Home > Appendices > Appendix C - Assignable Permissions > Microsoft 365 Permissions
Export to PDFMicrosoft 365 Permissions
The tables below detail the Microsoft 365 management permissions that can be assigned to permission groups in EnPower.
Microsoft 365 Tenant Level Permissions
Exchange
| Accessible report | Available action | Description |
|---|---|---|
| Contacts | Create mail contacts | Create mail contacts. |
| Contacts | Manage mail contacts | Manage mail contacts, including the basics, contact information, and organization. |
| Contacts | Delete mail contacts | Delete mail contacts |
| Contacts | Export reports | Export mail contacts into reports. |
| End of Life report | Export End of Life report | Export End of Life report of mailboxes. |
Teams
| Accessible report | Available action | Description |
|---|---|---|
| Call quality report | - | Access the call quality report. |
| End of Life report | Export End of Life report | Export End of Life report of Teams. |
Groups
| Accessible report | Available action | Description |
|---|---|---|
| Groups | Create on-premises groups | Create on-premises groups in the tenants that the selected containers belong to. |
| End of Life report | Delete Groups permanently | Delete Groups permanently on the Delete Groups report page. |
| End of Life report | Restore deleted Groups | Restore the deleted Groups on the Delete Groups report page. |
| End of Life report | Export End of Life report | Export End of Life report of Groups. |
Users
| Accessible report | Available action | Description |
|---|---|---|
| Deleted users report | Delete users permanently | Delete users permanently on the Delete users report page. |
| Deleted users report | Restore deleted users | Restore the deleted users on the Delete users report page. |
SharePoint
| Accessible report | Available action | Description |
|---|---|---|
| Deleted sites report | Delete sites permanently | Delete sites permanently on the Delete sites report page. |
| Deleted sites report | Restore deleted sites | Restore the deleted sites on the Delete sites report page. |
| End of Life report | Export End of Life report | Export End of Life report of sites. |
Loop
| Accessible report | Available action | Description |
|---|---|---|
| End of Life report | Export End of Life report | Export End of Life report of Loop sites. |
Exchange dashboards
| Accessible report | Description |
|---|---|
| Mailbox summary charts | View and manage gadgets for the mailbox summary charts on Dashboard, including the Mailbox activity chart, Storage chart, and the Storage quota chart. |
| Mailbox activity charts | View and manage gadgets for the mailbox activity charts on Dashboard, including the Mailbox action chart and the Meeting action chart. |
Teams dashboards
| Accessible report | Description |
|---|---|
| Teams activity chart | View and manage gadgets for the Teams user activity chart on Dashboard. |
| Device chart | View and manage gadgets for the Device usage chart on Dashboard. |
| PSTN and SMS charts | View and manage gadgets for the Calling plans/SMS chart and the Direct routing chart on Dashboard. |
Groups dashboards
| Accessible report | Description |
|---|---|
| Groups activity charts | - |
User dashboards
| Accessible report | Description |
|---|---|
| User activity charts | View and manage gadgets for the user activity charts on Dashboard, including the Active users chart, the User activity chart, and the Microsoft 365 Services chart. |
| Microsoft 365 Apps activity charts | View and manage gadgets for the Microsoft 365 Apps activity charts, including the App users chart and the Platform users chart. |
| User activation charts | View and manage gadgets for the User activation charts on Dashboard, including the Desktop activation chart, the Mobile app activation chart, and the User activation chart. |
SharePoint dashboards
| Accessible report | Description |
|---|---|
| File activity | View and manage gadgets for the selected report charts on Dashboard. |
| Page activity | View and manage gadgets for the selected report charts on Dashboard. |
| User activity | View and manage gadgets for the selected report charts on Dashboard. |
| Active sites | View and manage gadgets for the selected report charts on Dashboard. |
| Active files | View and manage gadgets for the selected report charts on Dashboard. |
| Storage | View and manage gadgets for the selected report charts on Dashboard. |
| Page views | View and manage gadgets for the selected report charts on Dashboard. |
OneDrive dashboards
| Accessible report | Description |
|---|---|
| File activity | View and manage gadgets for the selected report charts on Dashboard. |
| User activity | View and manage gadgets for the selected report charts on Dashboard. |
| Active accounts | View and manage gadgets for the selected report charts on Dashboard. |
| Active files | View and manage gadgets for the selected report charts on Dashboard. |
| Storage | View and manage gadgets for the selected report charts on Dashboard. |
Compliance dashboards
| Accessible report | Description |
|---|---|
| Administration compliance > Global admin warning | View and manage gadgets for the global admin warning chart on Dashboard. |
| Top 10 compliance risks > Top 10 external domains | View and manage gadgets for the Top 10 external domains chart on Dashboard. |
Metadata & bulk creation
| Accessible report | Available action | Description |
|---|---|---|
| Bulk creation template | Create | Create bulk creation templates. |
| Bulk creation template | Edit | Edit bulk creation templates. |
| Bulk creation template | Delete | Delete bulk creation templates. |
Microsoft 365 Container Level Permissions
Exchange
| Accessible report | Available action | Description |
|---|---|---|
| Mailboxes | Create mailboxes | Create user mailboxes. *Note: This is a tenant-level permission. If selected, group members can create objects in the tenants that the selected containers belong to. |
| Mailboxes | Delete mailboxes | Delete user mailboxes. |
| Mailboxes | Search for mailbox forwarding | Search for mailboxes that are automatically forwarding emails to specific internal recipients |
| Mailboxes | Manage mailboxes | Manage user mailboxes, including to edit information for basics, update settings, and archive user mailboxes. |
| Mailboxes | Manual sync | Manually retrieve the latest data of selected objects. |
| Mailboxes | Litigation hold | Manage the litigation hold settings of mailboxes. |
| Mailboxes | Manage mailbox delegation | Manage user mailbox delegation settings, including the contacts folder delegation, calendar delegation, and mailbox delegation settings. |
| Mailboxes | Copy permission | Copy permission of a mailbox to another one. |
| Mailboxes | Check if mailbox exists | Check if the mailbox still exists. |
| Mailboxes | Export reports | Export user mailboxes into reports. |
| Mailboxes | Trigger workflows | Trigger the manually triggered workflows to manage or report the selected user mailboxes. |
| Mailboxes | Create on-premises shared mailbox | Create on-premises shared mailboxes. |
| Mailboxes | Manage organization units for on-premises mailboxes | Move hybrid mailboxes from one organization unit to another. |
| Mailboxes | Trigger contact election task | Trigger contact election task for mailboxes. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Mailboxes | Apply renewal profile | Apply renewal profile created in Cloud Governance to shared mailboxes. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Mailboxes | Apply contact election profile | Apply contact election profile created in Cloud Governance to shared mailboxes. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Mailboxes | Restart renewal | Restart the renewal process of shared mailboxes. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Mailboxes | Auto-complete renewal | Complete the renewal process of shared mailboxes. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Mailboxes | Assign renewal tasks | Update the assignees of a shared mailbox’s renewal. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Mailboxes | Specify contacts | Specify contacts for shared mailboxes. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Mailboxes | Edit metadata | Edit the Cloud Governance metadata applied to the shared mailboxes. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Mailboxes | Remove from Cloud Governance. | Remove registered mailboxes from Cloud Governance. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Resources | Create resource mailboxes | Create resource mailboxes.*Note: This is a tenant-level permission. If selected, group members can create objects in the tenants that the selected containers belong to. |
| Resources | Delete resource mailboxes | Delete resource mailboxes |
| Resources | Manage resource mailboxes | Manage resource mailboxes, including to edit information for the basics, resource address, and configure booking options. |
| Resources | Manual sync | Manually retrieve the latest data for the selected resource mailboxes. |
| Resources | Manage resource mailbox delegation | Manage resource mailboxes delegation, including both resource and calendar delegation. |
| Resources | Export reports | Export resource mailboxes into reports. |
| Resources | Specify contacts | Specify contacts for resource mailboxes. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Resources | Edit metadata | Edit the Cloud Governance metadata applied to the resource mailboxes. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Resources | Remove from Cloud Governance. | Remove registered resource mailboxes from Cloud Governance. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Mailbox activity | Export reports | View and export mailbox activity reports. |
| Mail users | Manage mail users | Including mail users and guest mail users. *Note: guest mail users can only be managed in Users module. |
| Mail users | Delete mail users | Including mail users and guest mail users. *Note: guest mail users can only be deleted in the Users module. |
| Mail users | Export reports | Export mail users into reports. |
Teams
| Accessible report | Available action | Description |
|---|---|---|
| Teams | Create Teams | Create Teams. Note the following: This is a tenant-level permission. If selected, group members can create objects in the tenants that the selected containers belong to. If selected, you can also configure whether only users in this group's manageable tenants or user containers can be added to Groups during Group creation |
| Teams | Delete Teams | Delete Teams. |
| Teams | Manage Teams | Manage Teams, including basics, channels, and settings. |
| Teams | Manage memberships | Manage memberships, including Team memberships, channel memberships, and policies. |
| Teams | Manual sync | Manually retrieve the selected Teams’ latest data. |
| Teams | Download permission report | Download Teams’ permission report. *Note: This is only available when you have a subscription for AvePoint Insights. |
| Teams | Export reports | Export Teams into reports. |
| Teams | Trigger workflows | Trigger the manually triggered workflows to manage or report the selected Teams. |
| Teams | Appy renewal profile | Apply renewal profile created in Cloud Governance to Teams. |
| *Note: This is only available when you have a subscription for AvePoint Cloud Governance. | ||
| Teams | Restart renewal | Restart the renewal process of Teams. |
| *Note: This is only available when you have a subscription for AvePoint Cloud Governance. | ||
| Teams | Auto-complete renewal | Complete the renewal process of Teams. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Teams | Remove from Cloud Governance. | Remove registered Teams from Cloud Governance. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Teams | Edit metadata | Remove Teams’ Cloud Governance metadata. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Teams | Specify contacts | Specify primary and secondary contacts for Teams. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Teams | Assign renewal tasks | Update the assignee of Teams’ renewal task. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Teams | Apply contact election profile | Apply contact election profile to Teams. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Teams audits | Export reports | View and export Teams audit reports. |
| Teams activity report | Export reports | View and export Teams activity reports. |
| Channel report | Create channels | Create new channels. |
| Channel report | Delete channels | Delete channels from Teams. |
| Channel report | Manage channels | Update channel information. |
| Channel report | Manage membership | View and update channel membership. |
| Channel report | Export report | Export channel report into Excel files. |
| Device report | Export reports | View and export Teams device reports. |
| User report | Edit policies | Access Teams user report and edit user policies. |
| PSTN and SMS report | - | Access PSTN and SMS report. |
| Sensitivity report | Apply sensitivity labels | Apply sensitivity labels to Teams’ objects. |
| Sensitivity report | Remove permissions | Remove user permissions for Teams’ objects. |
Groups
| Accessible report | Available action | Description |
|---|---|---|
| Groups | Create Groups | Create Groups, including Microsoft 365 Groups, distribution groups, security groups, and mail-enabled security groups. Note the following: This is a tenant-level permission. If selected, group members can create objects in the tenants that the selected containers belong to. If selected, you can also configure whether only users in this group's manageable tenants or user containers can be added to Groups during Group creation |
| Groups | Manage Groups | Manage Group properties. |
| Groups | Manage memberships | Manage Group memberships. |
| Groups | Delete Groups | Delete Groups. |
| Groups | Export reports | Export Groups into reports. |
| Groups | Trigger workflows | Trigger the manually triggered workflows to manage or report the selected Groups. |
| Groups | Manage organizational units for on-premises groups | Manage organizational units for on-premises groups. |
| Groups | Manual sync | Manually retrieve the selected Groups’ latest data. |
| Groups | Apply renewal profile | Apply renewal profile created in Cloud Governance to groups. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Groups | Apply contact election profile | Apply contact election profile created in Cloud Governance to groups. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Groups | Restart renewal | Restart the renewal process of groups. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Groups | Auto-complete renewal | Complete the renewal process of groups. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Groups | Assign renewal tasks | Update the assignees of a group renewal. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Groups | Specify contacts | Specify contacts for groups. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Groups | Edit metadata | Edit the Cloud Governance metadata applied to the groups. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Groups | Remove from Cloud Governance | Remove registered Groups from Cloud Governance. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Groups activity report | Export reports | View and export Group activity reports. |
Users
| Accessible report | Available action | Description |
|---|---|---|
| Users | Create users | Create Microsoft 365 users. *Note: This is a tenant-level permission. If selected, group members can create objects in the tenants that the selected containers belong to. |
| Users | Create users/Invite users > Assign licenses and apps | Assign licenses and apps when creating or inviting users. |
| Users | Create users/Invite users > Create users in all containers/Invite users to all containers | Create or invite users to containers that is not in the permission group’s manageable scope. |
| Users | Invite users | Invite external users to your as guests in your organization. *Note: This is a tenant-level permission. If selected, group members can create objects in the tenants that the selected containers belong to. |
| Users | Create on-premises users | Create on-premises users in your local Active Directory. |
| Users | Manage organizational units for on-premises users | Manage the organization units of your on-premises users. |
| Users | Edit user details | Edit users’ detailed information. |
| Users | Manage admin roles | Manage the administration roles of users. |
| Users | Manage user licenses | Assign or remove user licenses. |
| Users | Manage security settings | Manage settings, including password settings, user sessions, sign-in settings, and MFA settings. |
| Users | Delete users | Delete users. |
| Users | Export reports | Export users into reports. |
| Users | Trigger workflows | Trigger the manually triggered workflows to manage or report the selected users. |
| Users | Remove from Cloud Governance | Remove registered users from Cloud Governance. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Users | Edit metadata | Edit metadata applied to the guest user. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Users | Trigger contact election task | Trigger contact election task of the guest user. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Users | Specify contacts | Specify primary and secondary contacts of the guest user. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Users | Apply renewal profile | Apply renewal profile to the guest user. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Users | Apply contact election profile | Apply contact election profile to the guest user. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Users | Restart renewal | Restart the renewal process of the guest user. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Users | Auto-complete renewal | Automatically complete the renewal process of the guest user. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Users | Assign renewal tasks | Assign the renewal tasks of the guest user to other assignees. |
| Sign-in report | Configure MFA settings | Configure the MFA settings for users in the Sign-in report. |
| Sign-in report | Reset MFA settings | Reset the MFA settings for users in the Sign-in report, including restoring the user’s authentication status, resetting the user’s authentication methods, and deleting the app passwords generated by this user. |
| Sign-in report | Revoke sessions | Revoke all sessions for the user and require the user to re-sign in on all devices in the Sign-in report. |
| Sign-in report | Reset password | Manually or automatically reset the password for users in the Sign-in report. |
| Sign-in report | Block sign-in | Block users from signing in. |
| Sign-in report | Export reports | View and export sign-in reports. |
| User activity report | Export reports | View and export user activity reports. |
| Microsoft 365 Apps activity report | Export reports | Export Microsoft 365 Apps activity report. |
| User activation report | Export reports | Export user activation reports. |
SharePoint
| Accessible report | Available action | Description |
|---|---|---|
| SharePoint sites | Create sites | Create SharePoint online sites. Note the following: This is a tenant-level permission. If selected, group members can create objects in the tenants that the selected containers belong to. If selected, you can also configure whether only users in this group's manageable tenants or user containers can be added to Groups during Group creation |
| SharePoint sites | Manage sites > Basics | Edit site basic information. |
| SharePoint sites | Manage sites > Hub | Manage sites’ hub settings. |
| SharePoint sites | Manage sites > Connect to new Microsoft 365 Group | Connect sites to Microsoft 365 Group. |
| SharePoint sites | Manual sync | Manually retrieve the selected sites’ latest data. |
| SharePoint sites | Archive/Reactivate | Archive sites or reactive archived sites. |
| SharePoint sites | Manage permissions | Manage site permissions, including site admins, site owners, site members, and site visitors. |
| SharePoint sites | Manage settings | Manage site settings, including the sharing, sensitivity, storage settings, and site status. |
| SharePoint sites | Delete sites | Delete sites. |
| SharePoint sites | Export reports | Export SharePoint Online sites into reports. |
| SharePoint sites | Trigger workflows | Trigger the manually triggered workflows to manage or report the selected sites. |
| SharePoint sites | Apply renewal profile | Apply renewal profile created in Cloud Governance to SharePoint sites. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| SharePoint sites | Apply contact election profile | Apply contact election profile created in Cloud Governance to SharePoint sites. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| SharePoint sites | Restart renewal | Restart the renewal process of SharePoint sites. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| SharePoint sites | Auto-complete renewal | Complete the renewal process of SharePoint sites. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| SharePoint sites | Assign renewal tasks | Update the assignees of SharePoint sites’ renewal. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| SharePoint sites | Specify contacts | Specify contacts for SharePoint sites. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| SharePoint sites | Edit metadata | Edit Cloud Governance metadata of the sites. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| SharePoint sites | Remove from Cloud Governance | Remove registered SharePoint sites from Cloud Governance. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Group team sites | Create sites | Create SharePoint Online Group team sites. *Note: This is a tenant-level permission. If selected, group members can create objects in the tenants that the selected containers belong to. |
| Group team sites | Manage sites > Basics | Edit sites’ basic information. |
| Group team sites | Manage sites > Hub | Update sites’ hub settings. |
| Group team sites | Manual sync | Manually retrieve the selected sites’ latest data. |
| Group team sites | Archive/Reactivate | Archive sites or reactive archived sites. |
| Group team sites | Manage permissions | Manage Group team site permissions, including primary admin, additional admins, site owners, site members, and site visitors. |
| Group team sites | Manage settings | Manage Group team site settings, including the sharing, sensitivity, storage settings, and site status. |
| Group team sites | Delete sites | Delete Group team sites. |
| Group team sites | Export reports | Export Group team sites into reports. |
| Group team sites | Trigger workflows | Trigger the manually triggered workflows to manage or report the selected sites. |
OneDrive
| Accessible report | Available action | Description |
|---|---|---|
| OneDrive | Manage administrators | Manage OneDrive administrators. |
| OneDrive | Manage external sharing | Manage external sharing settings for OneDrive. |
| OneDrive | Manage storage limit | Manage storage limit for OneDrive. |
| OneDrive | Manual sync | Manually retrieve the latest data of the selected OneDrive. |
| OneDrive | Assign license | Assign license to OneDrive accounts. |
| OneDrive | Export reports | Export OneDrive into reports. |
| OneDrive | Update OneDrive status | Lock or unlock the OneDrive. |
| OneDrive | Trigger workflows | Trigger the manually triggered workflows to manage or report the selected OneDrive. |
| OneDrive | Apply renewal profile | Apply renewal profile created in Cloud Governance to OneDrive. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| OneDrive | Restart renewal | Restart the renewal process of OneDrive. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| OneDrive | Enable/Disable assessment | Enable or disable OneDrive assessment in AvePoint Insights and Cloud Governance. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| OneDrive | Auto-complete renewal | Complete the renewal process of OneDrive. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
Loop
| Accessible report | Available action | Description |
|---|---|---|
| Loop | Manage settings | Manage basic workspace settings including sensitivity label assignment. |
| Loop | Manage permissions | Manage workspace permissions. |
| Loop | Delete | Delete workspaces. |
| Loop | Export reports | Export workspace properties into reports. |
| Loop | Manual sync | Manually retrieve the latest Loop site data. |
| Loop | Apply renewal profile | Apply renewal profile created in Cloud Governance to Loop sites. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Loop | Restart renewal | Restart the renewal process of Loop sites. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Loop | Auto-complete renewal | Auto complete the renewal process of Loop sites. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Loop | Assign renewal tasks | Assign renewal tasks Loop sites to new assignees. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Loop | Specify contacts | Specify primary and secondary contacts for Loop sites. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Loop | Edit metadata | Edit metadata applied to Loop sites. *Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Loop | Remove from Cloud Governance | Remove Loop sites from Cloud Governance. Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
Teams dashboards
| Accessible report | Description |
|---|---|
| Teams user adoption | Access the default Teams user adoption dashboard, and manage gadgets for the Active users, 1:1 calls and meetings, Audio and video time (min), Chats, Active users in departments, Chats in departments, Audio and video time in departments (min), 1:1 calls and meetings in departments charts. |
| Teams activity | Access the default Teams activity dashboard, and manage gadgets for the Teams without owners, Inactive Teams, Top 10 Teams by members, Top 10 Teams by channels, Top 10 Teams by activity, Public vs Private Teams, Empty Teams, Teams with external users charts. |
| Teams users | Access the default Teams users dashboard, and manage gadgets for the Active users, Inactive users, Active vs Inactive users charts. |
SharePoint dashboards
| Accessible report | Description |
|---|---|
| Total storage used | View and manage the selected report charts on the default SharePoint activity and usage dashboard or custom SharePoint tenant-level dashboards. |
| Total files | View and manage the selected report charts on the default SharePoint activity and usage dashboard or custom SharePoint tenant-level dashboards. |
| Top 10 inactive sites | View and manage the selected report charts on the default SharePoint activity and usage dashboard or custom SharePoint tenant-level dashboards. |
| Top 10 sites by storage | View and manage the selected report charts on the default SharePoint activity and usage dashboard or custom SharePoint tenant-level dashboards. |
| Top 10 sites by activity | View and manage the selected report charts on the default SharePoint activity and usage dashboard or custom SharePoint tenant-level dashboards. |
OneDrive dashboards
| Accessible report | Description |
|---|---|
| Total storage used | View and manage the selected report charts on the OneDrive activity and usage dashboard or custom OneDrive tenant-level dashboards. |
| Total files | View and manage the selected report charts on the OneDrive activity and usage dashboard or custom OneDrive tenant-level dashboards. |
| Storage used by blocked users | View and manage the selected report charts on the OneDrive activity and usage dashboard or custom OneDrive tenant-level dashboards. |
| Files of blocked users | View and manage the selected report charts on the OneDrive activity and usage dashboard or custom OneDrive tenant-level dashboards. |
| Top 10 users by storage | View and manage the selected report charts on the OneDrive activity and usage dashboard or custom OneDrive tenant-level dashboards. |
Compliance dashboards
| Accessible report | Description |
|---|---|
| Exchange compliance | Access the default Exchange compliance dashboard, and manage gadgets for the Litigation hold enabled mailboxes, Mailboxes forwarding to external domains, Mailboxes forwarding to specific domains, Litigation hold enabled mailboxes in departments, Mailboxes forwarding to external domains in departments, Mailboxes forwarding to specific domains in departments charts. |
| Administration compliance | Access the default Administration compliance dashboard, and manage gadgets for the Users with administrative roles, Global administrators, OneDrive with multiple administrators, Administrative role assignments, Users with administrative roles in departments, OneDrive with multiple administrators in departments charts. |
| User access compliance | Access the default User access compliance dashboard, and manage gadgets for the Users without strong password, Password changed/reset users, Sign-in failed users, Users with multiple IP addresses, Strong password required, Users without strong password in departments, Password never expires, Password never expired users in departments, MFA status, MFA disabled users in departments, Password changed/reset users in departments, Sign-in failed users in departments, Sign-in failed users with multiple IP addresses in departments, Failed sign-ins in departments charts. |
| Collaboration compliance | Access the default Collaboration compliance dashboard, and manage gadgets for the External links, External users, Sensitive items, External links trend, External users trend, Sensitive items trend charts. |
| Top 10 compliance risks | Access the default Top 10 compliance risks dashboard, and manage gadgets for the Top 10 countries with failed sign-ins, Top 10 departments with failed sign-ins, Top 10 sign-in failed users, Top 10 OneDrive with multiple administrators charts. |
Metadata & bulk creation
| Accessible report | Available action | Description |
|---|---|---|
| Metadata | Create | Create Cloud Governance metadata in EnPower. |
| Metadata | Edit | Edit Cloud Governance metadata settings and values in EnPower. |
| Metadata | Delete | Delete Cloud Governance metadata from EnPower. |
Microsoft 365 Workflow Permissions
Dynamic workflow triggered by trigger events
| Manageable object type | Available trigger event | Available workflow action |
|---|---|---|
| Users | Create/Invite user | Assign licenses |
| Users | Create/Invite user | Add to the Group |
| Users | Create/Invite user | Add to the Team |
| Users | Create/Invite user | Share user calendar |
| Users | Create/Invite user | Send email to manager or specified users |
| Users | Create/Invite user | Pre-provision OneDrive |
| Users | Create/Invite user | Manage mailbox archive |
| Users | Create/Invite user | Manage litigation hold |
| Users | Create/Invite user | Manage email apps settings |
| Users | Create/Invite user | Manage language and time |
| Users | Create/Invite user | Set working hour time zone |
| Users | Create/Invite user | Configure MFA settings |
| Users | Create/Invite user | Assign roles |
| Users | Create/Invite user | Assign to administrative units |
| Users | Delete user | Send email to manager or others |
| Users | Delete user | Reassign user’s Group ownership to others |
| Users | Delete user | Reassign user’s Team ownership to others |
| Users | Delete user | Reassign user’s OneDrive administrator permission to others |
| Users | Block user | Assign others as user’s OneDrive administrator |
| Users | Block user | Reassign user’s Group ownership to others |
| Users | Block user | Reassign user’s Team ownership to others |
| Users | Block user | Remove licenses |
| Users | Block user | Remove from the Group |
| Users | Block user | Remove from the Team |
| Users | Block user | Archive mailbox |
| Users | Block user | Convert user mailbox to shared |
| Users | Block user | Configure mailbox automatic replies |
| Users | Block user | Configure mailbox delegation |
| Users | Block user | Add others as user’s mailbox delegate |
| Users | Block user | Send email to manager or specified users |
| Users | Update user | Assign licenses |
| Users | Update user | Remove licenses |
| Users | Update user | Add to the Group |
| Users | Update user | Add to the Team |
| Users | Update user | Remove from the Group |
| Users | Update user | Remove from the Team |
| Users | Update user | Send email to manager or specified users |
| Users | Password reset/change | Block user |
| Users | Password reset/change | Send email to manager or specified users |
| Users | Failed sign-in *Note: A Microsoft Entra ID P1 or P2 license is required to detect this event. | Delete user |
| Users | Failed sign-in *Note: A Microsoft Entra ID P1 or P2 license is required to detect this event. | Block user |
| Users | Failed sign-in *Note: A Microsoft Entra ID P1 or P2 license is required to detect this event. | Send email to manager or specified users |
| Microsoft Teams | Add user to Team | Send email to Team owners |
| Microsoft Teams | Add user to Team | Send email to specific users |
| Microsoft Teams | Add user to Team | Send email to primary contact |
| Microsoft Teams | Add user to Team | Send email to secondary contact |
| Groups | Add user to Group *Note: This trigger event is currently only applicable to Microsoft 365 Groups. | Send email to Group owners |
| Groups | Add user to Group *Note: This trigger event is currently only applicable to Microsoft 365 Groups. | Send email to specific users |
| Groups | Add user to Group *Note: This trigger event is currently only applicable to Microsoft 365 Groups. | Send email to primary contact |
| Groups | Add user to Group *Note: This trigger event is currently only applicable to Microsoft 365 Groups. | Send email to secondary contact |
| SharePoint | SharePoint sites file access | Remove access |
| SharePoint | SharePoint sites file access | Block user |
| SharePoint | SharePoint sites file access | Send email to manager or specified users |
| SharePoint | SharePoint sites file access | Apply sensitivity label |
| SharePoint | Group team site file access | Remove access |
| SharePoint | Group team site file access | Block user |
| SharePoint | Group team site file access | Send email to manager or specified users |
| SharePoint | Group team site file access | Apply sensitivity label |
| SharePoint | Add user to SharePoint site | Send email to site owners |
| SharePoint | Add user to SharePoint site | Send email to site admins |
| SharePoint | Add user to SharePoint site | Send email to specific users |
| SharePoint | Add user to SharePoint site | Send email to primary contact |
| SharePoint | Add user to SharePoint site | Send email to secondary contact |
| SharePoint | Add user to Group team site | Send email to Group owners |
| SharePoint | Add user to Group team site | Send email to site admins |
| SharePoint | Add user to Group team site | Send email to site owners |
| SharePoint | Add user to Group team site | Send email to specific users |
| SharePoint | Add user to Group team site | Send email to primary contact |
| SharePoint | Add user to Group team site | Send email to secondary contact |
| OneDrive | Files access | Remove access |
| OneDrive | Files access | Block user |
| OneDrive | Files access | Send email to specific users |
| OneDrive | Files access | Apply sensitivity label |
Dynamic workflow triggered by object conditions
| Manageable object type | Available workflow action |
|---|---|
| Mailboxes | Hide from address list |
| Mailboxes | Send emails |
| Mailboxes | Trigger contact election task |
| Mailboxes | Specify contacts |
| Mailboxes | Apply renewal profiles |
| Mailboxes | Apply contact election profile |
| Mailboxes | Restart renewal |
| Mailboxes | Auto-complete renewal |
| Mailboxes | Assign renewal tasks |
| Mailboxes | Edit metadata |
| Resources | Hide from address list |
| Resources | Send emails |
| Resources | Edit metadata |
| Microsoft Teams | Remove all guests |
| Microsoft Teams | Archive/Unarchive Teams |
| Microsoft Teams | Apply sensitivity label |
| Microsoft Teams | Manage Team/channel settings |
| Microsoft Teams | Send emails |
| Microsoft Teams | Apply renewal profile |
| Microsoft Teams | Restart renewal |
| Microsoft Teams | Trigger contact election task |
| Microsoft Teams | Edit metadata |
| Microsoft Teams | Apply contact election profile |
| Microsoft Teams | Assign renewal tasks |
| Microsoft Teams | Auto-complete renewal |
| Microsoft Teams | Specify contacts |
| Groups | Trigger contact election task |
| Groups | Apply renewal profile |
| Groups | Restart renewal |
| Groups | Apply sensitivity label |
| Groups | Change privacy setting |
| Groups | Hide from address list |
| Groups | Send emails |
| Groups | Edit metadata |
| Groups | Assign renewal tasks |
| Groups | Auto-complete renewal |
| Groups | Specify contacts |
| Groups | Apply contact election profile |
| Users | Remove licenses |
| Users | Remove duplicate licenses |
| Users | Block sign-in |
| Users | Trigger contact election task |
| Users | Specify contacts |
| Users | Apply renewal profile |
| Users | Apply contact election profile |
| Users | Restart renewal |
| Users | Auto-complete renewal |
| Users | Assign renewal tasks |
| Users | Remove from Cloud Governance |
| Users | Edit metadata |
| SharePoint | Archive/Reactivate |
| SharePoint | Restart renewal |
| SharePoint | Trigger contact election task |
| SharePoint | Change site status |
| SharePoint | Edit storage limit |
| SharePoint | Apply sensitivity label |
| SharePoint | Send emails |
| SharePoint | Apply renewal profile |
| SharePoint | Edit metadata |
| SharePoint | Apply contact election profile |
| SharePoint | Assign renewal tasks |
| SharePoint | Auto-complete renewal |
| SharePoint | Specify contacts |
| OneDrive | Manage administrators |
| OneDrive | Manage storage limit |
| OneDrive | Manage external sharing |
| OneDrive | Update OneDrive status |
| OneDrive | Assign license |
| OneDrive | Send emails |
| OneDrive | Apply renewal profile |
| OneDrive | Restart renewal |
| OneDrive | Enable/Disable assessment |
Manually triggered workflow
| Manageable object type | Available workflow action |
|---|---|
| Exchange | Convert user mailbox to shared |
| Exchange | Archive mailbox |
| Exchange | Hide from address list |
| Exchange | Configure mailbox automatic replies |
| Exchange | Add others as user’s mailbox delegate |
| Exchange | Configure mailbox delegation |
| Exchange | Send email to mailbox users |
| Exchange | Send email to manager |
| Exchange | Send email to mailbox delegates |
| Exchange | Send email to specific users |
| Exchange | Send email to primary and secondary contacts |
| Teams | Update Team owners |
| Teams | Update Team members |
| Teams | Remove all guests |
| Teams | Archive Teams |
| Teams | Update sensitivity label |
| Teams | Manage Team privacy setting |
| Teams | Manage Team/channel setting |
| Teams | Send email to Team owners |
| Teams | Send email to Team members |
| Teams | Send email to specific users |
| Teams | Send email to primary and secondary contacts |
| Groups | Update Group owners |
| Groups | Update Group members |
| Groups | Remove specified users |
| Groups | Send email to Group owners |
| Groups | Send email to Group members |
| Groups | Send email to specific users |
| Groups | Send email to primary and secondary contacts |
| Users | Convert mailbox to shared |
| Users | Archive mailboxes |
| Users | Hide from address list |
| Users | Add others as user’s mailbox delegate |
| Users | Configure mailbox automatic replies |
| Users | Configure mailbox delegation |
| Users | Assign others as user’s OneDrive administrator |
| Users | Update Group owners |
| Users | Update Group members |
| Users | Assign licenses |
| Users | Replace licenses |
| Users | Remove licenses |
| Users | Block users |
| Users | Delete users |
| Users | Reset password |
| Users | Configure MFA settings |
| Users | Send email to user |
| Users | Send email to manager |
| Users | Send email to mailbox delegates |
| Users | Send email to specific users |
| SharePoint | Update site owners |
| SharePoint | Update site visitors |
| SharePoint | Update site members |
| SharePoint | Update additional admins |
| SharePoint | Remove specific users |
| SharePoint | Archive/Reactivate |
| SharePoint | Update sensitivity label |
| SharePoint | Edit storage limit |
| SharePoint | Manage sharing settings |
| SharePoint | Update site status to read only |
| SharePoint | Delete sites |
| SharePoint | Send email to site owners |
| SharePoint | Send email to site visitors |
| SharePoint | Send email to site members |
| SharePoint | Send mail to specified users |
| OneDrive | Assign others as user’s OneDrive administrator |
| OneDrive | Manage sharing settings |
| OneDrive | Edit storage limit |
| OneDrive | Update OneDrive status to read only |
On this page