A preservation lock is Microsoft 365’s functionality designed to provide an exceptional level of protection for your retained content. When you activate a preservation lock on a retention policy or a retention label, it prevents anyone, including those with administrative privileges, from disabling, changing, or deleting the policy. This assurance guarantees that all content specified within the policy will be preserved for the stipulated duration.
Configuring a Preservation Lock
There are three main phases involved in the configuration of a preservation lock:
- Creating a retention policy or retention label
- Setting the preservation lock
- Activating the preservation lock
However, it’s crucial to note that once a preservation lock is activated, it’s irreversible and the policy settings cannot be changed.
Creating a Retention Policy or Retention Label
Creating a retention or label policy involves defining the properties of the policy, including retention settings, conditions, and actions to be taken after the retention period. To create a new policy, navigate to the Microsoft 365 compliance center, decide on what you want to retain, and set the retention conditions.
For example:
Go to ‘Microsoft 365 compliance center’ > ‘Information governance’ > ‘Retention’.
Click ‘+ Create’ and choose between a retention policy or retention label.
Fill in the necessary policy details.
Setting the Preservation Lock
After your retention policy or retention label is in place, the next step is to set the preservation lock. This step is done via PowerShell.
For instance:
// Connect to Security & Compliance Center PowerShell
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session
// Set the preservation lock
Set-RetentionCompliancePolicy -Identity "YourPolicyName" -RestrictiveRetention
Activating the Preservation Lock
The last phase of configuring a preservation lock is activating it. To activate a lock, execute the command `Set-RetentionCompliancePolicy` once more, followed by the parameter `-Locked`.
Just as you did while setting the lock:
// Activate the preservation lock
Set-RetentionCompliancePolicy -Identity "YourPolicyName" -Locked $true
Conclusion
The importance of preservation locks cannot be overstated, especially in today’s data-driven business models where data integrity and compliance are paramount. Remember that any adjustments after activating the preservation lock are impossible, so consider carefully before taking this step. However, seasoned Microsoft Information Protection Administrators will find this a viable method of safeguarding their business’s sensitive data.
Also, mastering the technicalities around preservation locks will prove beneficial not only for the SC-400 exam but also in future roles as a Microsoft Information Protection Administrator.
Practice Test
True or False: Preservation locks can be configured to ensure a policy cannot be turned off or made less restrictive.
- True
- False
Answer: True.
Explanation: Once a preservation lock is activated, the preservation policy cannot be turned off. This ensures that data under preservation remains in the system until the preservation period expires.
Which of the following best describes a preservation lock?
- a) It’s a feature that allows you to quickly delete all preserved content.
- b) It’s a feature that prevents data from being modified or deleted.
- c) It’s a feature that allows you to stop policies.
- d) It’s a feature that enhances the performance of preservation policies.
Answer: b) It’s a feature that prevents data from being modified or deleted.
Explanation: A preservation lock is used to prevent the modification or deletion of data in a preservation policy, ensuring compliance with regulations and policies.
True or False: Preservation lock can be removed after it has been implemented.
- True
- False
Answer: False.
Explanation: After a preservation lock has been implemented, it cannot be removed or unlocked.
Which of the following steps is NOT involved in configuring a preservation lock?
- a) Enabling the policy.
- b) Setting the preservation period.
- c) Unlocking the preservation lock.
- d) Activating the preservation lock.
Answer: c) Unlocking the preservation lock.
Explanation: Unlocking a preservation lock is not an available option, once activated, a preservation lock can’t be removed or unlocked.
True or False: Preservation lock ensures that a policy is expanded to include new content sources.
- True
- False
Answer: False.
Explanation: Preservation lock cannot expand the policy to include new content sources; it ensures that the policy remains intact and prevents it from being turned off or made less restrictive.
Once the preservation lock is activated, you can increase or decrease the duration of the preservation period.
- True
- False
Answer: False.
Explanation: Once the preservation lock is activated, you cannot decrease the duration of the preservation period, however, you can extend it.
Which of the following options correctly describes why preservation locks are important?
- a) To randomly delete data.
- b) To ensure policies are made less restrictive.
- c) To meet regulatory or compliance needs.
- d) To enhance system performance.
Answer: c) To meet regulatory or compliance needs.
Explanation: Preservation locks are particularly important for organizations that need to adhere to regulatory or compliance requirements as it helps to ensure data is not modified or deleted.
True or False: Using preservation locks, you can minimize the storage usage by automatically deleting old data.
- True
- False
Answer: False.
Explanation: Preservation locks are not used to minimize storage usage. They are rather used to prevent data subject to the policy from being deleted.
You can change a preservation policy to be more restrictive when preservation lock is activated.
- True
- False
Answer: True.
Explanation: When a preservation lock is in place, you can increase the scope of a policy or make it more restrictive, but not less restrictive.
Preservation locks are used to…
- a) Improve system performance.
- b) Increase storage capacity.
- c) Preserve data indefinitely.
- d) Automate system updates.
Answer: c) Preserve data indefinitely.
Explanation: A preservation lock, once applied, helps in preserving the data for an indefinite period or until the preservation period expires, thus ensuring compliance with various regulations.
Interview Questions
What is the purpose of a preservation lock in Microsoft 365 Compliance?
A preservation lock is designed to ensure that no one can change or undermine the retention settings once the lock has been activated. It is used to comply with regulations that require data to be retained and not modified.
Can you remove a preservation lock once it has been applied?
No, once a preservation lock has been applied to a retention policy, it cannot be removed. This helps to ensure the integrity and immutability of retained data.
What are the potential risks of applying a preservation lock?
The potential risks include locking in settings that may cause data to be retained for longer than necessary, and accidentally applying a preservation lock which cannot be removed later.
What permissions are required to configure a preservation lock?
To configure a preservation lock, you must have the ‘Retention Management’ role assigned in the Microsoft 365 Compliance Center.
Can a preservation lock be applied to both retention and deletion policies?
Yes, a preservation lock can be applied to both retention policies and deletion policies.
Can you change a retention policy after a preservation lock has been applied?
You can only add content to the retention policy but cannot remove or change the settings of the data that is already included.
Where in Microsoft 365 can you configure a preservation lock?
A preservation lock can be configured from the Microsoft 365 compliance center.
Can the duration of a retention policy be changed after a preservation lock?
No, once a preservation lock is in place, the duration of the retention period cannot be reduced, only extended.
When should you consider using a preservation lock?
You should consider using a preservation lock when your organization has strict legal and regulatory requirements that mandate the retention of information.
What happens if you try to delete a retention policy that has preservation lock enabled?
If a retention policy has a preservation lock enabled, it cannot be deleted. This maintains data integrity and complies with data retention regulations.
How does a preservation lock affect eDiscovery in Microsoft 365?
A preservation lock ensures that relevant data will always be available for eDiscovery, as the data matching the policy cannot be permanently deleted until the retention period has passed.
Is there a way to bypass a preservation lock?
No, once activated, a preservation lock cannot be bypassed or removed.
Does a preservation lock impact the performance of Microsoft 365 services?
No, a preservation lock does not impact the performance of Microsoft 365 services.
Can a preservation lock be applied to both SharePoint and Exchange data?
Yes, a preservation lock can be applied to both SharePoint data and Exchange mailboxes.
Can a user delete a document under a preservation lock?
Yes, a user can delete a document, but the data will be maintained by the system in a hidden folder until the preservation period ends.
extutorials.com