ESPC18 in Denmark
Next Wednesday, I shall be speaking at the European SharePoint Conference (ESPC18) in Copenhagen, Denmark. My chosen topic is “Office 365 Data Governance,” which is somewhat challenging because the underlying technology changes all the time. The recent introduction of sensitivity labels into Office 365 (available to E3 and E5 plans) is a good example because the new labels make protection (encryption) through rights management more accessible than ever before to Office 365 tenants.
Other examples are the ongoing efforts by the Teams development group to support different aspects of data governance. This year, they’ve added support for Office 365 retention policies and expanded their ability to capture compliance records for hybrid and guest users, including external people pulled into a 1:1 chat. Teams will soon support Office 365 data loss prevention policies too.
Microsoft has also reinforced the importance of the Office 365 audit log by increasing the retention period for records to 365 days for E5 users. On the other hand, Microsoft is still struggling with the problem of truncated records for Azure Active Directory events reported in September. All in all, data governance is an interesting area to review.
One point I will be making is that Microsoft is not investing in workload-specific functionality for data governance within Office 365. Any new features that come along apply to all workloads that support the data governance framework (Yammer is still a notable outlier).
What this means is that anyone dealing with data governance topics like retention, protection, compliance, eDiscovery, and auditing needs to change their own mindset away from the products that they might know well to understand how things are done in a pan-Office 365 way.
Two base workloads exist inside Office 365 – Exchange and SharePoint. An Office 365 administrator absolutely needs to understand at least one of these workloads inside-out, but they also need to know how the other workload functions and how they two interoperate and support other applications like Teams and Planner. It’s a new world.
The slides I used for the session are posted online: Exploring Compliance With Office 365 – ESPC18
If you can’t get to Copenhagen for ESPC18, you can still read about Office 365 data governance in Chapters 19 (retention), 21 (reporting and auditing), 22 (data loss prevention), and 24 (sensitivity labels and rights management) in the Office 365 for IT Pros eBook.