Unarguably, information is the bloodstream of any organisation and one of the most valuable assets that will define the organisation future and growth. More than ever before, we continue to regularly hear and discuss the importance of Information governance due to the following reasons:

  • Industry compliance and regulatory standards are getting more complex daily, and the requirements to comply with these regulations are getting more demanding and challenging. e.g. GDPR, Public Record Of Victoria (PRoV), etc.
  • People produce an extraordinary amount of information from different tools & services such as MS Teams, SharePoint, chat, email, etc. and information is scattered everywhere.
  • Staff save/store organisation critical data in different locations and even on their personal endpoints.
  • To make things worse, the COVID-19 pandemic has forced many employees to work from home, which flags the importance of information governance to comply with the organisation's requirements.

First, it is crucial to understand what is Information Governance. It is a strategic framework for managing information at the organisation level that will allow its staff to discover and access relevant information efficiently and effectively while complying with industry and organisation compliance and standards. Most organisations raise their concerns in information governance based on two categories: the first concern is Information Discovery, and the second concern is Information Management.

The following figure shows what I mean by these two concerns.

One of the biggest challenges of most organisations is that employees spend a considerable amount of time trying to find the required information. Even when they find the information, they lack confidence about the information accuracy and its validity. Another big complaint is related to employees searching through various data sources using multiple tools and services, leading to the employee being less productive and a drop in confidence about their organisation's data/information. Also, with the knowledge drain from people leaving the team or organisations, they face the huge challenge of losing expert knowledge with staff struggling to discover the required information. So, information discovery is one of the most important aspects of Information Governance.

Information management is the other important aspect of Information governance. Proper information management is the core to rich information discovery. Metadata (information about information) allow employees to discover information efficiently and accurately. Still, most organisations don't realise the importance of metadata data management, and organisations sometimes use manual metadata management processes. Another common mistake is that the organisation heavily depends on the end user to correctly classify and tag the information adding an extra burden on them to classify and tag information. This manual process puts pressure on users with little or no knowledge of how to classify and tag information accurately.

Also, users don't like to enter metadata whenever they upload a document, and they certainly aren't inclined to read through the lengthy documentation to identify the correct metadata to enter. As an alternative, some organisations have set up default metadata tags, but this will not help anymore as information differs from one document and leads to incorrect information tagging. All these challenges result in poor information governance.

Luckily, Microsoft 365 has introduced AI/ML-based automated information governance, allowing organisations to discover and manage information automatically with minimal user interaction. Let's see the holistic view of the Microsoft 365 AI and ML capabilities, which allows organisations to implement end to end automated information governance solutions. The Microsoft 365 information governance house has been built based on the three pillars as shown below.

AI-based Information Discovery

Microsoft Viva Topics

For the content discovery issue, Microsoft Viva Topics uses AI capabilities to help organisation staff to find content and experts related to the project/ topic the user working on. Viva Topics turns content into knowledge and automatically links users with relevant content such as projects, products, processes, etc., and expertise across organisational systems and teams.

When Microsoft Viva identifies topics, it automatically collects and curates related information by AI capabilities into Topic Page, enabling the organisation's experts to share knowledge about the topic. The knowledge experts can fine-tune and refine the topic through Topic pages so that AI can learn from the experts' inputs.

The topic page provides a comprehensive view of related topics.

  • Alternate Name
  • Definitions
  • Recommended and suggested people
  • Recommended and suggested content
  • Related sites and teams
  • Map of related topics

More importantly, Viva Topics integrate with Microsoft applications such as SharePoint and Microsoft search and Search in Word, PowerPoint, Outlook, and Excel. Topics highlights will be integrated into MS Teams, Outlook, and other Microsoft 365 applications which put knowledge/ content right at the user's fingertips.

AI/ ML based Auto classification

SharePoint Syntex

SharePoint Syntex is a Microsoft 365 service that uses advanced Artificial Intelligence (AI) and Machine learning (ML) to harness an organisation's expertise and content into knowledge. It works by allowing Machine Learning to understand, identify and provide intelligence to the content by extracting critical information from documents and adding appropriate tags automatically.

This allows an organisation to easily find and manage their business contents and convert them into knowledge at scale. It will enable them to streamline everyday business processes and tasks while reducing compliance and security risks by applying sensitivity and retention labels automatically.

SharePoint Syntex features provide the following:

  • Add intelligence to your documents.
  • Work on Structured, semi-structured, and structured forms and documents.
  • Extract key pieces of information and populate them as metadata.
  • Non-office documents such as PDF, PNG, JPG can also be tagged with retention and DLP label/policies.
  • Integrate with M365 compliance labels.
  • Enhance the searchability by adding metadata to the documents.
  • Automated information and security governance integrations.

The following figure shows how SharePoint Syntex can help to automate your Information governance.

Trainable Classifier

Microsoft provides another intelligent solution to accurately identify different categories of data using the power of machine learning and classify them at scale. This classification method is particularly well suited to content that isn't easily identified by either the manual or automated pattern matching techniques. This classification method is more about training a classifier to identify an item based on what the item is, not by elements in the item (pattern matching). A classifier learns how to identify a type of content by looking at hundreds of examples of the content you're interested in classifying.

Microsoft's built-in classifier is readily available for your use to detect and classify popular data categories, such as resumes and source code. Depending on your organisational requirements, you can create custom trainable classifies to identify different types of documents and classify them automatically.

Document classification and trainable classifiers also allow organisations to automate the record management and retention schedules by applying retention schedules and records policies at scale for business-critical information.

The following workflow shows the key steps to create a custom trainable classifier.


Compliance is more important than ever due to the nature of the modern work environment, remote work, regulatory requirements, and critical business policies. 

So, it is essential to ensure the organisation keeps only the correct information for the right period and then archive or dispose of it after the appropriate time frame. Also, it is critical businesses keep their important information without tampering with or editing as of original for the lifetime of the information for regulatory requirements.

Retention and Record Management Policy

Microsoft 365 provides a rich set of capabilities for organisations to manage and govern their information to ensure the business complies with the industry regulations. Microsoft Records Management provides you with greater depth in protecting and governing critical data.

With Records Management:

  • Documents are assigned a retention period, depending on their type, purpose, policy, and regulations.
  • Protect information from deleting to comply with business regulations.
  • Documents are kept only for a defined period and archive/ disposal automatically based on the organisation's policies.
  • The formal review process for disposal- now Microsoft supports multistage disposal approval process (disposition process- up to 5 stage).
  • Regulations and policy govern which documents are declared as records.
  • Documents may be immutable: while a record cannot modify, edited, or delete.
  • In-place record management – retained data and managed records where users collaborate to prevent productivity loss and reduce risk.
  • Record management labels can be applied based on location, such as SharePoint, OneDrive, Groups, Exchange, etc., and can auto-apply based on Information types such as sensitive information specific phrases/ words, trainable classifiers.
  • Event-based retention / records management will allow organisations to apply / tag documents automatically based on the different types of events such as: Employee leaves the organisation, End of the product life cycle, End of the contract, etc.

Data Loss Prevention Policies

Microsoft Data loss prevention (DLP) is an intelligent service part of the Microsoft 365 platform. With DLP policies, you can identify, monitor, and automatically protect sensitive information across Microsoft 365.
Data loss prevention policies can use sensitivity labels and sensitive information types to identify sensitive information and applies the policies you configure about what can and cannot be done with that data.
In Microsoft 365, you implement data loss prevention by defining and applying DLP policies to stop users from inappropriately sharing sensitive information with people who shouldn't have it. With a DLP policy, you can identify, monitor, and automatically protect sensitive items across:

  • Microsoft 365 services such as Teams, Exchange, SharePoint, and OneDrive.
  • Office applications such as Word, Excel, and PowerPoint.
  • Windows 10 endpoints (macOS in public preview).
  • Non-Microsoft cloud apps.
  • On-premises file shares and on-premises SharePoint.

Privacy Management

Due to the governments, industries, and other regulatory bodies rules and regulations, privacy management is one of the key priorities for organisations and consumers today, and concerns about how private data is handled. To stay compliant and follow best practices for privacy, organisations must address all challenges when managing the privacy data.

Microsoft has introduced a brand-new AI-based capability under the Microsoft 365 compliance umbrella, which will scan through the environment. It will discover and show how much personal data your organisation has and where it's stored so as an organisation, you can fix the most significant privacy risks. It also proactively identifies personal data and helps anyone working with personal data to make the right decisions by providing insight into organisational policy details, recommended actions, and links to privacy management training.

This allows organisations to identify critical privacy risks and conflicts, automate privacy operations, respond to the right requests and empower employees to make smart data handling decisions. Administrators get a comprehensive view of organisation privacy data, geographical location of the personal data resides or access, provide a drill down into each privacy data, associated risks and set up customisable policies that can be automated alerts on privacy incidents.

Microsoft 365 Privacy management provides tools to:

  • Proactively identify and protect against privacy risks such as data hoarding, data transfers, and data oversharing.
  • Gain visibility into the storage and movement of personal data.
  • Empower information workers to make smart decisions about handling this data.
  • Enable users to effectively manage data and take steps to comply with evolving privacy regulations.
  • Manage subject rights requests at scale.


Microsoft 365 provides the following pre-defined templates:

  • Data overexposure – secure overexposure data; Data overexposure policy detects any personal data shared publicly, companywide, or externally in SharePoint and OneDrive for business.
  • Data transfer – Prevent transfer across the departments or regional border; Data transfer policy detects any cross-region or cross-department personal data transfer activities.
  • Data minimisation – Find and delete unused personal data; detect any obsolete personal data that can be minimised in your organisation.
  • Custom - Use a guided process to customise a template with your settings.

In conclusion, Microsoft 365 provides AI/ML-based rich capabilities to automate organisational Information governance from end to end while maintaining users' productivity and helping implement a compliant workplace. Features like advanced e-Discovery, rich audit capabilities and in-depth reports allow admins to track and manage the environment peace of mind.