Next.
And then we can say apply label to content that contains sensitive info, right? So I can go here and I could specify what that’s going to be. Maybe it’s privacy. And this just kind of gets back into the sensitive labels that we’ve seen. Then you’ve got apply content, specific words and phrases. So I could go there and I could put in key words. And then we’ve got apply if it matches a trainable classifier, which gets into where it’s looking for source code harassment, profanity threat resume, offensive language discrimination. All right? So in my case, I’m going to do sensitive info. We’ll go there and we’ll choose privacy, and let’s go with the US Patriot Act, all right? And then we will click Next. And so here’s all the things that’s going to be looking for that will involve legal, all right? Credit card. So maybe we’re having documents labeled legal purposes.
And this could involve some type of court case that we’ve got going on. We could be using this for forensics evidence collection. There’s various things we could use that for. This is all stuff, though, that you’ve seen before. All right? So we’ll click next and we can choose the locations that it’s going to be for. All right? I have to say all locations and I’m going to click next. And there it is. It says choose a label. You’ll see a legal record. It’s already selected. I wanted to replace that label, I could, but I’m not because that’s obviously the label I want to use. And then I’m going to click next and then submit. And then it’s just a matter of processing as always. Give it time. It could take an hour, it could take 24 hours before this is actually going to start taking effect, all right? Especially with a new trial tenant.
Now, the only other thing I did want to say is that you could have, if you would have chosen not to set the auto label up, you could have simply gone over to Label policies and clicked Auto Apply Label. So that’s just bringing you into the same wizard we just saw, okay? So that’s how you could have manually jumped into that Auto Apply label if you wanted to. All in all, it’s really a lot of the same stuff that we’ve seen in previous videos, and it’s just choosing Auto Apply this time around and having it apply to your information based on either sensitive info or keywords. Or of course, you could apply it based on Trainable classifiers. But for the most part, I hope you’ll find that to be pretty straightforward. And it’s stuff that we’ve done before and shouldn’t be too difficult for you to run through if you wanted to try it out.
