Setting up Compliance
Document Central can be configured to be a fully compliant document management system. Compliance ensures adherence to internal policies, procedures, and government laws. Implementing compliance procedures protects your company's reputation, enhances its vision and values, and helps prevent and detect violations.
To set up compliance, Document Central utilizes a feature called retention labels.
Retention labels allow you to manage and apply retention policies to documents. Similar to tags, retention labels can be applied to documents to enforce a retention policy. These labels can be applied manually by a user or automatically based on certain conditions.
There are different types of retention labels in Microaoft 365 that differ in their behaviour.
-
Retention Labels:
- Anyone with permission to update an item can apply, modify, or remove these labels without any restrictions.
- Once applied, both the content and metadata (site columns) remain editable.
-
Record Labels:
- These labels can be applied by anyone who can update an item.
- Only an administrator has the authority to modify or remove them.
- When applied to a list item, the metadata becomes unchangeable.
- When applied to a file, the content becomes unchangeable, but metadata can still be edited.
-
Regulatory Record Labels:
- These labels can be applied by anyone with the ability to update an item.
- They cannot be changed or removed by anyone.
- When applied to any item or file, both the content and metadata are locked and become unchangeable.
Regulatory Record Labels are ideal for situations where it's crucial to guarantee that a record remains unaltered. These labels are not to be taken lightly; once applied, they permanently lock the record and its metadata, ensuring that no changes can ever be made.
Here are some key distinctions between Regulatory Record Labels and other label types:
- Restricted Movement: Users can move regulatory records within the same SharePoint Library, but cannot move them to different Libraries or Sites.
- No Versioning: Unlike standard Record Labels, which allow for the creation of new versions of a record while keeping the previous versions immutable, Regulatory Record Labels do not permit record versioning. This restriction ensures that once a record is set, it cannot be updated or changed.
- Fixed Retention Periods: Administrators cannot shorten the retention period set by a Regulatory Record Label when modifying its settings in the Compliance Center.
- Irreversible Site Deletion: If a SharePoint site containing regulatory records is deleted, it cannot be restored. This underscores the permanence of these records.
- Opt-In Feature: Regulatory Record Labels are disabled by default in Microsoft 365. To enable them, administrators must use PowerShell, ensuring that only those who understand their implications can access and apply them. This precaution helps prevent the accidental permanent locking of important content.
- Alert Notifications: Microsoft has implemented additional alerts to inform administrators and users about the irreversible nature of these labels. While these warnings are in place, it remains uncertain how many will actually heed them.
- Manual Application Only: Due to the serious implications of making content permanently immutable, Microsoft has decided to restrict the application of Regulatory Record Labels to manual processes only. This prevents any automated system from accidentally applying these labels, safeguarding against unintended consequences.
Benefits of Using Regulatory Record Labels
The introduction of Regulatory Record Labels offers enhanced retention options, which are invaluable for organizations aiming to achieve the highest levels of compliance. These labels ensure that critical records and their metadata remain permanently unaltered, providing a robust tool for maintaining strict regulatory standards.
To maximize their benefits, it's important to implement Regulatory Record Labels selectively. They should be applied to specific sites, groups, and inboxes, and managed by a limited number of trained and trusted users. This cautious approach ensures that only those who fully understand their implications can interact with content protected by these labels. As a result, these labels are best suited for locked-down archival areas, where they can securely manage sensitive information.
Overall, Regulatory Record Labels are an excellent asset for a select group of organizations. Their use in controlled environments enhances compliance and ensures the integrity of crucial records.
Important
To use labels in Microsoft 365, including Retention Labels, Record Labels, and Regulatory Record Labels, you generally need one of the following plans that include compliance and data governance features:
- Microsoft 365 E5: This plan includes advanced compliance and security features, making it ideal for organizations that require comprehensive data governance, including the use of Regulatory Record Labels.
- Microsoft 365 E3 with Compliance Add-on: While Microsoft 365 E3 provides basic compliance features, you can add the Advanced Compliance add-on to access more sophisticated options like Regulatory Record Labels.
- Office 365 E5: Similar to Microsoft 365 E5, this plan includes advanced compliance capabilities but does not include Windows 10 and Enterprise Mobility + Security. It's suitable for organizations focused on Office and productivity applications.
- Office 365 E3 with Compliance Add-on: Like Microsoft 365 E3, Office 365 E3 includes standard compliance features, with the option to add more advanced capabilities through the Compliance add-on.
- Microsoft 365 Compliance Center: You can access various compliance solutions, including information governance and data loss prevention, through the Microsoft 365 Compliance Center. The availability of specific features depends on your subscription plan.
It’s important to check the specific capabilities available in your current plan and consider any add-ons that may be necessary to access the full range of labeling and compliance features. For detailed information and to ensure you have the necessary features, it's advisable to consult with a Microsoft sales representative or visit the official Microsoft website.
Setting up Regulatory Records
Regulatory Records is a feature in Microsoft Purview Records Management used to store document revisions securely by preventing users from removing a label from a SharePoint or Azure document. To enable the Regulatory Records feature, you need to run a PowerShell script provided by the wizard. Download the script and run it from your Windows client. If you don't know how to run a script, follow these steps:
Attention
This part is only for Windows users.
Change the Execution Policy
If the PowerShell script cannot be run, it may be because the policy to run PowerShell scripts is not enabled. To enable this policy, follow the first step:
- Start Powershell as an Administrator.
- Type Get-ExecutionPolicy and save your execution policy.
- Type Set-ExecutionPolicy RemoteSigned and press enter.
- Confirm the new Policy with the keywords below.
Info
To revert to your previous execution policy, repeat step 2 using the saved execution policy from the first step.
Run the Powershell Script
To run the PowerShell script on Windows, right-click on the document and select "Run with PowerShell." If this script is for enabling the Regulatory Records feature, enter your Azure password in the authentication window. If you don't use the Regulatory Records Wizard in Document Central on the Retention Label page, the following Powershell script can also enable the Regulatory Records feature.
Important
Replace "UserEmail" with your authentication email and then, the script can be run. Do this by inserting the command in the PowerShell console. The part "-Enabled $true" in step 4 can be changed to "-Enabled $false" to disable the feature.
Well Done!
After successfully setting up regulatory records in Azure, you can continue configuring the retention labels for SharePoint or Azure Blob Storage.
To enable the Regulatory Record Retention Label feature, follow these steps:
- Open the Windows Powershell
- Connect to the Security & Compliance PowerShell.
- Use Powershell to display the option to mark content as a regulatory record.
Setting up SharePoint Retention Labels
When using the repository type SharePoint, the Retention Label feature of Azure is used to create labels that mark documents as so-called regulatory records. These labels are then assigned to SharePoint. To create these labels, the Azure Compliance Center and PowerShell are used.
To create a new label for SharePoint, follow these steps:
- Switch back to Business Central
- Go to the Document Central - Retention Labels page.
- Execute the action Create Retention Labels.
- This action will then redirect you to the Compliance Centers Record Management Fileplan options.
- Perform the Create a Label action in the ribbon bar.
- Follow Microsoft's instructions to create your label or follow the next steps.
- Name your retention label. This is the name of the label your users will see in the apps where it's published (like Outlook, SharePoint, and OneDrive). So be sure to come up with a name that helps them understand what it's used for (E.g. 11 Years Storage).
- Describe the label for users and admins in the respective fields (optional). Click on Next.
- Define file plan descriptors for the label. This helps to organize this label for your organization. Please at least choose a Reference ID as well as "Finance" or "Legal" under Business function / department. As Category, please choose "compliance" and as Authority type choose "Legal". The other values are optional. Click on Next.
- Under Define label settings choose "Retain items forever or for a specific period". Click on Next.
- Under Define the retention period select a value under Retain items for.
- Under Start the retention period based on select When items were labeled. Click on Next.
- Under Choose what happens during the retention period choose Mark item as regulatory record. Click on Next.
- Under Choose what happens after the retention period choose Deactivate retention settings. This is our recommended value, but if other SharePoint functionalities are supposed to be used, this can be done here. Click on Next.
- Review the Settings under Review and finish and click on Create label to create the label.
More Information
Next you will be asked if you want to directly publish the labels. A publish will push the label to your SharePoint application so that it will be usable from there. In case you need more labels for more settings, please select No and repeat the label creation steps. Otherwise, you can continiue with the publish and continue at step 4. of the next section. For more information about creating retention labels, please visit the Microsoft documentation.
To publish the Retention Label, follow these steps: 1. Start in the Compliance Centers Label Policies from Microsoft 365. 2. Select a Retention Label and perform the Publish Retention Label action. 3. Follow Microsoft's instructions or follow the next steps to publish your Retention Label. 4. Choose labels to publish. This can be done for all labels at once. Click on Next. 5. Under Policy Scope keep Full directory under Admin Units. Click on Next. 6. Under Choose the type of retention policy to create select Static. Click on Next. 7. If you want the labels to be only on SharePoint, please select Let me choose speciific locations as well as the location SharePoint classic and communication sites. Otherwise, choose All locations. Includes content in Exchange email, Office 365 groups, OneDrive and SharePoint documents.. Click on Next. 8. Name your policy and click on Next. 9. Check your policy under Finish and click Submit to start the publishing of the labels.
Warning
Please note that publishing can take up to 7 days. For more information, please visit the Microsoft documentation After the label has been successfully published, you need to go to the Document Central - Retention Label page in Business Central and perform the Synchronize Labels action to synchronize your created retention labels.
Once the labels have been created, published and are available for SharePoint, you can sychronize them to BC. You have to this to be able to configure them in Document Central configuration. Please perform the following steps for the sychronization.
To synchronize Retention Labels to Document Central, follow these steps:
- Start in the Document Central - Administrator role.
- Search for the Document Central - Retention Labels page.
- Execute the action Synchronize Retention Labels in the ribbon bar.
- The Retention Labels are added to the list.
Well Done!
After successfully creating and synchronizing your retention labels, you are ready to continue configuring the retention labels in Document Central.
Setting up Azure Blob Storage Retention Labels
If you use the repository type Azure Blob Storage, the creation of the retention labels takes place directly in Document Central.
To create a retention label directly in Document Central, follow these steps:
- Start on the Document Central - Retention Label page.
- Perform the action New to create a new retention label.
- Give your retention label a name and set the retention duration.
- Optionally, use "Set Retention After" to define when the label should be set by the job queue Set Retention Label.
Information
In Document Central, you can easily edit or delete your created ABS labels. Documents that have already been labeled will not be changed. This functionality also allows you to select a label and change the retention period directly from the Document Central - Document Definition page.
Well Done!
After you have successfully created your retention labels, you are ready to continue configuring the retention labels in Document Central.
Setting up Retention Labels
To Setup the Retention Labels you must have completed the creation of the SharePoint Retention Labels or ABS Retention Labels, depending on which repository you are using, in order to proceed.
To enable the Retention Labeling feature, follow these steps:
- Navigate through the Document Central - Administrator role center.
- Click on Setup in the ribbon bar and execute the action Module Setup.
- Activate the Enable Rentention Labeling checkbox.
- The features for labeling are now activated.
Setting up users to set retention labels manually
In some cases, it is necessary to give your users the ability to view and/or adjust the retention label when manually storing a document via the Document Central FactBox. Please note that, in most cases, users should not have the ability to change the retention time, which is also our recommendation.
To enable users to see the retention label when storing a document manually via the Document Central factbox, follow these steps:
- Start in the Document Central - Administrator role.
- Click on Setup in the ribbon bar and execute the action General to open the Document Central - Module Setup.
- Activate the option Retention Label Visibility .
To enable users to change Retention Labels on manual document storage, follow these steps:
- Start in the Document Central - Administrator role.
- Click on Setup in the ribbon bar and execute the action General to open the Document Central - Module Setup.
- Activate the option Retention Label Manually .
To enable Retention Labels visibility on manual storing of a new document version, follow these steps:
- Start in the Document Central - Administrator role.
- Click on Setup in the ribbon bar and execute the action General to open the Document Central - Module Setup.
- Move to the Retention Configuration tab.
- Activate the option Enable Version Visibility .
Info
This is currently only supported for Azure Blob Storage repositories.
To enable users to change Retention Labels on manual document storage of a version, follow these steps:
- Start in the Document Central - Administrator role.
- Click on Setup in the ribbon bar and execute the action General to open the Document Central - Module Setup.
- Move to the Retention Configuration tab.
- Activate the option Enable Manual Version Retention Labeling .
Info
The calculated/defined retention label end time cannot be prior to a previous version's retention end time.
Setting up the Retention Crawler
In case you have already used the Document Central without the retention label feature, you might want to label the existing Document Central documents in retrospect. In that case, the socalled Retention Crawler can be used. The Retention Crawler is an own queue which runs over the existing document entries, creating retention queue entries according to the retention label configuration.
To automatically apply retention labels to already stored documents using the Retention Crawler, follow these steps:
- Start in the Document Central - Administrator role.
- Click on Setup in the ribbon bar and execute the action Module Setup.
- Activate the option Enable Retention Labeling.
- Configure the crawler by specifying on which days it should run and at what time it should run.
- Now activate the retention crawler with the option Run Crawler. When the crawler is active, the configuration cannot be edited.
Info
The labels will be applied depending on the Retention Label Assignment Configuration which will be explained in the following.
Setting up Retention Label Assignment Configuration
Where which retention labels will be applied (Manual and automatic document storage) can be configured in three different levels. The first (lowest) level is the configuration of a retention label for a certain document library. The next (middle) level is the configuration of a retention label on the a content type. The third (highest) level is a specific content type within a specific document library.
Further explanation/example
If a value is specified on the document library level, all documents uploaded to this document library will receive the specified retention label. However if a content type which is being archived in the document libray has a different retention label value configured, it will override the value from the document library when storing a document. This value again would be overwritten by a value that is set up in the specific content types of the chosen document library.
Level 1 - Configuring a Retention Label for a Document Library
To set up a retention label which will be used for a document library, follow these steps:
- Navigate to the Document Central - Document Library List page.
- Click on Edit on a document library you want to assign the Retention Label to.
- Under Document Library Settings you will find the Retention Label field. If a value is specified here, all documents uploaded to this document library will receive the specified retention label.
- Once you have defined your retention label in the Document Library, all documents stored in the document library will receive the specified label.
Level 2 - Configuring a Retention Label for a Content Type
To set up a retention label which will be used for a content type generally, follow these steps:
- Navigate to the Document Central - Content Type List page.
- Click on Edit on a content type you want to assign the Retention Label to.
- In the Header you will find the Retention Label field. If a value is specified here, all documents uploaded with this content type will receive the specified retention label.
- Once you have defined your retention label in the Content Type, all documents stored with the content type will receive the specified label. All values defined in the document library in which the content type is dropped will be overwritten.
Level 3 - Configuring a Retention Label for a Content Type assigned to a certain Document Library
To set up a retention label which will be used for a content type that is specifically assigned to a certain document library, follow these steps:
- Navigate to the Document Central - Document Library List page.
- Click on Edit on a document library where you want to assign a Retention Label to a certain Content Type.
- Move to the rows containing the content types assingned to the Document Library.
- In the rows, you will find the General Content Type Retention Label column. If a value is displayed here, all documents uploaded with this content type will receive the specified retention label. This value is global and is the same as the value defined in the content types. It is applied regardless of where the content type is stored.
- In addition, there is a Retention Label column. If a value is specified here it will be used instead of the retention label defined in the document library and the general content type setup.
Level 4 - Configuring a Retention Label for a Metadata
To set up a retention label based on a metadata value
- Navigate to the Document Central - Metadata Management page.
- Click on Edit on a metadata management line where you want to assign a Retention Label to a certain metadata value.
- Activate the option Retention definition. This is only possible when then option Enable Metadata Templates is activated. It is only possible to select one Retention definition at the moment.
- Move to the lines containing the metadata values assingned to the metadata management line.
- In the metadata value lines , you will find the values that where setup. If there are no values first perform following steps in the Metadata Management.
- Select in the column Retention Label which retention label should be used by using the metadata value.