Planner: Local Custom Fields/Columns

🚨 The Signal: Planner now supports custom fields (text, number, date, yes/no, choice). This allows users to store more diverse data directly within Planner tasks, increasing the potential for sensitive information to reside in less controlled environments.

The Impact

All users are affected, as this feature increases the risk of sensitive data being stored in Planner without proper governance.

  • End users: May inadvertently store sensitive data in Planner, increasing data exposure risk.
  • Admins: Need to monitor and potentially restrict custom field usage to prevent data sprawl.
  • Security Team: Faces increased challenge in identifying and protecting sensitive data stored in Planner.
  • Compliance Officers: Must update data classification and retention policies to include Planner custom fields.

The Action

  1. Review existing data classification policies to include Planner custom fields.
  2. Communicate best practices for data storage in Planner to end-users.
  3. Explore Microsoft Purview Data Loss Prevention (DLP) policies for Planner (if available) to detect sensitive information in custom fields.
  4. Consider implementing sensitivity labels for Planner plans if the capability becomes available.

Domain: Other · Impact: medium · Workload: Other