Home > Manage Profiles for Microsoft 365 Groups > Configure Microsoft 365 Group Renewal Profiles
Export to PDFConfigure Microsoft 365 Group Renewal Profiles
A Microsoft 365 Group renewal profile enables a renewal process for users to periodically review and change group governance details when a group goes through the renewal process.
To access Renewal profiles, click the Renewal profiles card on the Profiles & templates page.
To define group renewal profiles, click Create > Group renewal profile > Microsoft 365 Group renewal profile on the ribbon to open the Create group renewal profile panel and configure the following settings:
Basic info
Configure the following basic settings:
-
Profile name – Enter a name for the group’s renewal profile.
-
Description – Enter an optional description for the group’s renewal profile.
-
Message to renewal task assignee – To customize the message that is shown to the renewal task assignee when they start the renewal process, complete the following steps:
-
Click the edit button of your desired languages.
-
In the Edit message panel, enter your desired message in the text box.
-
Click Save when you finish the configuration. The message will be shown to group renewal task assignees before they start to renew a group.
-
-
Default language – Select a default language for the message shown to the renewal task assignee. If a user’s Cloud Governance display language is not one of the enabled options, the message will be shown in the default language. Note that only the languages that are enabled as available languages can be selected as the default language.
-
Conditions to initiate renewal process – Turn on the toggle of one or both of the following options to define when and how to trigger a renewal process, and then define the corresponding settings:
-
Generate a renewal task when the group inactivity threshold reaches – Enter a number in the text box and select Days, Weeks, Months, or Years as the unit of time. When a group has no activities for your specified time, a group renewal task will be generated.
You can choose whether to Send a reminder email to the renewal task assignee before the inactivity threshold reaches. With the option enabled, select a reminder profile from the drop-down list.
-
Generate renewal tasks on schedule – Choose one of the following methods to configure the renewal schedule:
-
Configure a periodic renewal schedule – If you choose this method, configure the following settings:
-
Specify the start time of the renewal recurrence – Choose one of the following options to specify the renewal recurrence start time:
-
Group created time – The time when a group is created in Microsoft 365.
-
Specific time – Click the calendar button and select a specific date and time.
-
-
How often do you want the renewal process to initiate? – Click one of the options and configure the corresponding settings to define the recurrence of the renewal process as daily, weekly, or monthly.
-
-
Manually specify each renewal task generation time – If you choose this method, to manually specify the time to generate each renewal task, click Add renewal time, select a renewal task generation time in the Add renewal time panel, and then click Save.
NOTE-
You can add up to 12 unique renewal task generation times.
-
A group can only have one renewal process on the same day.
-
-
Generate the next renewal task based on the last renewal completion date – If you choose this method, configure the following settings:
-
Specify the start time of the renewal recurrence – Choose one of the following options to specify the renewal recurrence start time:
-
Group created time – The time when a group is created in Microsoft 365.
-
Specific time – Click the calendar button and select a specific date and time.
-
-
How often do you want the renewal process to initiate? – Enter a number in the text box and select Days, Weeks, Months, or Years from the drop-down list to define the renewal recurrence. When the group renewal task is completed, after your specified renewal recurrence interval, the next renewal task will be generated.
For example, if you configure the recurrence as Every 10 Day(s) after the last renewal completion date, and the last renewal completion time is 2022-09-15, then the next renewal date will be 2022-09-25.
-
-
-
When you complete the configurations, click Next and go to configure settings on the next page.
Renewal details
Configure the following group renewal details:
-
Renewal options – Choose what information will be displayed to the renewal task assignee for review and update, and then configure the corresponding settings:
For the information renewal, you can choose whether to Show guidance to renewal task assignee when renewal task assignees process the renewal. If you want to show guidance, select a guidance profile from the drop-down list. You can click View profile details to view the details of the selected guidance profile. You can also click the create button to create a new profile. For more information about how to create a guidance profile, refer to Configure Guidance Profiles. To retrieve the latest guidance profiles that are available, you can click the refresh button.
-
Contact renewal – Allows renewal task assignees to review and modify primary and secondary group contacts.
-
People picker filter profile for primary contact – Select a people picker filter profile from the drop-down list, which will be applied to the primary group contact people picker fields in renewal tasks. The profile will determine what users are available in the people picker fields when adding group contacts, including search results.
You can click View profile details to view the details of the selected people picker filter profile. You can also click the create button to create a new profile. For more information about how to create a people picker filter profile, refer to Configure People Picker Filter Profiles.
To retrieve the latest people picker filter profiles that are available, you can click the refresh button.
-
People picker filter profile for secondary contact – Select a people picker filter profile from the drop-down list, which will be applied to the secondary group contact people picker fields in the renewal task. The profile will determine what users are available in the people picker fields, including search results, for example, who can be specified as the secondary contact.
You can click View profile details to view the details of the selected people picker filter profile. You can also click the createbutton to create a new profile. For more information about how to create a people picker filter profile, refer to Configure People Picker Filter Profiles.
To retrieve the latest people picker filter profiles that are available, you can click the refresh button.
-
Choose whether to Require the task assignee to assign a secondary contact. If you enable the setting, a secondary contact is required in the contact renewal.
-
Choose whether to Notify the newly assigned contacts when renewal task assignees specify the new contacts. If you enable the notification, select an email template for the notification email sent to the new primary or secondary contact.
-
-
Sensitivity label renewal – Allows renewal task assignees to review and modify the group sensitivity label. With this option enabled, select the sensitivity labels that the task assignees can choose to change to during the renewal process.
NOTETo renew the sensitivity label, make sure you have completed the following configurations. Otherwise, the sensitivity labels cannot be loaded, or errors may occur in the renewal process.
-
Enable sensitivity label for specified tenants in System settings > Sensitivity labels.
-
Configure the Cloud Governance for Exchange app and assign it the compliance admin role to allow Cloud Governance to retrieve external user access and external sharing settings of sensitivity labels.
-
-
Membership renewal – Allows renewal task assignees to review and modify group membership. You can choose to allow task assignees to Only renew external users, or you can choose from the following membership types that the renewal task assignee can review:
-
Group owners – Allows renewal task assignees to review and modify group owners. You can choose whether to Allow the renewal task assignee to add owners. If you enable this option, the renewal task assignee can add owners to the group during the renewal process.
Then, select a people picker filter profile from the drop-down list, which will be applied to the group owner people picker fields in renewal tasks. The profile will determine what users are available in the people picker fields when adding group owners, including search results.
You can click View profile details to view the details of the selected people picker filter profile. You can also click the create button to create a new profile. For more information about how to create a people picker filter profile, refer to Configure People Picker Filter Profiles.
To retrieve the latest people picker filter profiles that are available, you can click the refresh button.
-
Group members – Allows renewal task assignees to review and modify group members. You can choose whether to Allow the renewal task assignee to add members. If you enable this option, the renewal task assignee can add members to the group during the renewal process.
Then, select a people picker filter profile from the drop-down list, which will be applied to the group member people picker fields in renewal tasks. The profile will determine what users are available in the people picker fields when adding group members, including search results.
You can click View profile details to view the details of the selected people picker filter profile. You can also click the create button to create a new profile. For more information about how to create a people picker filter profile, refer to Configure People Picker Filter Profiles.
To retrieve the latest people picker filter profiles that are available, you can click the refresh button.
-
-
Permission renewal – Allows renewal task assignees to review and modify SharePoint group permissions to the corresponding Microsoft 365 Group team site. To enable the permission renewal, make sure the renewal permission index has been enabled for your tenant in Settings > System settings > Renewal permission index in the Cloud Governance admin center.
-
You can choose to allow the renewal task assignee to Only renew external users, Renew site permissions and unique permissions, or Renew objects matching specific risk information.
If you allow the renewal task assignee to Renew site permissions and unique permissions, you can choose to use Object based view or User based view for permission renewal.
If you allow the renewal task assignee to Renew objects matching specific risk information, you need to choose the options below to define which objects get their permissions renewed:
NOTEA subscription to Insights is required to utilize this option effectively.
-
Sensitivity level – Select the sensitivity of the object.
-
Exposure level – Choose how widely the object is shared.
When the Object based view or Renew objects matching specific risk information option is selected, the following options are available:
-
Allow the renewal task assignee to grant users SharePoint permissions – With the option enabled, select a people picker filter profile from the drop-down list to limit the people picker fields in the renewal task in the Cloud Governance Portal. The profile will determine what users are available in the people picker fields when granting user permissions.
You can click View profile details to view the details of the selected people picker filter profile. You can also click the create button to create a new profile. For more information about how to create a people picker filter profile, refer to Configure People Picker Filter Profiles.
To retrieve the latest people picker filter profiles that are available, you can click the refresh button.
-
Allow the renewal task assignee to delete unique permissions – Choose whether to allow the renewal task assignee to delete unique permissions of objects in the site and inherit permissions from parents. Once unique permissions are removed, any sharing links of objects will be deleted.
-
-
Choose whether to Exclude specified permission levels from the renewal process. With the option enabled, select your desired permission levels, and your selected permission levels will not be available during the renewal process. You can also choose whether to hide the objects with the excluded permissions by choosing Yes or No.
-
Choose whether to Exclude site admins from the permission renewal process. With the option enabled, site admins will be excluded from the permission renewal process to prevent accidental removal by the task assignees.
-
-
Site admin renewal – Allows renewal task assignees to review and modify site admins of group team sites.
-
Primary site admin – Allow renewal task assignees to review the primary site admin. You can choose whether to Allow the renewal task assignee to change primary site admin. Then, select a people picker filter profile from the drop-down list, which will be applied to the primary site admin people picker fields in renewal tasks. The profile will determine what users are available in the people picker fields to be assigned as the primary site admin, including search results.
You can click View profile details to view the details of the selected people picker filter profile. You can also click the create button to create a new profile. For more information about how to create a people picker filter profile, refer to Configure People Picker Filter Profiles.
To retrieve the latest people picker filter profiles that are available, you can click the refresh button.
-
Additional site admins – Allow renewal task assignees to review and remove additional site admins. You can choose whether to Allow the renewal task assignee to add additional site admins. Then, select a people picker filter profile from the drop-down list, which will be applied to the additional site admin people picker fields in renewal tasks. The profile will determine what users and groups are available in the people picker fields to be added as additional site admins, including search results.
NOTEGuest users cannot be added as additional site admins by default unless the guest filter is enabled in the people picker profile. Once enabled, available guest users can be added as additional site admins.
You can click View profile details to view the details of the selected people picker filter profile. You can also click the create button to create a new profile. For more information about how to create a people picker filter profile, refer to Configure People Picker Filter Profiles.
To retrieve the latest people picker filter profiles that are available, you can click the refresh button.
-
Choose whether to Exclude the following users or groups from the site admin renewal process. With the option enabled, specify users or groups to exclude from the site admin renewal process. These users or groups will be excluded from the renewal process and cannot be added as site admins.
-
-
Sharing link renewal – Allows renewal task assignees to review and manage the links that have been shared with users or groups.
NOTEMake sure the renewal permission index has been enabled for your tenant in Settings > System settings > Renewal permission index in the Cloud Governance admin center.
-
Metadata renewal – Allows renewal task assignees to review and modify the values of group metadata. With this option enabled, choose the renewal type and complete the corresponding configurations:
-
Manual – In this renewal type, you can define a list of metadata for renewal task assignees to review and update. Click Add, select metadata that will be available to renewal task assignees in the Add metadata panel, and then click Add to list. You can also click the edit button in the Action column to modify the value of the added metadata.
-
Dynamic – In this renewal type, select a dynamic metadata profile from the drop-down list and the metadata will be loaded based on the conditions or branches defined in the profile.
-
-
-
Recommended renewal actions – Configure the additional renewal actions that you recommend the renewal task assignees to perform when they complete the group renewal tasks.
-
Minimum amount of owners required – Specify the minimum amount of owners required in the group. The renewal task assignees need to add owners during the group renewal process based on your specified amount.
-
Remove users who have been blocked from signing in Microsoft Entra
-
Remove all direct guest user access to high risk content
AvePoint Cloud Governance integrates with AvePoint Insights to retrieve data and information for the renewal process. The risk level is defined by Insights, and the table below illustrates the risk level calculation based on the sensitivity level and exposure level:
Sensitivity Level/Exposure Level High Medium Low High High Risk High Risk Medium Risk Medium High Risk Medium Risk Low Risk Low Medium Risk Low Risk Low Risk N/A N/A N/A N/A -
With a subscription to Insights, you can customize the sensitivity and exposure definitions. For more instructions, you can refer to Risk Definition Administration.
-
Without the subscription to Insights, default settings of sensitivity and exposure definitions provided by Insights will be used and cannot be customized. For more information, you can refer to Default Settings of Sensitivity and Exposure Definitions provided by Insights.
-
-
Remove all user permissions except default permissions granted to owners and members
-
Remove sharing links with external user access
-
-
Lifecycle management actions – Choose whether to allow the renewal task assignee to delete or limit access to a group during the renewal process.
-
Allow the renewal task assignee to delete a group
-
Allow the renewal task assignee to limit access to a group – With the option enabled, select the Microsoft 365 Group limit access profiles that renewal task assignees can apply to the Microsoft 365 Group while limiting access to groups.
You can click Create to create a new Microsoft 365 Group limit access profile. For more information about how to create a Microsoft 365 Group limit access profile, refer to Configure Microsoft 365 Group Limit Access Profiles.
In the Microsoft 365 Group limit access profile field, select a Microsoft 365 Group limit access profile as the default profile to apply to the limited-access group. Then, you can choose one of the following options to determine how to set the Microsoft 365 Group limit access profile:
-
Require business users to configure this field – Business users are required to select a Microsoft 365 Group limit access profile when they limit access to the group.
-
Show this field as read-only to business users – Your selected Microsoft 365 Group limit access profile will be applied, and business users are not allowed to change the Microsoft 365 Group limit access profile.
-
Hide this field from business users – Your selected Microsoft 365 Group limit access profile will be applied, and this information will be hidden from business users in the renewal process.
Choose whether to Microsoft 365 Archive the group team site when the renewal task assignee limits access to a group.
NOTEThis option is only available when the Microsoft 365 Archive services is enabled in your Microsoft 365 admin center and you are using the commercial environment.
-
-
Allow the renewal task assignee to Opus Archive a group – With the option enabled, select the Microsoft 365 Group limit access profiles that renewal task assignees can apply to the Microsoft 365 Group while Opus Archiving the groups.
You can click Create to create a new Microsoft 365 Group limit access profile. For more information about how to create a Microsoft 365 Group limit access profile, refer to Configure Microsoft 365 Group Limit Access Profiles.
In the Microsoft 365 Group limit access profile field, select a Microsoft 365 Group limit access profile as the default profile to apply to the group. Then, you can choose one of the following options to determine how to set the Microsoft 365 Group limit access profile:
-
Require business users to configure this field – Business users are required to select a Microsoft 365 Group limit access profile when they Opus Archive the group.
-
Show this field as read-only to business users – Your selected Microsoft 365 Group limit access profile will be applied, and business users are not allowed to change the Microsoft 365 Group limit access profile.
-
Hide this field from business users – Your selected Microsoft 365 Group limit access profile will be applied, and this information will be hidden from business users in the renewal process.
-
Once you set an approval process in the renewal profile, the deletion or limit access task will go through the approval process. The group will not be deleted or limited access until the task is approved. If you want to set a different approval process for the deletion or limit access action, you can select the Go through a specific approval process checkbox and select an approval process. The group deletion or limited access will go through this approval process.
-
When you complete the configurations, click Next and go to configure settings on the next page.
Advanced settings
Configure the following advanced settings for group renewal:
-
Assignment and duration – Select a stage profile from the drop-down list to define the assignment and duration of different stages that will be applied in the group renewal task.
You can click View profile details to view the details of the selected stage profile. You can also click the create button to create a new profile. For more information about how to create a stage profile for Microsoft 365 Groups, refer to Configure Stage Profiles.
Choose whether to Notify the assignees when the task is submitted by another assignee. With this option selected, select an email template from the drop-down list.
-
Escalation – Choose whether to Enable an escalation for an overdue renewal task. With the option enabled, select a group automated escalation profile from the drop-down list.
-
Approval process – Choose whether to Require approval before submitted renewal task changes take effect. With the option enabled, select an approval process from the drop-down list. The approver will need to approve the submitted group renewal task, and they can export the renewal audit report to view the detailed renewal changes before they approve or reject the task.
-
Administrator contact – Configure the renewal process administrator contact and relevant email notification:
-
Administrator contact – Add a user or group (Microsoft 365 Group, security group, distribution group, or mail-enabled security group) to be the administrator contact. This should be an administrator who is responsible for the successful completion of the renewal process.
-
Notification email template for renewal exception – Select a renewal exception notification email template from the drop-down list. If the renewal process encounters an exception, the administrator contact will receive a notification email.
-
-
Click Save to save all your configurations.