AvePoint Learn
Request article
Contact support
Request article
Contact support
English

Home > Manage Profiles for Microsoft Entra Groups > Configure Microsoft Entra Group Renewal Profiles

Export to PDF

Configure Microsoft Entra Group Renewal Profiles

A Microsoft Entra group renewal profile enables a renewal process for users to periodically review and change governance details of distribution groups, security groups, or mail-enabled security groups when they go through the renewal process.

To access Renewal profiles, click the Renewal profiles card on the Profiles & templates page.

To define Microsoft Entra group renewal profiles, click Create > Group renewal profile > Microsoft Entra group renewal profile on the ribbon to open the Create Microsoft Entra group renewal profile panel and configure the following settings:

Basic info

Configure the following basic settings:

  1. Profile name – Enter a name for the Microsoft Entra group renewal profile.

  2. Description – Enter an optional description for the Microsoft Entra group renewal profile.

  3. Message to renewal task assignee – To customize the message that is shown to the renewal task assignee when they start the renewal process, complete the following steps:

    1. Click the edit button of your desired languages.

    2. In the Edit message panel, enter your desired message in the text box.

    3. Click Save when you finish the configuration. The message will be shown to the Microsoft Entra group renewal task assignee before they start to renew a group.

  4. Default language – Select a default language for the message shown to the renewal task assignee. If a user's Cloud Governance display language is not one of the enabled options, the message will be shown in the default language. Note that only the languages that are enabled as available languages can be selected as the default language.

  5. Conditions to initiate renewal process – Turn on the Generate renewal tasks on schedule toggle and define when and how to trigger a renewal process, and then choose one of the following methods to configure the renewal schedule:

    • Configure a periodic renewal schedule – If you choose this method, configure the following settings:

      • Specify the start time of the renewal recurrence – Choose one of the following options to specify the renewal recurrence start time:

        • Microsoft Entra group created time – The time when a group is created.

        • Specific time – Click the calendar button and select a specific date and time.

      • How often do you want the renewal process to initiate? – Click one of the options and configure the corresponding settings to define the recurrence of the renewal process as daily, weekly, or monthly.

    • Manually specify each renewal task generation time – If you choose this method, to manually specify the time to generate each renewal task, click Add renewal time, select a renewal task generation time in the Add renewal time panel, and then click Save.

      NOTE

      You can add up to 12 unique renewal task generation times.

    • Generate the next renewal task based on the last renewal completion date – If you choose this method, configure the following settings:

      • Specify the start time of the renewal recurrence – Choose one of the following options to specify the renewal recurrence start time:

        • Microsoft Entra group created time – The time when a group is created.

        • Specific time – Click the calendar button and select a specific date and time.

      • How often do you want the renewal process to initiate? – Enter a number in the text box and select Days, Weeks, Months, or Years from the drop-down list to define the renewal recurrence. When the Microsoft Entra group renewal task is completed, after your specified renewal recurrence interval, the next renewal task will be generated.

      For example, if you configure the recurrence as Every 10 Day(s) after the last renewal completion date, and the last renewal completion time is 2023-09-15, then the next renewal date will be 2023-09-25.

When you complete the configurations, click Next and go to configure settings on the next page.

Renewal details

Configure the following Microsoft Entra group renewal details:

  1. Renewal options – Choose what information will be displayed to the renewal task assignee for review and update, and then configure the corresponding settings:

    For the information renewal, you can choose whether to Show guidance to renewal task assignee when renewal task assignees process the renewal. If you want to show guidance, select a guidance profile from the drop-down list. You can click View profile details to view the details of the selected guidance profile. You can also click the create button to create a new profile. For more information about how to create a guidance profile, refer to Configure Guidance Profiles. To retrieve the latest guidance profiles that are available, you can click the refresh button.

    • Contact renewal – Allows renewal task assignees to review and modify primary and secondary group contacts.

      • People picker filter profile for primary contact – Select a people picker filter profile from the drop-down list, which will be applied to the primary group contact people picker fields in the renewal task. The profile will determine what users are available in the people picker fields, including search results, for example, who can be specified as the primary contact.

        You can click View profile details to view the details of the selected people picker filter profile. You can also click the create button to create a new profile. For more information about how to create a people picker filter profile, refer to Configure People Picker Filter Profiles.

        To retrieve the latest people picker filter profiles that are available, you can click the refresh button.

      • People picker filter profile for secondary contact – Select a people picker filter profile from the drop-down list, which will be applied to the secondary group contact people picker fields in the renewal task. The profile will determine what users are available in the people picker fields, including search results, for example, who can be specified as the secondary contact.

        You can click View profile details to view the details of the selected people picker filter profile. You can also click the create button to create a new profile. For more information about how to create a people picker filter profile, refer to Configure People Picker Filter Profiles..

        To retrieve the latest people picker filter profiles that are available, you can click the refresh button.

      • Choose whether to Require the task assignee to assign a secondary contact. If you enable the setting, a secondary contact is required in the contact renewal.

      • Choose whether to Notify the newly assigned contacts when renewal task assignees specify the new contacts. If you enable the notification, select an email template for the notification email sent to the new primary or secondary contact.

    • Membership renewal – Allows renewal task assignees to review and modify group membership. You can choose to allow task assignees to Only renew external users, or you can choose from the following membership types that the renewal task assignee can review:

      NOTE

      To manage hybrid group membership properly, ensure that the agent is configured in AvePoint Online Services > Management > Agent management. If the agent is not configured, the membership renewal step will be hidden from end users since data cannot be retrieved.

      • Microsoft Entra group owners – Allows renewal task assignees to review and modify group owners. You can choose whether to Allow the renewal task assignee to add owners. If you enable this option, the renewal task assignee can add owners to the group during the renewal process.

        Then, select a people picker filter profile from the drop-down list, which will be applied to the group owner people picker fields in renewal tasks. The profile will determine what users are available in the people picker fields when adding group owners, including search results. Note that the profile will not take effect on hybrid Exchange groups.

        You can click View profile details to view the details of the selected people picker filter profile. You can also click the create button to create a new profile. For more information about how to create a people picker filter profile, refer to Configure People Picker Filter Profiles.

        To retrieve the latest people picker filter profiles that are available, you can click the refresh button.

      • Microsoft Entra group members – Allows renewal task assignees to review and modify group members. You can choose whether to Allow the renewal task assignee to add members. If you enable this option, the renewal task assignee can add members to the group during the renewal process.

        Then, select a people picker filter profile from the drop-down list, which will be applied to the group member people picker fields in renewal tasks. The profile will determine what users are available in the people picker fields when adding group members, including search results. Note that the profile will not take effect on hybrid Exchange groups.

        You can click View profile details to view the details of the selected people picker filter profile. You can also click the create button to create a new profile. For more information about how to create a people picker filter profile, refer to Configure People Picker Filter Profiles.

        To retrieve the latest people picker filter profiles that are available, you can click the refresh button.

    • Metadata renewal – Allows renewal task assignees to review and modify the values of group metadata. With this option enabled, choose the renewal type and complete the corresponding configurations:

      • Manual – In this renewal type, you can define a list of metadata for renewal task assignees to review and update. Click Add, select metadata that will be available to renewal task assignees in the Add metadata panel, and then click Add to list. You can also click the edit button in the Action column to modify the value of the added metadata.

      • Dynamic – In this renewal type, select a dynamic metadata profile from the drop-down list and the metadata will be loaded based on the conditions or branches defined in the profile.

    • Recommended renewal actions – Configure the additional renewal actions that you recommend the renewal task assignees perform when they complete the Microsoft Entra group renewal tasks.

    • Minimum amount of owners required – Specify the minimum amount of owners required in the group. The renewal task assignees need to add or remove owners during the group renewal process based on your specified amount.

    • Remove users who have been blocked from signing in Microsoft Entra

  2. Lifecycle management actions – Choose whether to Allow the renewal task assignee to delete a Microsoft Entra group.

When you complete the configurations, click Next and go to configure settings on the next page.

Advanced settings

Configure the following advanced settings for Microsoft Entra group renewal:

  • Assignment and duration – Configure the following settings for the group renewal task assignment and duration:

    • What user will be responsible for completing the renewal task? – Add users, groups (Microsoft 365 Groups, distribution groups, security groups, or mail-enabled security groups), or enter $ to select user roles who will be responsible for the renewal task.

    • Choose whether to Allow renewal task assignees to reassign the renewal task to other users.

    • Choose whether to Allow renewal task assignees to state they are not responsible and are unsure who is responsible to complete the renewal process.

    • Notification email template for the assigned renewal task – Select an email template for the notification email to notify the task assignees when the renewal task is assigned to them.

    • Duration – To define the duration for the renewal task assignee to complete the renewal process, enter a number in the text box, and then select Days, Weeks, Months, or Years as the unit of time. The renewal task will be overdue if the task assignee doesn’t complete the task within your specified amount of time.

      When a renewal task is overdue, the renewal task will also be assigned to the administrator contact of the renewal process, and the task assignee can still process the renewal task.

    • Notification email template for an overdue renewal task – Select an email template for the notification email to notify the task assignee and the administrator contact when the renewal task is overdue.

    • Choose whether to Send a reminder email to the renewal task assignees before each renewal process is overdue. With the option enabled, select a reminder profile from the drop-down list.

  • Escalation – Choose whether to Enable an escalation for an overdue renewal task. With the option enabled, select a Microsoft Entra group automated escalation profile from the drop-down list.

    You can click View profile details to view the details of the selected automated escalation profile. You can also click the create button to create a new profile. For more information about how to create an automated escalation profile for Microsoft Entra groups, refer to Configure Automated Escalation Profiles for Microsoft Entra Groups.

  • Approval process – Choose whether to Require approval before submitted renewal task changes take effect. With the option enabled, select an approval process from the drop-down list. The approver will need to approve the submitted group renewal task.

  • Administrator contact – Configure the renewal process administrator contact and relevant email notification:

    • Administrator contact – Add a user or group (Microsoft 365 Group, distribution group, security group, or mail-enabled security group) to be the administrator contact. This should be an administrator who is responsible for the successful completion of the renewal process.

    • Notification email template for renewal exception – Select a renewal exception notification email template from the drop-down list. If the renewal process encounters an exception, the administrator contact will receive a notification email.

Click Save to save all your configurations.