(Updated) Microsoft Loop – Departed User Content Workflows for User-Owned Loop workspaces

🚨 The Signal: Microsoft 365 will enable administrators to manage retention and deletion of user-owned Loop workspaces, including Copilot Pages, for departed users. This improves data governance and reduces data sprawl risk.

The Impact

Security teams and M365 admins are affected, gaining controls to mitigate data leakage and ensure compliance for departed user content.

  • Security Teams: Reduced risk of data sprawl from unmanaged Loop content.
  • M365 Admins: New capabilities to manage departed user Loop data.
  • Compliance Officers: Improved ability to meet data retention and deletion policies.
  • Legal Teams: Better defensibility for data discovery and legal holds.

The Action

  1. Review existing offboarding policies to incorporate Loop workspace retention and deletion.
  2. Familiarize with new Loop content management features upon release in the Microsoft 365 admin center.
  3. Develop a communication plan for relevant stakeholders regarding new Loop data management capabilities.
  4. Update data retention labels and policies in Microsoft Purview to include Loop content types.
  5. Train IT and security staff on the new workflows for managing departed user Loop data.

Domain: M365-Apps · Impact: medium · Workload: M365 Apps · Essential Eight: Regular Backups, Restrict Administrative Privileges · ISM: ISM-0445, ISM-1175, ISM-1380, ISM-1507, ISM-1508, ISM-1509, ISM-1511, ISM-1515, ISM-1647, ISM-1648, ISM-1650, ISM-1686, ISM-1688, ISM-1689, ISM-1705, ISM-1706, ISM-1707, ISM-1708, ISM-1810, ISM-1811, ISM-1812, ISM-1813, ISM-1814, ISM-1883, ISM-1897, ISM-1898