The new licensing guidance for Microsoft 365 security and compliance features is welcome, but as is probably inevitable, some inconsistencies exist that need to be probed and discussed, and hopefully resolved by Microsoft in the long run. Why do DLP policies for Teams need E5 licenses? Why does applying a default retention label to a SharePoint library need E5? There's lots to discuss about issues Microsoft should fix.
Office 365 classification labels dictate how workloads like SharePoint and Exchange retain content. Now you can control retention based on events like a contract completing or an employee leaving the business. Events start the retention clock and it’s a way to make sure that you keep material needed for the business for a predetermined interval after the event occurs.
Office 365 content searches can find all sorts of information, but they cannot decrypt protected files in SharePoint and OneDrive for Business sites. This prompts the question of how to deal with protected files exported by a search. As it turns out, the combination of a rights management superuser and some PowerShell makes short work of unprotecting files so that they can be read by all.
No one likes looking at a stream of audit events flowing by, especially when an Office 365 tenant generates so many events. Alert policies allow tenants to define patterns of activity that indicate suspicious or harmful behavior. There’s goodness here, as long as you have Office 365 E5 subscriptions.