Summary of governance, lifecycle, and compliance capabilities for Loop
As a Compliance Manager or IT administrator, it's crucial to stay up-to-date on the latest governance, data lifecycle, and compliance posture for the software solutions being used in your organization. This article details the capabilities available and not available yet for Microsoft Loop.
Loop Storage
Where Loop content is stored impacts the admin management, governance, data lifecycle, and compliance capabilities available. Microsoft Loop is built on top of SharePoint, OneDrive, and SharePoint Embedded, which means that most of these capabilities work just like existing files in your ecosystem. Because Loop pages and components are files, they can be managed in a familiar way, within your existing workflows. The table should help clarify how Loop content is stored in the Microsoft ecosystem.
Where the Loop content was originally created determines its storage location:
| Loop content originally created in | ️️️Loop content stored in SharePoint Embedded | Loop content stored in SharePoint Site | Loop content stored in User's OneDrive |
|---|---|---|---|
| Loop app | ✔️in Loop workspace | ||
| Teams channel meeting | ✔️in Channel folder | ||
| Teams channel | ✔️in Channel folder | ||
| Teams private chat | ✔️in Microsoft Teams Chat files folder | ||
| Teams private meeting | ✔️in Meetings folder | ||
| Outlook email message | ✔️in Attachments folder | ||
| OneNote for Windows or for the web | ✔️in OneNote Loop files folder | ||
| Whiteboard | ✔️in Whiteboard\Components folder | ||
| Word for the web (Preview only) | ✔️in Word Loop files folder |
Summary table of admin management, governance, lifecycle, and compliance capabilities based on where Loop content is stored
| Category | OneDrive or SharePoint | SharePoint Embedded |
|---|---|---|
This column applies to Loop content:
|
This column applies to Loop content:
|
|
| Foundations | --- | --- |
| Admin toggles | Admin Toggles exist to turn on or off creation of and live rendering of Loop components in the Microsoft 365 ecosystem. If you enable Loop components in the Microsoft 365 ecosystem via the primary toggle, there are additional separate toggles to turn on or off Loop components in Outlook or Teams chats and channels. There's also an additional toggle to turn on or off Loop components for collaborative meeting notes. Organizations with eCommunication regulations can choose to leave Loop components on across the Microsoft 365 ecosystem while using the independent toggles for communication tools during evaluation of Loop's data lifecycle, governance, and compliance capabilities. |
Admin Toggle exists to turn on or off creation of content stored in SharePoint Embedded. This includes controlling creation of Loop Ideas and creation of new workspaces. |
| GDPR | GDPR data subject requests can be serviced as part of the Microsoft Purview portal and Purview eDiscovery workflows | GDPR data subject requests can be serviced as part of the Microsoft Purview portal and Purview eDiscovery workflows |
| EUDB | EUDB compliant - What is the EU Data Boundary? | EUDB compliant - What is the EU Data Boundary? |
| Data Security, Devices | --- | --- |
| Intune | Basic Intune Device Management Support exists for Loop app on iOS and Android. | Basic Intune Device Management Support exists for Loop app on iOS and Android. |
| Conditional Access | Conditional Access is supported. See manual initialization for Microsoft Entra support. | Conditional Access supported. See manual initialization for Microsoft Entra support. |
| Information Barriers | Information Barriers are enforced. | Information Barriers are enforced. |
| Customer Key | Customer Lockbox is supported. | Customer Lockbox is supported. |
| Programmatic APIs for Loop content | Yes, they're files in OneDrive or SharePoint and all current functionality applies. | Not Yet Available: API access to Loop workspace containers isn't yet available. This impacts third party export and eDiscovery tools, migration tools, tools used to communicate in bulk to end-users about their content such as compliance requirements, and developer APIs. |
| Data Lifecycle | --- | --- |
| Multi-Geo | Multi-Geo capabilities are supported, including creation of .loop files in a user's OneDrive in the geo that matches the user's preferred data location and ability to move the user's OneDrive when their preferred data location changes. | Not Yet Available: Multi-Geo capabilities, including creation of .loop files in a user's Loop workspaces in the geo that matches the user's preferred data location, aren't yet supported. Multi-Geo rehome of Loop workspaces and contained .loop files as needed isn't yet supported. |
| User leaves organization | When a user leaves an organization, OneDrive retention policies apply to the .loop files in their OneDrive just as they do to other content created by the user. See Loop storage for more information. | Manage the lifetime of shared Loop workspaces like you would other collaboration artifacts, like SharePoint sites or Teams channels. |
| Loop workspaces | n/a | See Available and Admin Management not yet available. |
| Recycle bin | End user Recycle bin for deleted content is available. | End user Recycle bin for deleted content is available in each Loop workspace. Not Yet Available: End user Recycle bin for deleted Loop workspaces. |
| Version history | Version History export in Purview or via Graph API is available. | Version History export in Purview is available. Not Yet Available: Programmatic API access to Loop workspace containers isn't yet available. |
| Audit logs and events | Audit logs for all events: search and export Microsoft 365 service events for security and compliance investigations
|
Audit logs for all events: search and export Microsoft 365 service events for security and compliance investigations
|
| Audit log access | Audit logs are retained, can be exported, and can be streamed to third party tools | Audit logs are retained, can be exported, and can be streamed to third party tools |
| eDiscovery | --- | --- |
| Search and Collection | Microsoft Purview eDiscovery supports search and collection, review (premium only), and export (premium only) as HTML or original. You can also download and reupload the files to any OneDrive to view them in their native format. | Microsoft Purview eDiscovery supports search and collection, review (premium only), and export (premium only) as HTML or original. You can also download and reupload the files to any OneDrive to view them in their native format. |
| Export | Microsoft Graph API export support. | Not Yet Available: Programmatic API access to Loop workspace containers isn't yet available. |
| Legal Hold | Legal Hold support to ensure content isn't deleted (as related to litigation and security investigations) and stored in the Preservation Hold Library. | Legal Hold support to ensure content isn't deleted (as related to litigation and security investigations) and stored in the Preservation Hold Library. |
| Records Management | --- | --- |
| Retention policies | Retention policies are enforced. | Retention policies configured for all SharePoint sites are enforced on all Loop workspaces. Not Yet Available: Retention policies that can be overridden or set individually at the Loop workspace level aren't yet available. |
| Retention labels | Retention label support is available through OneDrive or SharePoint. | Not Yet Available: Retention label is supported, but an end-user configurable experience to view or update the retention label for on each page or component isn't yet available. |
| Data Classification | --- | --- |
| Information Protection | Sensitivity Labeling is available for all Loop pages and components. | Sensitivity Labeling is available for all Loop pages and components, and admin configurable for each Loop workspace via PowerShell. Not Yet Available: Sensitivity Labeling is configurable per Loop workspace by administrators, but not yet configurable in the Loop app by end users on each Loop workspace. |
| Data Loss Prevention | Data Loss Prevention (DLP) rules are enforced on content with end-user policy tip support. | Data Loss Prevention (DLP) rules are enforced on content with end-user policy tip support. |
Summary of governance, data lifecycle, and compliance capabilities not yet available
Available admin capabilities
For detailed information on existing capabilities in SharePoint Admin Center and PowerShell:
- Available: Manage SharePoint Embedded containers in SharePoint Admin Center
- Available: SharePoint Embedded container management in PowerShell
Not yet available
The following sections detail capabilities that are not yet available for Microsoft Loop to make it easier to evaluate the smaller list of capabilities your organization might require before using Microsoft Loop. As denoted in the summary table, the content applies to Loop workspaces only.
Programmatic APIs not yet available
- Programmatic APIs for Loop workspace content: API access to Loop workspace containers isn't yet available. These APIs are required in order to use third party tools for export and eDiscovery, migration, communicating in bulk to end-users about their content such as compliance requirements, and developer APIs.
Admin Management not yet available
- Multi-Geo rehome of Loop workspaces and all contained .loop files isn't available. All Loop workspaces are created in the tenant default geo.
- When users delete an entire Loop workspace, that Loop workspace isn't available in an end-user visible Recycle bin. Furthermore, restoring the Loop workspace using admin tooling doesn't update in the Loop app user experience. The user would need to visit a saved page link for a workspace that's restored in order to see it again.
- When an admin deletes a Loop workspace, it will not be removed from the user's view of Loop workspaces. When users click on the deleted Loop workspace, it displays an error.
- Individual controls for guest or external sharing of a specific Loop workspace isn't available.
- Get and set conditional access policy and block download policy tenant defaults are available. Individual controls per Loop workspace for these capabilities aren't available.
Records Management not yet available
- While Retention policies are enforced if configured at the all SharePoint site level, setting or overriding the all SharePoint sites Retention policy on an individual Loop workspace isn't yet available.
- Retention labels aren't yet available for Loop workspace content.
Data Classification not yet available
- Sensitivity Labeling can't be configured at the Loop workspace level within the Loop app. It can be set using PowerShell per Loop workspace and viewed in the SharePoint Embedded admin center.
Manually initializing Microsoft Loop app for Conditional Access management in Microsoft Entra
In order to select Microsoft Loop app from the cloud app target UX in the Microsoft Entra admin center: Protection | Conditional Access | Select what this policy applies to | select apps | Microsoft Loop, manual provisioning is required.
Connect to Microsoft 365 with PowerShell - Microsoft 365 Enterprise | Microsoft Learn
Copy the command, Paste into your PowerShell window's command line, and hit Enter to execute:
New-AzureADServicePrincipal -AccountEnabled $true -AppId a187e399-0c36-4b98-8f04-1edc167a0996 -AppRoleAssignmentRequired $false -DisplayName "Microsoft Loop app" -Tags {WindowsAzureActiveDirectoryIntegratedApp}
Managing Loop in your organization
By reviewing the above information, you can make an informed decision on whether Microsoft Loop is ready for use as a software solution in your organization. As always, we continue to update this and other documentation to provide the compliance status of Microsoft Loop to help you make the best decisions for your organization.
Related topics
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for