Settings
Customize EasyLife 365 Collaboration for your organization by configuring the Settings tab in EasyLife 365 Admin. The settings page is organized into dedicated sections — one for each major feature area — accessible from the left-hand navigation menu.
Most feature areas are gated by a top-level toggle (for example Enable guest account management). When the toggle is off, the feature is hidden from the EasyLife 365 Collaboration while the underlying settings remain editable, allowing you to prepare configurations before rolling the feature out.
The following sections describe each settings area in the order it appears in the EasyLife 365 Admin navigation.
Groups and teams
Define how Microsoft 365 Teams and Groups are managed, secured, and monitored. Group and team management is the core capability of EasyLife 365 Collaboration and is enabled by default. Use the top-level switch to hide or expose the feature in the EasyLife 365 Collaboration.
Archived team permissions
Control user access and editing capabilities for archived teams.
When Restrict members to read-only permissions when archived is enabled, members lose edit permissions after a team or group is archived. In SharePoint, all site members (groups and users) are transferred to the Site visitors group during archival. When the team is unarchived, the linked security group is restored as a Site member.
When disabled (the default), members keep write access to the team's SharePoint site after archival.
The setting applies universally to any team archived by EasyLife 365 Collaboration from the moment it is saved.
Education templates
If you operate a Microsoft 365 Education (EDU) tenant, enable Enable Education templates to allow provisioning of classroom templates in EasyLife 365 Collaboration. A registered Microsoft Entra ID application in the Entra Admin Center is required.
Viva Engage templates
EasyLife 365 Collaboration supports the management of Viva Engage Groups in native mode. Enable Enable Viva Engage templates to expose Viva Engage templates in the EasyLife 365 Admin. Requires your Viva Engage network to be configured in native mode.
Engine scans
The EasyLife 365 Collaboration Engine monitors compliance across Microsoft 365 Groups and Teams within your organization. Enable Run automated engine scans to allow the engine to:
- enforce configured policies on existing groups and teams,
- trigger notifications and escalations,
- run automated remediation actions when configured.
Disabling scans pauses Group policy enforcement and compliance workflows while still permitting creation of new Microsoft 365 resources via EasyLife 365 Collaboration.
Guest accounts
Control how external users are invited, what they can access, and how guest accounts are governed across your tenant. Toggle Enable guest account management to expose or hide guest-related features in the EasyLife 365 Collaboration.
Invitation
Define how guest invitation emails are sent and configured.
- Automatically send an invitation email when a guest account is created — When enabled, EasyLife sends the invitation email immediately after account creation.
- Invitation mail language — Default language used in guest invitation emails. Choose
-- Tenant default --to use the tenant's default language, or select a specific language (Dutch, English, French, German, Italian, Polish, Spanish, Turkish). - Default redirect URL — Page guests are redirected to after they accept the invitation. The default is
https://myapplications.microsoft.com. We recommend changing it tohttps://teams.microsoft.com/?_tenantId={yourTenantId}. - Customize invitation email content and branding — Enable to replace the default Microsoft invitation email with a custom mail that matches your organization. When enabled, a dedicated configuration area becomes visible to define the sender mailbox, language picker behavior, heading, organization name, subject, intro, outro, and standardized invitation content.
For step-by-step instructions, see Customize invitation email content and branding.
Access control
The Permissions form defines which actions users are allowed to perform on guest accounts:
Allow users to take ownership when no owner is assigned— lets users take over ownership of existing guest accounts that have no owners.Allow owners to delete accounts— lets guest owners delete guest accounts without a template. Template permissions can override this default.Allow owners to enable or disable accounts— lets guest owners enable or disable guest accounts without a template. Template permissions can override this default.Allow owners to change owners— lets guest owners reassign ownership without a template. Template permissions can override this default.Allow owners to assign a template when none is linked— lets guest owners assign a template to an unmanaged guest account. For finer-grained control, configure this behavior in a template policy.
The Access restrictions form enables audience filtering — restricting guest account management to a specific group of users:
- Create an Entra ID security group and add the users who should be allowed to use guest account management.
- Search for the group in the
Audience filteringpicker and select it. - Save changes.
Leave the picker empty to enable the feature for all users in your organization.
Workflows
Enable Enable existing guest addition workflow to let users request the addition of existing guests to Teams and Groups with approvals, delegated execution, and controlled overrides. Enabling this feature also allows adding an approval workflow for the addition of guest accounts to a Team.
Interface behavior
Control which guest-related features and options are visible in the EasyLife 365 Collaboration:
Hide the membership tab in guest details— conceals the membership tab in the details view of a guest account.Hide the All guests search— hides the search bar in the guest account overview.Hide the My Groups option in the invitation wizard— removes the My Groups shortcut from the guest invitation wizard.
Engine scans
Enable Run automated engine scans to allow the guest account engine to periodically scan compliance for every guest account in your organization, enforce governance rules, and trigger notifications, escalations, or automated actions.
SharePoint sites
Configure and manage standalone SharePoint sites — those that are not connected to a Microsoft 365 Group or Team.
Most SharePoint sites are group-connected and should be managed from the Groups and teams settings. Use SharePoint sites only when a site has no associated Team or Microsoft 365 Group.
Toggle Enable SharePoint Sites management to expose the feature in EasyLife 365 Collaboration. Templates and policies for Communication Sites and Team Sites are visible in EasyLife 365 Admin only when this setting is enabled. All sites your users create are listed under the Collaboration tab.
Security groups
For each SharePoint site your users provision, a dedicated security group is created containing all the site collection administrators as both owners and members. The SharePoint membership is replaced with the security group membership.
- Security Group prefix — Every created security group is prefixed with this value and suffixed with
{SharePointGuid}. The default prefix isSG_EL_SPO_. Change it here if your organization uses another naming convention. - Replace the built-in SharePoint Admin Group — During site conversion, EasyLife replaces the built-in SharePoint Administrators group with the selected security group to ensure consistent and auditable administrative access. Search and select the security group to use.
Engine scans
Enable Run automated engine scans to run daily policy scans against managed SharePoint sites. Without engine scans enabled, policies you assign to SharePoint sites are not evaluated, no notifications are sent, and no escalation actions are taken.
OneDrive
Toggle Enable OneDrive management to enable governance for OneDrive accounts across your tenant.
Engine scans
Enable Run automated engine scans to allow EasyLife to monitor OneDrive accounts, enforce configured governance rules, and trigger notifications, escalations, or automated actions.
Discovery
The Discovery settings area is only visible when the feature flag is enabled for your tenant.
Discovery enables users to discover and request access to organizational resources using enhanced filtering and search capabilities.
- Discovery — Master toggle. Please allow up to 24 hours for all filters to fully synchronize across the environment. Disabling Discovery permanently deletes all filters linked to the resource. Re-enabling Discovery later requires a full environment scan to recreate the filters.
- Show enhanced filters — Enables the enhanced filters on the overview pages.
- Allow Non-Owners to Discover Resources — Grants non-owners access to discover and explore available organizational resources.
- Groups and Sites — Managed Properties — Choose which fields are exposed as managed properties for the discovery of groups and sites.
- Guests — Managed Properties — Choose which fields are exposed as managed properties for the discovery of guests.
Approvals
Approval workflows enable you to define multiple approval stages for the resources that can be provisioned through EasyLife 365 Collaboration.
Enable the Enable Approvals switch to surface the Approvals node under Templates, where you can create multiple workflows for your needs and connect them with specific templates. To learn more about templates, visit the Approvals section.
Audit logging
Audit logging records governance actions — such as confirmations, access reviews, and engine actions — and stores them in Azure Log Analytics. Audit logs can be used as evidence for compliance, access reviews, and audit trails. For end-to-end configuration steps, see Configure audit logging.
Toggle Enable audit logging to start sending events to your Azure Application Insights and Log Analytics workspace. Two endpoints can be configured:
- Ingestion Mode (Application Insights connection string) — Paste the connection string from the Application Insights resource. Required when audit logging is enabled. Changes may take up to 24 hours to propagate.
- Reading Mode (Log Analytics workspace ID) — Paste the Log Analytics workspace ID linked to the Application Insights resource. Grant the EasyLife app Log Analytics Reader access to view logs from within EasyLife 365 Admin.
To view logs of resources from within EasyLife 365 Admin, ensure the Reading Mode configuration is in place.
Once audit logging is enabled and reading mode is configured, governance events are forwarded to your Application Insights and you can monitor activities for a resource directly from EasyLife 365 Admin:
- Visit the manage section for the resource and click the info button next to the resource name.
- Click the Logs tab to view all actions taken on the resource.
Log entries are listed chronologically, with the newest first.
Microsoft 365 Audit Logs
In addition to EasyLife event logging, Microsoft 365 Audit Logs provide a robust tool for tracking app and user activities. By leveraging tailored filters for EasyLife 365 apps, customers can navigate and review logged activities within their tenant's audit logs.
Available Events
The following section outlines all events tracked through the audit logging feature, categorized by capability area.
Guest Account Management
Admin Activities
| Category | EventId | Description |
|---|---|---|
| ADMIN | ASSIGN-POLICY | Assigns a policy to the resource |
| ADMIN | REMOVE-POLICY | Removes a policy from the resource |
| ADMIN | ASSIGN-TEMPLATE | Assigns a template to the resource |
| ADMIN | REMOVE-TEMPLATE | Removes a template from the resource |
| ADMIN | ASSIGN-OWNER | Assigns an owner to the guest account |
| ADMIN | REMOVE-OWNER | Removes an owner from the guest account |
| ADMIN | DELETE | Deletes a guest account |
User Activities
| Category | EventId | Description |
|---|---|---|
| ENGINE | INVITE | Engine invites a guest on behalf of another user |
| POLICY | SEND-INVITATION | Resends an invitation |
| ACCOUNT | DISABLE | Disables a guest |
| ACCOUNT | ENABLE | Enables a guest |
| ACCOUNT | DELETE | Deletes a guest |
| ACCOUNT | REMOVE-OWNER | An owner removes another owner from a guest |
| ACCOUNT | CHANGE-OWNER | Changes the owner for a guest |
| ACCOUNT | TAKE-OWNERSHIP | A user takes over the ownership of a guest |
| ACCOUNT | UPDATE-METADATA | Updates the metadata of a guest |
| POLICY | EXTEND-DISABLEMENT | Extends a disabled guest |
| POLICY | CONFIRM | Confirms a guest |
| POLICY | EXTEND-INACTIVITY | Extends an inactive guest |
Engine Activities
| Category | EventId | Description |
|---|---|---|
| ENGINE | DELETE | Deletes a guest due to an escalation |
| ENGINE | DISABLE | Disables a guest due to an escalation |
SharePoint Management
Admin Activities
| Category | EventId | Description |
|---|---|---|
| ADMIN | ASSIGN-POLICY | An admin assigns a policy to a site |
| ADMIN | REMOVE-POLICY | An admin removes a policy from a site |
| ADMIN | ASSIGN-TEMPLATE | An admin assigns a template to a site |
| ADMIN | REMOVE-TEMPLATE | An admin removes a template from a site |
| ADMIN | ASSIGN-OWNER | An admin assigns an owner to a site |
| ADMIN | REMOVE-OWNER | An admin removes an owner from a site |
| ADMIN | UNLINK-SITE | Unlinks the SharePoint site and deletes the associated security group |
| ADMIN | LINK-SITE | The admin converts a site to an EasyLife managed site and associates a security group |
User Activities
| Category | EventId | Description |
|---|---|---|
| POLICY | MINIMUMOWNER-COMPLIANT | An owner makes the minimum owner policy compliant |
| POLICY | MINIMUMOWNER-INCOMPLIANT | An owner makes the minimum owner policy incompliant |
| POLICY | ASSIGN-TEMPLATE | An owner assigns a template to a site |
| POLICY | EXTEND-EXPIRATION | An owner makes an expired site compliant |
| POLICY | ASSIGN-POLICY | An owner assigns a policy to a site |
| POLICY | CONFIRM | An owner confirms a site |
| POLICY | COMPLETE-ACESSREVIEW | An owner completes an access review |
| ACCOUNT | DELETE | An owner deletes a SharePoint site with EasyLife |
Engine Activities
| Category | EventId | Description |
|---|---|---|
| ENGINE | ASSOCIATE-GROUP-TO-SITE | The EasyLife Security Group is associated with the site |
| ENGINE | SYNC-SITE | Permission synchronization is performed between the associated group and site admins |
| ENGINE | DELETE | A site is deleted by EasyLife |
| ENGINE | DELETE-SPO-GROUP | The SharePoint Security Group was deleted permanently after 90 days |
Groups Management
Admin Activities
| Category | EventId | Description |
|---|---|---|
| ADMIN | ASSIGN-POLICY | An admin assigns a policy to a group |
| ADMIN | REMOVE-POLICY | An admin removes a policy from a group |
| ADMIN | ASSIGN-TEMPLATE | An admin assigns a template to a group |
| ADMIN | REMOVE-TEMPLATE | An admin removes a template from a group |
| ADMIN | ASSIG-NOWNER | An admin assigns an owner to a group |
| ADMIN | REMOVE-OWNER | An admin removes an owner from a group |
| ADMIN | DELETE | An admin deletes a group |
User Activities
| Category | EventId | Description |
|---|---|---|
| ACCOUNT | DELETE | Deletes a group |
| ACCOUNT | ARCHIVE-TEAM | Archives a team with EasyLife |
| ACCOUNT | UNARCHIVE-TEAM | Unarchives a team with EasyLife |
| ACCOUNT | START-ACCESSREVIEW | Starts an access review |
| ACCOUNT | CANCEL-ACCESSREVIEW | Cancels an access review |
| ACCOUNT | COMPLETE-ACCESSREVIEW-STEP | Completes an access review step |
| ACCOUNT | TAKE-TEAM-CHANNEL-OWNERSHIP | Takes over a channel ownership if there are no other owners assigned during an access review |
| ACCOUNT | GET-ACCESSSREVIEW | Retrieves the access review |
| ACCOUNT | COMPLETE-ACCESSREVIEW | Completes the access review |
| POLICY | CONFIRM | Confirms a group |
| POLICY | EXTEND-EXPIRATION | Extends a group that is not in use |
| POLICY | ASSIGN-TEMPLATE | Assigns a target template using a template policy |
| POLICY | ASSIGN-POLICY | Assigns a target policy using a template policy |
| POLICY | MINIMUMOWNER-COMPLIANT | An owner makes the minimum owner policy compliant |
| POLICY | MINIMUMOWNER-INCOMPLIANT | An owner makes the minimum owner policy incompliant |
Engine Activities
| Category | EventId | Description |
|---|---|---|
| ENGINE | CREATE-GROUP | Creates a group on behalf of a user |
| ENGINE | CREATE-TEAM | Creates a team on behalf of a user |
| ENGINE | ARCHIVE-TEAM | Archives a team due to an escalation |
| ENGINE | DELETE | Deletes a group due to an escalation |
| ENGINE | REMOVE-GUESTS | Deletes guests from a group due to an escalation |
| ENGINE | REMOVE-MEMBERS-AND-GUESTS | Removes members and groups due to an escalation |
Collected Values
Each event entry contains essential details including ObjectId, DisplayName, Category, EventId, PreviousValue, NextValue, Description, CreatedBy, and Created.
Querying Event Logs
Once your Application Insights and Log Analytics Workspace are connected, you can execute queries on the Log Analytics workspace to retrieve log information. Examples:
- Retrieve all logs in chronological order:
AppTraces
| project
EventId = Properties.eventId, Category = Properties.category,
ResourceId = Properties.resourceId,
Name = Properties.name,
Description = Properties.description,
Actor = Properties.actor,
PreviousValue = Properties.previousValue,
NextValue = Properties.nextValue,
TimeGenerated
| order by TimeGenerated desc
- Retrieve all events that executed a deletion operation:
AppTraces
| project
EventId = Properties.eventId,
Category = Properties.category,
ResourceId = Properties.resourceId,
Name = Properties.name,
Description = Properties.description,
Actor = Properties.actor,
PreviousValue = Properties.previousValue,
NextValue = Properties.nextValue,
TimeGenerated
| where EventId == 'DELETE'
| order by TimeGenerated desc
Notifications
Configure how EasyLife 365 delivers notifications to your users across Microsoft Teams and email.
Strategy
Choose how notifications are delivered to users, including Microsoft Teams and email fallback options.
- Enable Microsoft Teams notifications — When enabled, notifications are sent via Microsoft Teams to users who have the EasyLife 365 Teams app installed.
- Enable dual notifications (Teams and Email) — Sends notifications via both Microsoft Teams and email. Requires Teams notifications to be enabled.
- Number of dual notifications before escalation — Visible when dual notifications are enabled. Defines how many notifications are sent before escalation actions are triggered (between 1 and 10).
When Teams notifications are disabled, EasyLife falls back to email for all notifications.
Escalations are always sent by email, regardless of the Teams notification strategy.
Email settings
The Email settings section configures the email channel used by EasyLife.
General
By default, EasyLife sends emails from the built-in SendGrid account using the EasyLife email domains and templates. Toggle the provider switch to send email notifications from a shared mailbox in your Exchange Online environment instead (recommended). Click Configure and select the shared mailbox to use as the sender.
Make sure the EasyLife 365 API can access the shared mailbox.
Language
EasyLife 365 Collaboration can use different sources when choosing the language for email notifications:
- If
Use mailbox regional settingsis enabled, EasyLife uses the user's mailbox regional settings from Exchange Online. - If the setting is disabled (or EasyLife does not have permission to read mailbox settings, or the mailbox is not hosted on Exchange Online), it uses the Entra ID attribute
PreferredLanguage. - If a language cannot be determined using any of the above methods, EasyLife falls back to the Default language selected from the dropdown (English by default).
If you want to use mailbox regional settings, you cannot restrict API permissions to members of a distribution group.
Email branding
Customize the appearance of email notifications:
- Banner and Logo — upload your organization's images to brand the email template.
- Company name — shown in the email content.
- Contact — primary contact displayed in the email footer.
- Read more URL — link displayed in the email content. Must start with
http://orhttps://.
Click Show preview to inspect how the branded email will appear to recipients.
Email templates
This table lists the types of email notifications EasyLife sends to your users:
| Email Template | Audience |
|---|---|
| Microsoft Group creation notification This email is sent to the person requesting a new resource using the Wizard in the EasyLife 365 Collaboration App. | Owners |
| Minimum Owner policy warning This email is sent to owners of a resource if the minimum owner policy is not met. The users will see how much time is left until an escalation will happen and what are the consequences of missing this timeframe. | Owners |
| Access Review warning This email will be sent to an owner if an access review is due. | Owners |
| Expiration warning This email will be sent to an owner once a resource has been expired and a confirmation is required by the owner if the resource is still in use or not. | Owners |
| Confirmation warning This email will be sent to an owner once a resource utilization must be confirmed. | Owners |
| Minimum Owner escalation This email will be triggered once the owner fails to act on a resource. The configuration for the timeframe and the recipient of the notification is configured in the policy. | Recipient specified in policy |
| Access Review escalation This email will be triggered once the owner fails to act on a resource. The configuration for the timeframe and the recipient of the notification is configured in the policy. | Recipient specified in policy |
| Expiration Review escalation This email will be triggered once the owner fails to act on a resource. The configuration for the timeframe and the recipient of the notification is configured in the policy. | Recipient specified in policy |
| Confirmation escalation This email will be triggered once the owner fails to act on a resource. The configuration for the timeframe and the recipient of the notification is configured in the policy. | Recipient specified in policy |
| Ownerless escalation This email will be triggered if an ownerless resource has been identified. Note: the email will only be triggered once per resource. | Recipient specified in policy |
Wizard
Toggle Enable the creation wizard to allow users to create resources through a guided, step-by-step wizard for your configured templates and governance rules. When disabled, the wizard is hidden from the EasyLife 365 Collaboration.
Export
The Export wizard lets you download a JSON configuration file that captures your current tenant settings, templates, policies, and provisioning actions. Use the export to:
- back up your current configuration,
- transfer settings to another tenant,
- share configurations between environments.
Follow the wizard to select the items to include in the export and download the generated JSON file.
Import
The Import wizard lets you upload a JSON configuration file to update existing settings and create new versions of modified items. Supported formats: JSON configuration files exported from EasyLife 365.
Follow the wizard to upload your file, review the impact, and apply the changes. After a successful import, current tenant settings in the EasyLife 365 Admin are refreshed automatically.