As always, there are technical requirements for using records management. It is also an E5 feature, available in the following license plans:

  • Microsoft 365 E5/A5/G5
  • Microsoft 365 E5/A5/G5 Compliance add-on
  • Microsoft 365 Information Protection and Governance E5/A5/G5 add-on
  • Office 365 E5/A5/G5

The Office 365 plans listed previously allow the usage of records management by declaring items as records or regulatory records, automatically applying retention or record labels, and executing disposition review processes. To use trainable classifiers for automatically applying a retention label, you need to have one of the Microsoft 365 E5/A5/G5 plans listed previously.

For more information regarding records management licensing requirements, please refer to official documentation such as the following:

https://docs.microsoft.com/en-us/microsoft-365/compliance/get-started-with-records-management?view=o365-worldwide#subscription-and-licensing-requirements-for-records-management

The licensing is, of course, one part of the requirement, the other being the permissions required for configuring and managing the records management features:

  • Global Administrator
  • Record Management admin role

These permissions are required only to create, configure, and apply retention labels that declare records. The person configuring these labels does not require access to the content.

For a more role-based access control of the records management solution, there is a read-only role present to provide viewing rights:

  • View-Only Record Management admin role

To display the option to mark content as a regulatory record, we need to connect to the Office 365 Security & Compliance Center PowerShell and run the following cmdlet:

Set-RegulatoryComplianceUI -Enabled $true

With the technical requirements covered, we are going to dive into the first topic, which is configuring labels for records management.

Configuring labels for records management

The process of creating and configuring labels for records management is not unlike the topic covered in Chapter 10, Configuring Retention Policies and Labels. The process consists of the steps outlined here:

  1. Naming your label
  2. Configuring label setting
  3. Adding file plan descriptors
  4. Reviewing settings and creating the label

This process can be visualized with Figure 12.1:

Figure 12.1 – Visualization of the creation process

Heading to the compliance center (https://compliance.microsoft.com), we can begin creating and configuring our records management. The features are present on the left-hand side under Solutions and Records management, as shown in Figure 12.2:

Figure 12.2 – Showing the location of Records management in the Microsoft 365 compliance center

Once we have navigated to the Records management segment in the compliance center, let’s proceed with creating a label:

  1. Select the File plan (1) option in the Records management pane, as highlighted in Figure 12.3:

Figure 12.3 – Selecting File plan to start configuring Records management

2. Here, we will see the retention labels configured in Chapter 10, Configuring Retention Policies and Labels, but as shown in Figure 12.3, these labels do not indicate that an item is a record (2).

3. Selecting Create a label allows us to start the process visualized in Figure 12.1, which brings us to the page shown in Figure 12.4:

Figure 12.4 – Creating a new retention label, intended for usage in Records management

4. After providing a name for the label, a description for the end users, and a description for administrators, we can proceed to the next step of the process.

5. The next page gives us the opportunity to define the file plan descriptors for this label, where Microsoft provides several predefined options to choose from as well as the possibility to create our own for each option available. The options available for the file plan descriptors are as follows:

A. Business function/department

B. Category (Sub category)

C. Authority type

D. Provision/citation

6. In this case, we are going to create a file plan descriptor, covering the following areas as described in Figure 12.5:

A. Business function/department: Human resources

B. Category: Payroll

C. Authority type: Regulatory

D. Provision/citation: Sarbanes-Oxley Act of 2002

Leave a Reply

Your email address will not be published. Required fields are marked *