#Manage Templates

Nitro provides a risk starter template with some common settings for AvePoint’s Policies and Insights for easy use. For details, refer to the Default template settings section below. You can also create custom templates.

To manage templates in Nitro, go to Template management in the Nitro section.

You can perform the following actions:

#Default Template Settings

Insights

For the supported sensitivity and exposure definition settings of the default template, refer to the .

The scope settings are also supported, and the scope settings will be applied to all containers of the customer tenant.

Policies for Microsoft 365

For the supported Policies for Microsoft 365 settings of the default template, refer to the following table.

Type	Rule Name	Description	Settings
Microsoft 365 Group/Microsoft Teams	Classification Change Restriction	Prevent changes to the classification of Groups or Teams.	N/A
Microsoft 365 Group/Microsoft Teams	External Sharing Settings	Control the external sharing settings for Groups or Teams.	“Allow Group/Team owners to add people outside of the organization to the Group/Team”:No
Microsoft 365 Group/Microsoft Teams	External User Access Enforcement	Control users who have the ability to add external users to Groups or Teams.	“Forbid any external users”
Microsoft 365 Group/Microsoft Teams	Owner Number Restriction	Control the number of owners in Groups or Teams.	Within 2-5
Microsoft 365 Group/Microsoft Teams	Private Channel Owner Number Restriction(Only for Microsoft Teams)	Control the number of owners in Teams private channels.	Within 2-5
Microsoft 365 Group/Microsoft Teams	Scan External Users	Scan external users in sites where external sharing is disabled.	N/A
Microsoft 365 Group/Microsoft Teams	Site Content External Sharing Settings	Control the external sharing settings for sites.	“Site content can be shared with”:Only people in your organization (No external sharing allowed)
SharePoint Online Site/OneDrive	Scan External Users	Scan external users in sites where external sharing is disabled.	N/A
SharePoint Online Site/OneDrive	Site Collection Administrator Number Restriction	Control the number of site collection administrators in a site.	Within 2-5
SharePoint Online Site/OneDrive	Site Content External Sharing Settings	Control the external sharing settings for sites.	“Site content can be shared with”:Only people in your organization (No external sharing allowed)
Tenant	Automatic Forwarding Restriction	Restrict users from auto-forwarding emails.	N/A
Tenant	Bypass Spam Filtering Rule Restriction	Restrict users from creating the mail flow rule to skip spam filtering when receiving emails from specific domains.	N/A
Tenant	Control Anonymous Calendar Sharing	Control whether users are allowed to share their calendars with anonymous users outside the organization.	Does not select “Allow anonymous calendars sharing”
Tenant	Control Exchange Online PowerShell Access for Non-administrators	Control Exchange Online PowerShell access for non-administrators.	“Administrators include”: Exchange Online Administrators;“Allow non-administrators to use Exchange Online PowerShell”:No
Tenant	Control Focused box	Control whether to enable the focused inbox view for users.	“Enable the focused inbox view for users” is enabled.
Tenant	Control Mailbox Auditing for All Users	Control whether to enable mailbox auditing for all users.	“Enable mailbox auditing for all users”:Yes
Tenant	Control Plus Addressing	Control whether users can use plus addressing to quickly create custom email addresses based on their standard email addresses.	“Allow plus addressing” is enabled.
Tenant	Control Sending Emails from Aliases	Control whether users are allowed to send emails from aliases.	“Allow users to send emails from aliases” is enabled.
Tenant	Deleted Item Retention Enforcement	Set the duration that deleted items are retained in the Recoverable Items/Deletions folder.	“Retention days of deleted items”:Exactly 30
	DKIM Signature Enforcement	Sign emails with DKIM (Domain Keys Identified Mail) signatures for your domains to help recipients ensure the identities of senders.	“Sign messages for all domains within the tenant with DKIM signatures” is enabled.
	Ghost Guest User Detection	Detect guests who do not have any membership in SharePoint Online sites, Groups, and Teams.	N/A
	Legacy Email Protocols Restriction	Restrict the use of legacy email protocols including POP, SMTP, and IMAP protocols to prevent password spray attack that may breach mailboxes in your tenants.	“Rule Settings”:All“Monitor existing mailboxes” is enabled.
	Message Size Restriction	Restrict the maximum size for messages sent and received by mailboxes.	“Sent messages maximum size (KB) must be”:153600;“Received messages maximum size (KB) must be”:153600;“Monitor existing mailboxes” is enabled.
	Outlook External Email Tag Enforcement	Choose whether to add tags to external emails in Outlook to help users identify emails from external senders.	“Add tags to external emails” is enabled.
	Remove Inactive Guest Users	Remove users who do not have any activities in SharePoint Online sites, Groups, and Teams.	“Remove users if they do not have any activities for”:90 Days
	Rich-Text Format Restriction	Restrict the rich-text format in emails to prevent malformed emails sending to other users.	“Select whether to allow rich-text format”:Never (recommended)
	Shared Mailbox Sign-In Restriction	Control whether to allow users to sign in to the shared mailboxes by their associated user accounts.	“Rule Settings”:Allow users to sign in to shared mailboxes by their associated user accounts

#Create a Template

To create a template, complete the following steps:

1. Click Create. The Create panel appears.

2. On the Basic information page, configure the following fields:

   • Template name – Enter a name for this template.

   • Description – Enter a description if necessary.

3. Click Next.

4. In the Microsoft settings section, select the modules which settings you want to export from the customer tenant.

   *Note: If you select Microsoft Entra ID, in the textbox below, you can specify users from which you want to export settings for a purpose (for example, service account creation). Enter the username of a user or a keyword to match users whose username contains the keyword. * can be used to match all users.

5. In the AvePoint solutions section, select if you want to export the settings of Policies, Insights, and Cloud Backup for Microsoft 365 from the customer tenant.

6. From the Select a customer tenant to export settings drop-down list, select an existing customer tenant.

   *Note: If you have selected any Microsoft module settings above, make sure the selected customer has an app profile configured in Manage Customer App Profiles and has a service account profile configured in AvePoint Online Services. For details about service account profiles, see .

   If any settings have not been configured, you can click Configure next to the setting to configure it. A customer app profile must be configured before configuring the service account profile.

7. Click Next.

8. On the Review page, you can view details in the template, and then click Save to export settings and create a template.

#Upload a Template

To upload an updated template, complete the following steps:

1. Select the original template which you want to replace with the updated template file.

2. Click Upload.

3. In the pop-up window, click Choose file and select the updated template file that you want to upload.

   When any customers already have the original template applied, the template updates will not be applied to those customers.

4. Click Upload.

#Apply a Template

To apply a template to your customer tenant, complete the following steps:

1. Access the Apply template page by the following methods:

   • On the Customer directory page, select a customer, and click Apply template.

   • On the Nitro > Directory page, click Apply template in the upper-right corner. The Select customer window appears. Select a customer from the drop-down list, and click Next.

2. In the Choose a template step, select a template you want to apply to the selected customer, and click Next.

   • Default Risk Starter Template – Nitro provides a default template for easy use. The default template provides some common settings for AvePoint’s Policies and Insights. For details, refer to the Default template settings section in Manage Templates.

   • Custom Template – Select a pre-configured custom template.

3. In the Template customization step, you can enable/disable different settings by turning on/off the () button and then edit the settings of the template to be applied.

   • For Microsoft 365 settings, you can select the settings you want to apply.

   • For Policies for Microsoft 365, you can select the desired policy level you want to apply and click View/Edit to configure which rules you want to apply.

   • For Insights, you can view the detailed sensitivity definitions and exposure definitions of the template. Clicking Hide definitions can hide the details.

   • For Cloud Backup for Microsoft 365, you can view the backup scope and configure the number of backup jobs per day and the start time of the first backup job.

   After you customize the settings, you can click Save as a new template at the bottom to save the settings as a new template for future use.

   Click Continue to go to the next step. If you have selected to apply Cloud Backup for Microsoft 365 settings, a confirmation window appears to indicate that for the Cloud Backup for Microsoft 365 backup scope configured in the template, Nitro will only apply the modules that the target customer has subscriptions for. Click Continue in the window to proceed.

4. In the Authentication step, the required settings for applying the template are displayed. Elements will check if the selected customer has enabled the authentication settings for applying this template. If any setting has not been configured, you can click Configure next to the setting to configure it. After all required settings are configured and enabled, you can click the Refresh button to retrieve the check status, and then click Next.

   Refer to the table below to view the required settings:

Type	Settings
Microsoft Settings	Customer App Profile configured in Manage Customer App ProfilesService Account Authentication in AvePoint Online Services
Policies for Microsoft 365	App Profile Authentication (both Microsoft 365 and Microsoft Azure AD) in AvePoint Online Services
Policies for Microsoft 365	Auto Discovery
Policies for Microsoft 365	Report Data Collection
Insights	Auto Discovery
Insights	App Profile Authentication in AvePoint Online Services
Insights	Audit Log Search
Cloud Backup for Microsoft 365	Auto Discovery
Cloud Backup for Microsoft 365	Viva Engage App Profile Authentication in AvePoint Online Services (Only required if you want to back up Viva Engage data)
Cloud Backup for Microsoft 365	Custom Azure App Profile Authentication with the All permissions type in AvePoint Online Services (Only required if you want to back up Teams chat data)
Cloud Backup for Microsoft 365	Microsoft Delegated App Authentication in AvePoint Online Services (Only required if you want to back up Power Platform data)

5. In the Review step, review the settings that will be applied to the customer. Enter the email addresses of recipients who will receive the notification email of this application job in the Job notification email recipients text box. Separate multiple email addresses with semicolons (;). Then, click Apply to apply the template.