Data Compliance Issues Solved: Introducing Adaptive Policy Scopes

Everyone will agree that dealing with compliance and regulation frameworks can be a headache. It’s especially topical if your organization is present in multiple locations. Each country can have its own standards, even within the European Union. You might have to retain your customers’ data in the German office for, say, 2 years; meanwhile, it’s 5 years in France.

The regulations get tougher in industries dealing with sensitive information such as financial records, health data, or personal identification information. In some cases we’ve seen with our customers, they needed to delete their chat conversations within 24 hours.

To manage their data and records in accordance with regulations and compliance rules, organizations use information governance systems. The Information Governance by Microsoft allows to do just that, making sure the necessary information is safely kept while all the outdated content or sensitive conversations are deleted within a specified period.

In this blog post we will talk about adaptive policy scopes – a new feature which in now in Public Preview – that has taken retention of data to the next level, allowing more automation, flexibility, and scalability. We will explain how new adaptive scopes work and how you can leverage them to improve your data management at scale.

Common constraints

The most common constraint we briefly described above – geography. Having branches in multiple countries means more compliance regulations to adhere to. It would require having a separate retention policy for each location.

You might also require establishing different retention rules for specific departments in your organization that deal with sensitive data. That could be your legal or financial departments. So normally, you would need to exclude them from the organization-wide policies.

Specific people in your organization may also need to have special policies applied to the data they receive and share. That could be, for example, your executives’ chats and mailboxes.

To consider all these differences and restrictions in the retention and label policies, previously organization had to update information manually and build complex scripts to scale the process.

Let’s delve a bit into that.

How label and retention policies used to work

Up till now, retention scopes have been static. You could apply either retention policies at a site or a mailbox level, or retention labels at an individual item level (folder, document, email).

You can apply retention policies to Teams and Yammer chats and channel messages, emails, SharePoint sites, OneDrive accounts, and public folders.

If you wish to retain all the data stored in a specific SharePoint site for 1 year, it makes more sense to apply a retention policy. However, if within this site there are files that should be retained for 5 years you would need to use labels.

Retention labels are used to classify the content and decide which piece of data should be retained or deleted in the cloud. They travel with the files they are applied to when they are moved to a different location.

You could also include or exclude specific locations in a retention or label policy. However, there are limits to how many inclusions/exclusions you can apply per policy. If you exceeded the limits, you needed to create additional policies with the same retention settings.

And this is where adaptive policy scopes come to the rescue.

Adaptive policy scopes

Adaptive scopes allow you to apply more dynamic label and retention policies. You can set dynamic conditions for inclusion/exclusion, and the policy will be automatically updated. The conditions can be based on users’ Azure AD attributes, SharePoint sites, and Microsoft 365 groups. And per policy limits that we previously mentioned no longer apply in adaptive scopes.

Adaptive scopes consist of properties that define all the sites, groups, and people in your organization. For example, you may have branches in various locations where different compliance regulations apply. So, if you want all your data in the Italian branch to be retained for, say, 2 years, you can select this location in the scope. The policy will be automatically updated to match this rule.

Similarly, you can apply scopes for chats or mailboxes of all your VPs or any other employees with a specified job title. You can so the same for certain departments that have different compliance regulations. Dynamic rules to data retention greatly facilitate this process and makes it more scalable.

So, even when some employees leave and others enter the organization, the retention policy will be automatically updated, triggered by the changes of users’ attributes.

Taking a step further

For some organizations it can be topical to implement retention policies on data around specific business processes. For example, you may want to have a defined retention policy for each research project.

You can achieve that by defining the right naming convention for all project teams and including it into the scope for this policy.

With Collaboration Templates by SalesTim, you can templatize any business process – be that Account Management, Deal Room Collaboration, Project Management, Marketing Campaigns, Onboarding, etc. And you can apply specific retention policies for any of those processes. After creating the structure of the template that you’ll use for creating new teams, you can configure Governance rules, including a naming convention. Based on the naming convention you can set up a retention policy.

Example

Let us take our research project example. You can define static and dynamic rules for naming your teams, for instance:

Project name – Project – Country

Where users will define the Project name; the word Project will remain static; and Country will depend on the user’s location.

Then, you can create a Microsoft 365 group alias. It will define the group email for the teams created from this template.

microsoft teams naming convention

You can choose either the defined name for future project teams or the Group alias to define the scope for your retention policies. However, we recommend using the latter since the team owner can change the team name. The Group alias, on the other hand, will stay permanent.

By doing so, the teams created from the template will be automatically added in the scope of these policies.

This will allow to ensure collaboration confidence, with an elevated level of compliance, and easier IT governance in your organization.

Download White Paper with free Teams Naming Convention examples 😉

  • Use Cases Examples
  • Microsoft Teams Naming Convention Solutions
  • Naming Convention at Teams Templates Level
  • Fixed and Dynamic Naming Convention

Contact our team to learn how to improve your collaboration efficiency.

Read Related Blog Posts