AvePoint Learn
Request article
Contact support
Request article
Contact support
English

Home > Microsoft 365 Groups/Microsoft Teams Provisioning and Management > Best Practices for Managing Groups/Teams > Group or Team Renewal

Export to PDF

Group or Team Renewal

Group/Team renewal allows users to periodically review and update group/team contacts, owners, members, metadata, and group team site permissions, all in one task. If you allow users to archive teams or delete groups/teams in the renewal process, they will be asked to confirm whether the groups/teams are still required. A group/team renewal profile can be selected when you enable the renewal process in a group/team policy.

Complete the following steps to create a group/team renewal profile:

  1. In Settings, click Recertification or Renewal Management in the System group.

  2. Click Create on the ribbon, select Renewal Profile, and then configure the following settings.

  3. Renewal Scope – Choose Microsoft 365 Group/Microsoft Team.

  4. Name and Description – Enter a name and an optional description in the text box for the renewal profile.

  5. Category – Categories are used to organize renewal profiles. Select an existing category from the drop-down list or click Create New to create a new category.

  6. Message to Renewal Process Assignee – To customize the message shown to renewal task assignees for your desired languages, complete the following steps:

    1. Click the edit button of your desired language.

    2. In the Edit panel, enter a custom message in the text box.

    3. Click Save when you finish the configuration. The custom message will be shown to renewal task assignees before they start to renew the group/team.

  7. Workspace Lifecycle Management – Choose whether to Allow the renewal task assignee to delete the group or team and Allow the renewal task assignee to archive the team.

    Note the following:

    • If you allow the task assignee to delete the group/team in the renewal task, you must:

      • Enable group/team deletion in the group/team policy that this renewal profile will be applied to.

      • Make sure the built-in service Group/Team Lifecycle Management Delete Service is active.

    • If you allow the task assignee to archive the team in the renewal task, you must:

      • Enable team archiving in the team policy that this renewal profile will be applied to.

      • Make sure the built-in service Team Lifecycle Management Archive Service is active.

    • After the task assignee chooses to delete the group/team or archive the team, AvePoint Cloud Governance will generate a group/team deletion task or team archiving task. The task will follow the approval process set in the group/team policy.

  8. Renewal Recurrence – Choose one of the following methods to configure the renewal schedule. For more details about the scheduled renewal process, refer to Scheduled Renewal Process Elaboration.

    • Configure a periodic renewal schedule – If you choose this method, configure the following settings:

      • Specify the start time of the renewal recurrence – Choose one of the following options to configure the renewal schedule:

        • Workspace created time – The time when a group or team is created in Microsoft 365.

        • Specific date – Click the calendar button and select a specific date and time.

      • Recurrence – Click one of the options and configure the corresponding settings to define the recurrence of the renewal process as daily, weekly, or monthly.

    • Manually specify each renewal task generation time – If you choose this method, complete the following steps to specify the time to generate each renewal task:

      1. Click Add Renewal Time.

      2. In the Add Renewal Time window, select a renewal task generation time.

      3. Click OK to add the selected renewal time to the table.

      Note the following:

      • You can add up to 12 unique renewal task generation times.

      • A group or team can only have one renewal process on the same day.

    • Generate the next renewal task based on the last renewal completion date – If you choose this method, configure the following settings:

      • Specify the start time of the renewal recurrence:

        • Workspace created time – The time when a group or team is created in Microsoft 365.

        • Specific date – Click the calendar button and select a specific date and time.

      • Recurrence – Enter a number in the text box and select Day(s), Week(s), or Month(s) from the drop-down list to define the renewal recurrence. When the group/team renewal task is completed, after your specified renewal recurrence interval, the next renewal task will be generated.

        For example, if you configure the recurrence as Every 10 Day(s) after the last renewal completion date, and the last renewal completion time is 2022-03-15, then the next renewal date will be 2022-03-25.

  9. Duration and Escalation – Configure the duration and escalation by completing the following steps:

    1. Add assignees of the renewal task.

      • Click Add User Role and select one of the following roles from the drop-down list to have the user serving as the selected role process the renewal task.

        • $Primary Group Contact

        • $Secondary Group Contact

        • $Group Owner

        • $Manager of primary group contact

        • $Manager of secondary group contact

        For detailed descriptions of the roles, refer to Appendix F - Supported Variable Roles.

      • Click Add Group and enter the name of a Microsoft 365 Group, security group, distribution group, or mail-enabled security groups. This stage will complete once any single member of the group finishes the task.

      You can repeat this action to add multiple assignees to process the renewal task. When the renewal task assigned to the previous assignee is overdue, the task will be assigned to the next assignee successively.

    2. Order – Select a processing method for the task assignees to complete the renewal task:

      • One at a time (serial) – The renewal task assignees must complete the task one after another. If an assignee doesn’t complete the renewal task in the specified duration, the task will be assigned to the next assignee according to the specified order of assignees.

      • All at once (parallel) – The renewal task will be assigned to all task assignees at the same time. All renewal task assignees can complete the renewal task within the duration any time. Once a task assignee completes the task, the current renewal process will be over.

    3. Set the duration for each renewal process. Enter a number in the text box and select Day(s) or Week(s) from the drop-down list as the unit.

    4. Choose whether to Allow renewal task assignees to reassign the renewal task to other users. If you enable this option, the renewal task assignees will be able to reassign the renewal task to other users by choosing No, but I know who is responsible for the renewal process.

      NOTE

      A renewal task will be overdue when the task assignee of the last renewal stage doesn’t complete the task within the duration, and the task will be assigned to the administrator contact.

    5. Choose whether to Allow renewal task assignees to state they are not responsible and are unsure who is responsible to complete the renewal process. If you enable this option, the renewal task assignees will be able to choose No, and I don’t know who is responsible for the renewal process to skip the renewal task, and the task will be assigned to the administrator contact.

    6. Select a notification email template for the generation of the renewal task from the drop-down list.

    7. You can choose whether to Send a reminder email to the renewal task assignees before each renewal process is overdue. If you choose to send the reminder email, select a reminder profile from the drop-down list or click Create New to create a new profile. For details on how to configure a reminder profile, refer to Configure Reminder Profiles for Upcoming Expiration.

    8. *Note: If you choose One at a time (serial) as the renewal order, a reminder email will be sent to the task assignees of both the current and previous stages. If you choose All at once (parallel) as the renewal order, a reminder email will be sent to all specified renewal task assignees.

    9. You can Enable automated team archiving. With this checkbox selected, if the renewal process of a team is not completed within the specified period of time, the renewal task will be overdue, and then the team will be automatically archived after the task has been overdue for the specified amount of time. When the team is archived, the team membership and team site permissions will be changed if a team archiving profile has been applied to the team’s policy.

      1. Enter a number in the text box and select Day(s), Week(s), Month(s), or Years(s) from the drop-down list as the unit of time.

      2. You can choose whether to Send a reminder email to the renewal task assignees before the team is archived. If you enable the reminder, select a reminder profile from the drop-down list or click Create New to create a new profile. For details on how to configure a reminder profile, refer to Configure Reminder Profiles for Upcoming Expiration.

      3. You can choose whether to Notify the following people when the team is archived. If you select the notification, enter the names of users in the text box. You can also enter $ to select from the following roles: $Primary Group Contact, $Secondary Group Contact, and $Group/Team Owners. For detailed descriptions of the roles, refer to Appendix F - Supported Variable Roles. Then, select an Email template from the drop-down list for the notification email.

      NOTE

      With automated team archiving enabled for the overdue renewal task, when the renewal task is overdue and the team is locked by escalation, no new renewal tasks will be generated anymore.

  10. People Picker Filter Profile – Select a people picker filter profile if you want to limit the users or groups that will be specified in the people picker fields in the renewal task:

    • Primary group/team contact

    • Secondary group/team contact

    • Group/Team owners

    • Group/Team members

    You can create a people picker filter profile in the modern Cloud Governance admin center > Management >Profiles & templates. For details, refer to Configure People Picker Filter Profiles.

  11. Renewal Option – The following renewal options are automatically selected:

    • Contact renewal – Allows renewal task assignees to review and modify primary and secondary contacts of Microsoft 365 Groups/Microsoft Teams. Choose whether to Notify the newly assigned contacts when renewal task assignees specify the new contacts. If you enable the notification, select an email template for the notification email sent to the new primary or secondary contact.

    • Membership renewal – Allows renewal task assignees to review and modify group/team membership. You can choose to allow task assignees to Only renew external users, or you can configure the following membership renewal settings:

      • Membership type – Choose from the following membership types that the renewal task assignee can review:

        • Group/Team owners – Allows renewal task assignees to review and modify group/team owners. You can choose whether to Allow the renewal task assignee to add owners. If you enable this option, the renewal task assignee can add owners to the group/team during the renewal process.

        • Group/Team members – Allows renewal task assignees to review and modify group/team members. You can choose whether to Allow the renewal task assignee to add members. If you enable this option, the renewal task assignee can add members to the group/team during the renewal process.

    • Permission renewal – Allows renewal task assignees to review and modify SharePoint group permissions to the corresponding Microsoft 365 Group team site. You can choose to allow the renewal task assignee to Only renew external users or Allow the renewal task assignee to add users to SharePoint groups.

    • Sharing link renewal – Allows renewal task assignees to review and manage the links that have been shared with users or groups.

    • Metadata renewal – Allows renewal task assignees to review and modify values of Microsoft 365 Group/Microsoft Team metadata. With this option enabled, click Add Metadata, and the Add Metadata window appears. Select metadata that will be available to renewal task assignees and click Add to List.

  12. Private Channel Renewal Option – Choose whether to enable private channel renewal for the team’s private channel. With the option selected, configure the following settings:

    • Renewal task assignee – Select a user role from the drop-down list, and users who take the corresponding roles will be the private channel renewal task assignee:

      • $Private channel owner

      • $Team owner

      • $Team contact

      NOTE

      If you select $Private channel owner as private channel renewal task assignees and there are no channel owners when generating the renewal tasks, the renewal tasks will be assigned to the channel members. When there are no channel owners or members, the renewal tasks will be assigned to team contacts or team owners who are responsible for the team renewal tasks.

    • Notification email template for the generation of the renewal task – Select an email template from the drop-down list that will be used to send the notification email when a private channel renewal task is newly generated.

    • Message to private channel renewal task assignees To customize the message shown to renewal task assignees for your desired languages, complete the following steps:

      1. Click the Edit button of your desired language.

      2. In the Message to Renewal Process Assignee panel, enter a custom message in the text box.

      3. Click Save when you finish the configuration. The custom message will be shown to renewal task assignees before they start to renew the private channel.

    • Default selection – Select a default language for the message shown to the renewal task assignee.

    • Choose whether to Allow private channel renewal task assignees to delete the private channel. With the option selected, the private channel renewal task assignees can delete the private channel during the renewal process.

    • Choose whether to Allow team renewal task assignees to delete the private channel. With the option selected, the team renewal task assignees can delete the private channel during the renewal process.

    • Choose whether to Allow team renewal task assignees to skip the private channel renewal task. With the option selected, the team renewal task assignees can skip the private channel renewal task before starting the team renewal.

    • Choose whether to enable the Private channel ownership renewal. With the option selected, the private channel renewal task assignee will be able to modify the channel ownership during the renewal process.

    • Choose whether to enable the Private channel membership renewal. With the option selected, the private channel renewal task assignee will be able to modify the channel membership during the renewal process.

    • Choose whether to Send a reminder email to the renewal task assignees before each renewal process is overdue. With the reminder enabled, select a reminder profile from the drop-down list or click Create New to create a new profile. For details on how to configure a reminder profile, refer to Configure Reminder Profiles for Upcoming Expiration.

    Note the following:

    • Private channel renewal requires the renewal permission index enabled for your tenant in Settings > System settings > Renewal permission index. For more instructions, refer to Enable Integration with Insights for Renewal Permission Index.

    • Once private channel renewal is enabled for a team, the team renewal cannot be started with any pending renewal task.

  13. Recommended Renewal Actions – Choose the additional renewal actions that you recommend the renewal task assignees to perform when they complete the group/team renewal tasks.

    • Minimum amount of owners required – Specify the minimum amount of owners required in the group/team. The renewal task assignees need to add owners during the group/team renewal process based on your specified amount.

    • Remove users who have been blocked from signing in Microsoft Entra

    • Remove all direct guest access to high risk content

      AvePoint Cloud Governance integrates with AvePoint Insights to retrieve data and information for the renewal process. The risk level is defined by Insights, and the table below illustrates the risk level calculation based on the sensitivity level and exposure level:

      Exposure LevelSensitivity LevelHighMediumLow
      HighHigh RiskHigh RiskMedium Risk
      MediumHigh RiskMedium RiskLow Risk
      LowMedium RiskLow RiskLow Risk
      N/AN/AN/AN/A

      • With the subscription to Insights, you can customize the sensitivity and exposure definitions. For more instructions, you can refer to Risk Definition Administration.

      • Without the subscription to Insights, default settings of sensitivity and exposure definitions provided by Insights will be used and cannot be customized. For more information, you can refer to Default Settings of Sensitivity and Exposure Definitions provided by Insights.

    • Remove all user permissions except owners and members

    • Remove sharing links with external user access

  14. Administrator Contact – The administrator contact should be an IT administrator who is responsible for the successful completion of the renewal process. Refer to the following instructions:

    1. A Microsoft 365 user, Microsoft 365 Group, or mail-enabled security group can be the administrator contact. Enter a username or group name in the text box.

    2. Error task notification email template – Select an error task email template from the drop-down list. If a renewal task encounters any errors, the group or team will be in the Renewal Completed with Exception status, and the administrator contact will receive a notification email. The current renewal task assignee will receive a copy of the error task notification email. Apart from the renewal task assignee, this administrator contact can also renew the group or team in the Workspaces (in the AvePoint Cloud Governance Portal) report.

    3. Renewal process overdue email template – Select a renewal process overdue email template from the drop-down list. If the renewal process is overdue, a notification email will be sent to this administrator contact.

  15. Click Save to save your renewal profile.

Note the following:

  • When you edit an existing renewal profile, the changes will impact all groups/teams that reference this renewal profile. Any changes on the renewal schedule, including renewal start time, renewal task assignee, and notifications sent to contacts will take effect on future renewal tasks. Other changes will take effect on both current and future renewal tasks.

  • Re-applying a policy to a group/team will no longer change the group/team renewal start time if you change some settings in the policy but do not change the renewal schedule.

  • For a group/team that has a pending renewal task, any Change Group/Team Settings service request cannot be submitted.

Scheduled Renewal Process Elaboration

There are three methods to configure the renewal schedule, for more information about each method, see the corresponding section below:

Configure a periodical renewal schedule

You can refer to the following elaboration on the periodical renewal schedule:

With the Workspace created time set as the renewal recurrence start time:

  • The workspace created time will be used to calculate the first renewal task generation time. Start from the workspace created time, after your specified renewal recurrence interval, the first renewal task will be generated.

    For example, a team is created at 14:21:57 p.m. on March 15th, 2022, and you configure the renewal recurrence as Every 1 day. Then, the first renewal task will be generated at 14:21:57 p.m. on March 16th, 2022.

  • The next renewal task will be generated based on the last renewal task generation time. Starting from the last renewal task generation time, after your specified renewal recurrence interval, the next renewal task will be generated.

With a Specific date set as the renewal recurrence start time:

  • If the time that the renewal profile is applied to a workspace is earlier than your specified start time, the first renewal task will be generated at your specified start time.

    For example, you specified the renewal recurrence start time as 2022-03-22 14:19:30, and the renewal profile is applied to the workspace at 2022-03-15 15:33:57. Then, the first renewal task will be generated at 2022-03-22 14:29:30.

  • If the time that the renewal profile applied to a workspace is later than your specified start time, start from your specified start time, after your specified renewal recurrence interval, or times of the recurrence interval, the first renewal task will be generated.

    For example, you specified the renewal recurrence start time as 2022-01-19 20:25:51, and the renewal profile is applied to the workspace at 2022-03-15 15:33:57. The first renewal task will be generated at 2022-03-15 20:25:51.

  • The next renewal task will be generated based on the last renewal task generation time. Starting from the last renewal task generation time, after your specified renewal recurrence interval, the next renewal task will be generated.

Manually specify each renewal task generation time

You can refer to the following elaboration on the manually specified renewal schedule:

  • The first renewal task will be generated on the time in the list that is closest to the current renewal profile applied time.

  • If all the renewal time that you added to the list is earlier than the current renewal profile applied time, all renewal tasks will be generated on the same date and time in the next year.

Generate the next renewal task based on the last renewal completion date

You can refer to the following elaboration on the renewal task generated based on the last renewal completion date:

With the Workspace created time set as the renewal recurrence start time, the workspace created time will be used to calculate the first renewal task generation time. Start from the workspace created time, after your specified renewal recurrence interval, the first renewal task will be generated.

With the Specific date set as the renewal recurrence start time:

  • If the time that the renewal profile applied to a workspace is earlier than your specified start time, the first renewal task will be generated on your specified start time.

  • If the time that the renewal profile applied to a guest user is later than your specified start time, start from the renewal profile applied time, after your specified renewal recurrence interval or times of your specified renewal recurrence interval, the first renewal task will be generated.

  • When a renewal task is completed, the next renewal task will be generated after your specified renewal recurrence interval. The next renewal task will not be generated if the last renewal task is not completed even with the renewal recurrence configured.