Skip to main content

The role of metadata for greater compliance and security

Technical and pre-sales support, SharePoint administration.
Elissa Caligiuri
01 November 2019
The role of metadata for greater compliance and security

What is metadata, and why is it important?

Metadata is an integral component of modern enterprise content. In this four-part series we will explore why metadata is important and the benefit it can bring the organization and the end-user:

  1. Metadata is integral to a modern Enterprise Content Management system 
  2. How email plays an important role in the Enterprise Content Management system
  3. Leveraging Metadata for intelligent SharePoint solutions
  4. The role of metadata for greater compliance and security (Azure Information Protection - AIP) [This blog post]

As we have explored metadata has an important role in improving the end-user experience of SharePoint. Through the use of metadata, we can classify content so that it makes more sense when we are working with it, and also enhance the search experience for the end-user, which is an efficient option to find relevant content.

Metadata can be user-driven or it can be system driven - and I am sure we can all agree that system driven capturing of metadata is essential for any business. By taking advantage of the automated capturing of metadata organizations can have better compliance, business workflows, processes, and security and remove any additional onus on the end-user and also help create greater consistency.

This blog will explore the role of metadata for greater compliance and security and how auto-classification can help with workflows.

With the move to Modern SharePoint experience and a flat Information Architecture, compliance is now configured at the tenant level in the Security and Compliance Center (as opposed to the classic SharePoint experience, where it was configured at the site collection level). These policies can then be applied to specific sites (or site collections) and also be extended to other areas of Office 365 such as OneDrive and Outlook.

These policies can then be applied to specific sites (or site collections)

Sensitivity & Retention labels - Unified labels

Different documents across any organization have different requirements, regulations and internal policies associated with them. Some areas of the business such as finance may need to keep records for a defined amount of time while other documents such as in marketing might have different requirements.

Using unified labels the management of these policies can be simplified. As with AIP labels, the application for both sensitivity and retention labels can be user-driven or manually applied or they can be applied automatically if specific conditions are met.

Together, these are unified labels that are available in the Security & Compliance Centre, providing a central place to manage both sensitivity and retention labels.

Sensitivity labels: are used to apply encryption and protect content from being shared. For example, you can label a document as 'Confidential'.

Retention labels: allow you to apply rules around when content should be preserved for, or when content should be deleted.

Applying labels automatically can be beneficial as you do not need to train users on specific requirements, it can reduce administrative errors and removes the onus on individuals who may not be entirely familiar with governance policies.

SharePoint also allows you to set the policy at the document library, folder or document set level. This means that any document that is saved to these locations will inherit the retention label policy - truly removing the need for the end-user to apply this label.

For all items stored in SharePoint, whether they be emails or documents you can use retention labels to classify that piece of content as a record. Once an item is classified as a record it cannot be edited or deleted, giving the business confidence that this record will be maintained. Office 365 retention labels can be utilized to implement a records management strategy and in SharePoint, the record center can be applied.

Azure Information Protection

Azure Information Protection (AIP) is a cloud-based solution that assists with the classification and protection of documents and emails by applying labels to these items. Labels can be system driven - that is, applied by rules and conditions defined by administrators or applied manually by users.

Rules can be created based on types of information that reside within a document. For instance, a rule can be defined to detect credit card numbers.  When a document contains a credit card number and is saved AIP recommends that the document is saved with an appropriate classification so that it is protected.

This classification is useful and at times essential for other processes within the business to operate efficiently. These values can also be applied to emails and here, OnePlaceMail can extend this to automatically capture the classification and promote this value to a column in SharePoint - surfacing this for end-users so they can immediately see the classification of all emails stored in SharePoint and removing the need for the end-user to manually classify each email that is being stored.

If you took the opportunity to create AIP labels these can now also be migrated to the unified labeling in the Security and Compliance Center.


Workflows streamline and automate business processes that might be a routine procedure reducing administrative tasks for end-users. This is particularly useful for repetitive tasks such as approval processes, document reviews or document retention processes.

Workflows can be generated based on the metadata captured in SharePoint at the time of saving. For end-users, they have confidence that the work they are capturing and classifying into SharePoint will be made available to those who need to see it.

A simple workflow is to be alerted when a document is added to a specific library, in this instance the end-user does not have to repeatedly check to see if the document is ready for them.

Other workflows can be designed to ensure tasks or the status of a project is reviewed by the appropriate manager before proceeding or ensuring the payment of a customer is approved before being completed.


Classifying data at the time of saving to a central collaboration space can help not only in business processes and workflows but also with compliance. The tagging of a document helps the document to be discovered by end-users for day to day tasks but also assists with tracking important content, for wider business compliance. For example, by capturing documents associated with a customer - surfacing this later for audit purposes is a much simpler task. For purposes such as GDPR compliance, the requirement to be compliant with local and international guidelines means capturing true and accurate records has never been more important.

How OnePlace Solutions can help?

Products such as OnePlaceMail can help streamline these processes by capturing these important pieces of metadata not only on the user-driven side but also when system-driven or automated processes and workflows have been applied.

capturing these important pieces of metadata

Capture and classify emails to SharePoint, directly from Outlook

When an email is saved to SharePoint using OnePlaceMail - email attributes are automatically captured - this is an efficient technique for record management to ensure true and accurate records are available for all team members in a central location, including the capturing the original email date, recipient, subject and sender.

This is also applicable for attachments from emails as well as any working documents which can be captured and classified - for example, if a project document has been saved to SharePoint, one team member can associate a document with a colleague through the people/group column where a workflow can immediately be triggered, simplifying business processes and removing the hassle for workers to manually track through a document.

By providing users access to SharePoint in applications they spend their time working in we can ensure that this important metadata is captured, and data is retained and secure in a central location.

I hope this article highlights how metadata plays an integral role in greater compliance and security.

If you would like to learn more about how OnePlace Solutions can help you capture, classify and access metadata contact us.

Latest news & blogs

| Jessica Mckenzie | Blog

ESPC23 Unwrapped: Navigating the Future with Microsoft Innovations

Europe’s top Microsoft technologies conference, ESPC23 took place last week, and we were there, thrilled to be part of it!

This event delivers the opportunity to learn the most up-to-date practices, advice, and techniques from the finest Microsoft 365, SharePoint, Teams, Power Platform, and Azure experts globally, including Microsoft Product team members and independent community leaders, including Regional Directors (RDs), MVPs, and Microsoft Certified Masters (MCMs). Because of this, an extraordinary community of like-minded people converge!

Thank you to everyone who visited our booth during the event or the demo in the community area – it was great to meet old and new faces alike, and hear your feedback and ideas – it shapes our future, so stay tuned for what's to come! If you would like to continue the conversation, please contact us.

Here are key takeaways from ESPC23:

Microsoft 365 Co-Pilot – The Next Big Thing!

  • Co-Pilot emerged as a game-changer, but success hinges on quality data input
  • Ensure data is centrally stored and easily accessible to maximize Co-Pilot's capabilities
  • Data cleanliness is paramount – you get out what you put in! Prioritize accurate data for Co-Pilot effectiveness
  • Eliminate outdated or conflicting data to prevent confusion and enhance Co-Pilot's decision-making prowess

SharePoint Embedded Public Preview - Now Available

  • Explore a revolutionary way to build custom content apps for enterprises and ISVs with SharePoint Embedded, now available for public preview.
  • Learn more about this exciting development announced at ESPC23.

The New Microsoft Teams Client: Performance, Rollout, and Feature Parity

  • Since Microsoft announced the general availability of the new rebuilt Teams client in October, ESPC23 delved into discussions about performance enhancements, technical rollout, change management, and achieving feature parity with Teams classic.
  • Discover the ins and outs of the new Microsoft Teams client Introducing the new Microsoft Teams client – Teams | Microsoft Learn

In-Person Conferences: The Power of Connection and Networking

  • Despite the digital era, in-person conferences remain an invaluable way to connect and network.
  • A Microsoft MVP captured the sentiment: "This is the only time I see people in person; I'm now 100% remote. I feel like this is my chance to come to the office and talk with my fellow speakers."

To learn more and explore how we provide a streamlined and consistent approach way for people to engage with business systems built on Microsoft 365 for better information management and governance, contact us for a personalized demo.

| Jessica Mckenzie | Blog

ESPC23: Visit the top European Microsoft Conference

Join us at the top European Microsoft Conference, ESPC23 - where an extraordinary community converges to explore the latest innovations and trends in the realm of Microsoft technologies

| Jessica Mckenzie | Upcoming

ESPC23 Amsterdam

Join us for Europe’s top Microsoft technologies conference, ESPC23, 27th – 30th November 2023, in Amsterdam.

At ESPC, you will hear the latest expertise on Copilot, Microsoft Teams, AI, Azure, Microsoft Viva, Microsoft Graph, Microsoft Power Platform, Governance, CoE, SharePoint, Migrations, PowerShell.

Schedule a demo

See the OnePlace Solutions product suite in action and unlock the potential of your data by leveraging the SharePoint platform.

Try free

Download and try the full OnePlace Solutions product suite for Windows Desktop and Apps for Microsoft 365.

Contact us

We're here to help, so please don’t hesitate to get touch with any questions you may have.