Security Incident Response

If you think you have or know you have a Security Incident please fill in the form and our experienced Onevinn CSIRT team will reach out shortly.
The team has long experience in supporting customers in Incident Response and Compromised Recovery.
Keep calm and we will be with you shortly!

Lisa Wengler 01 Mar 2023
4 min

Data Lifecycle Management (DLM)

If you're looking for a way to keep your organization's data organized and secure, you should definitely check out the Microsoft Purview Compliance: Data Lifecycle Management (DLM) solution. 

The DLM (formerly Microsoft Information Governance) solution offers a range of tools and features to help you provides the capability to manage regulatory, legal, and business-critical records, as well as disposition reviews and proof of disposition, for the legal and regulatory demands that exist, such as GDPR. By managing your content in this way, you can ensure that you are effectively meeting your business needs while also adhering to industry standards and requirements, and you will not need to manually ensure that the information is deleted on time anymore.  This post will show how to get started so you can keep your data safe and deleted in time. 
Why is Data Lifecycle Management important? 
It is important to remember that businesses of all sizes are vulnerable to security breaches and threats. Bad actors simply want to harm your business. As a business owner, it is your responsibility to protect the important data of your customers, employees, and stakeholders. By proving good planning for information governance with DLM, you can show that you are a responsible business owner that cares about all parties involved in your business operations.  

  • Ensuring legal compliance and risk mitigation.  
  • Reducing the likelihood, frequency, and costs of regulatory penalties and legal discovery. 
  • Reducing risk in case of a security breach through the permanent deletion of old content that is no longer required to be retained. 
  •  By assuring users have access to only the most recent and relevant content, you canencourage the efficient way of working within your business.   

Retention Labels 
The Retention labels allow you to specify whether data should be retained forever or for a specific period if it is edited or deleted by users. Alternatively, you can configure the label to delete the content automatically and permanently after a specified period if it has not already been deleted. You can also retain an email or file for one year and then deleting it or using the Disposition Review function, where an admin needs to review all files that is ready to be deleted. The Disposition Review is recommended to use on the most critical information to keep track of it and when it should be deleted or relabelled. Retained means that the content is “in hold” and that will prevent permanent deletion, if a user delete a retained file it will still remain available for eDiscovery The majority of the time, users don’t even need to be aware that their data has retention settings. The retain setting is useful for content such as invoices and contracts that must remain in a certain time. 

Retention Label Policy 
Retention label policy’s play a crucial role in managing the lifecycle of data. These policy’s will determine the scope for your Retention labels to take effect and can be used for Microsoft 365 workloads such as Exchange, SharePoint, OneDrive, Teams, and Yammer. 
When setting up a retention label policy, you have the option to target all instances within your organization e.g., all mailboxes and all SharePoint sites or specific instances for example only the mailboxes for certain departments or regions, or specific SharePoint sites. 

Requirements before you start 
M365 A5/A5 Compliance 
M365 E5/E5 Compliance 
M365 F5 Security+Compliance/F5 Compliance 
O365 E5 
For more detailed licensing info see: Microsoft Purview Data Lifecycle Management Licensing - Microsoft Learn 
You must have the Data Lifecycle Management permissions when using this solution, auditing must be enabled in order to manage disposition reviews and verify that records have been deleted.  
Before implementing this technical solution you need to make sure that you have a framework in place for how it should be managed and who owns which information, and also who will handle the disposition reviews, etc. 
How to use Data Lifecycle Management 
I will provide a simple example of how you can implement the DLM: Microsoft 365 solution in your company. The example will show a retention label with settings to automatically retain the files with the specific label and remove them after a specified amount of time has passed since the file was created. I have also add a disposition reviewer (DR) that will review each file that is scheduled for deletion. So, the label configuration will be as follows. 
This is just one example, in your organization, you must specify how your data should be managed. In this stage, we choose the label settings that will allow labelled files to be retained for the specified amount of time that we set in the next step. 

Here, we select the retention period. As you can see, there are several settings available that you can use to customize the labels to fit your organizations needs during the configuration stage. 

And the last step in the label configuration is to set a disposition reviewer that will handle all labelled files that is scheduled for deletion. 
Configuring the retention label policy, which will specify the scope of our label or labels, this is the following step. Here, we'll go with static, but you could also choose adaptive if you wish to base the scope on organizational attributes. 

When we are using the static setting we basically define the scope from Microsoft 365 locations and not attributes as in the adaptive setting. 
The outcome of this configuration will be that all all files in SharePoint marked with our Retention label, will now be retained for seven years from when it was created. Then being sent to the Disposition Reviewer, who will decide whether the data needs to be removed at that point. While using the static setting, a recommendation is to label the parent directory so that all files inside will be labelled automatically.  

You will never have to manually manage and remove your data again if you use this solution. You can relax and let the DLM solution effectively manage everything in time.  

If this solution looks like something for your organization? Don’t hesitate to contact us at Onevinn. We will help you get everything in place and support your organization in the implementation of the Data Lifecycle Management solution.

Feel free to contact us for more information or fill out the form and we will contact you!