Skip to main content
Version: Insiders

Settings

Customize the settings for EasyLife 365 Collaboration to align with your organization's needs through the settings tab within the EasyLife 365 Admin Insiders.

Permissions

In this section, manage the permissions for EasyLife 365 Collaboration within your organization's tenant. Grant permissions during onboarding and update them as necessary for new features.

info

The EasyLife 365 Admin Insiders automatically checks permission status and alerts you to any required updates.

Groups

EasyLife 365 group management is enabled by default and cannot be disabled. It encompasses the core functionality of EasyLife 365, including Governance for Teams and Groups. To activate lifecycle management for Teams and Groups, ensure that Enable Engine scans is selected.

Teams

By default, when a Team is archived, its members retain write access to the Team's SharePoint site. If you prefer to grant members read-only access instead, ensure to select the option labeled Members receive read-only permissions when archiving. It's essential to note that this setting applies universally to any Team archived by EasyLife 365 Collaboration from this point forward. Regarding SharePoint, this involves transferring all Site members (groups and users) to the Site visitors group when archiving. Upon unarchiving, only the linked security group is reverted back to the Site members group.

Education

If you operate an education tenant, you can enable provisioning for Education Templates in EasyLife 365 Collaboration. Once enabled, grant the necessary permissions in the permissions section to create templates for classrooms.

Viva Engage

EasyLife 365 Collaboration supports the management of Viva Engage Groups in native mode. To enable this functionality, ensure Enable Viva Engage is checked and provide an app access token with the correct permission Create Group. To learn more about Viva Engage in EasyLife 365, visit the Viva Engage How-To.

The EasyLife 365 Collaboration Engine monitors compliance across Microsoft 365 Groups and Teams within your organization. Enable or disable daily scans of groups in your tenant here. Disabling scans will pause Group policy enforcement and compliance workflows while still permitting the creation of new Microsoft 365 resources via EasyLife.

Guests

Enable guest account management with EasyLife 365 by selecting the box Enable Guest Account Management. The EasyLife 365 Admin Insiders only displays templates or policies for guest accounts if this checkbox is enabled. The EasyLife 365 Collaboration App only shows the Guests tab if this checkbox is enabled.

Invitation

The invitation email is sent in the default language of the tenant. To send the invitation email in another language, select the language from the dropdown below Invitation mail language.

The default redirect URL for new guest accounts is https://myapplications.microsoft.com. We recommend changing this to https://teams.microsoft.com/_?tenantId={yourTenantId}. To modify the default redirect URL, enter the URL in the textbox below Default redirect URL.

Permissions for Guest Account Management

Enable the checkbox Allow users to take over ownership of guest accounts with no owners to permit users to take ownership of existing guest accounts through the EasyLife 365 Collaboration App. Enable the checkbox Guest owners are allowed to delete guests without a template if you want to allow guest account owners to delete guest accounts without a template. Enable the checkbox Guest owners are allowed to enable/disable guests without a template if you want to allow guest account owners to enable or disable guest accounts without a template. Enable the checkbox Hide the membership tab in the guest details to conceal the membership tab in the details view of a guest account. Enable the checkbox Hide the all guests search in the EasyLife 365 Collaboration App to hide the search bar in the guest account overview. Enable the checkbox Enable existing guest addition workflow if you want to specify how existing guests can be added to groups using an EasyLife workflow. Enabling this feature allows adding an approval workflow for the addition of guest accounts in a Team.

Access restrictions for Guest Account Management

Access restrictions enable guest account management for a specific group of users:

  • Create an Entra ID security group and add the users who should be allowed to use guest account management features to the group.
  • Type the name of the group in the search bar below Access restrictions and click to select the group.
  • Click Save changes to restrict guest account management features to members of the selected group.

Guest account engine

The guest account engine periodically scans the compliance status of all guest accounts in your organization. To enable periodic scans, select the box Enable Guest Account Engine scans.

SharePoint

Enable the management of SharePoint sites with EasyLife 365 by selecting the box Enable SharePoint Site Management. If this checkbox is enabled, the EasyLife 365 Admin Insiders only displays templates or policies for the Communication Sites and Team sites. All sites your user creates will be shown under the Collaboration tab.

Engine scans

You must enable the Enable engine scans option to conduct daily policy scans. Failure to do so means the policies you set on SharePoint sites won't be checked, no notifications will be sent, and even in case of an escalation, no action will be taken. Therefore, this option must be selected.

Security group naming convention

For each SharePoint site your users provision, a security group will be created containing all the site collection administrators as owners and as members. The SharePoint membership will be replaced with the security group membership. All created security groups will be prefixed with SG_EL_SPO_ and named after the SharePoint id by default. If your company needs to use another prefix, you can change it in the field Security Group Prefix. Each EasyLife-managed SharePoint site will have an associated security group with the naming convention.

Approvals

Approval workflows enable you to define multiple approval stages for the resources that can be provisioned through EasyLife 365 Collaboration. Check the Enable Approvals, and you will see Approvals in Templates where you can create multiple workflows for your needs and connect them with specific templates. To learn more about templates, visit the Approvals section.

Logging

Efficient logging mechanisms in the EasyLife application are crucial for tracking activities and ensuring compliance. Here, we detail two primary logging methods integral to EasyLife's functionality.

Microsoft 365 Audit Logs

Microsoft 365 Audit Logs serve as a robust tool for comprehensively tracking app and user activities within EasyLife. By leveraging tailored filters for EasyLife 365 apps, customers can effortlessly navigate and review logged activities within their audit logs.

Event Logging

Event logging is another vital component, providing a structured approach to capturing governance activities within our applications. These activities are meticulously recorded in an analytics workspace of your choice, ensuring systematic documentation for future reference and compliance purposes.

info

By default, event logging is disabled. To enable it, navigate to the Logging tab and select the Log events box. Learn more about configuring event logging here.

Viewing Resource Logs

warning

To view logs of resources, ensure correct configuration of event logging in Read Mode.

Once event logging is enabled, governance events are seamlessly forwarded to your configured Application Insight. With data retention in your environment and read mode enabled, you can effortlessly monitor activities performed for a resource within the EasyLife 365 Admin Insiders. Follow these steps:

  • Visit the manage section for the resource and click on the info button near the resource name.
  • Click on the Logs tab to view all actions taken on this resource.

All event logs are neatly organized chronologically, with the newest entries appearing first.

Available Events

The following section outlines all events tracked through the event logging feature, categorized for clarity.

Guest Account Management

Admin Activities

CategoryEventIdDescription
ADMINASSIGN-POLICYAssigns a policy to the resource
ADMINREMOVE-POLICYRemoves a policy from the resource
ADMINASSIGN-TEMPLATEAssigns a template to the resource
ADMINREMOVE-TEMPLATERemoves a template from the resource
ADMINASSIGN-OWNERAssigns an owner to the guest account
ADMINREMOVE-OWNERRemoves an owner from the guest account
ADMINDELETEDeletes a guest account

User Activities

CategoryEventIdDescription
ENGINEINVITEEngine invites a guest on behalf of another user
POLICYSEND-INVITATIONResends an invitation
ACCOUNTDISABLEDisables a guest
ACCOUNTENABLEEnables a guest
ACCOUNTDELETEDeletes a guest
ACCOUNTREMOVE-OWNERAn owner removes another owner from a guest
ACCOUNTCHANGE-OWNERChanges the owner for a guest
ACCOUNTTAKE-OWNERSHIPA user takes over the ownership of a guest
ACCOUNTUPDATE-METADATAUpdates the metadata of a guest
POLICYEXTEND-DISABLEMENTExtends a disabled guest
POLICYCONFIRMConfirms a guest
POLICYEXTEND-INACTIVITYExtends an inactive guest

Engine Activities

CategoryEventIdDescription
ENGINEDELETEDeletes a guest due to an escalation
ENGINEDISABLEDisables a guest due to an escalation
SharePoint Management
Admin Activities
CategoryEventIdDescription
ADMINASSIGN-POLICYAn admin assigns a policy to a site
ADMINREMOVE-POLICYAn admin removes a policy from a site
ADMINASSIGN-TEMPLATEAn admin assigns a template to a site
ADMINREMOVE-TEMPLATEAn admin removes a template from a site
ADMINASSIGN-OWNERAn admin assigns an owner to a site
ADMINREMOVE-OWNERAn admin removes an owner from a site
ADMINUNLINK-SITEUnlinks the SharePoint site and deletes the associated security group
ADMINLINK-SITEThe admin converts a site to an EasyLife managed site and associates a security group
User Activities
CategoryEventIdDescription
POLICYMINIMUMOWNER-COMPLIANTAn owner makes the minimum owner policy compliant
POLICYMINIMUMOWNER-INCOMPLIANTAn owner makes the minimum owner policy incompliant
POLICYASSIGN-TEMPLATEAn owner assigns a template to a site
POLICYEXTEND-EXPIRATIONAn owner makes an expired site compliant
POLICYASSIGN-POLICYAn owner assigns a policy to a site
POLICYCONFIRMAn owner confirms a site
POLICYCOMPLETE-ACESSREVIEWAn owner completes an access review
ACCOUNTDELETEAn owner deletes a SharePoint site with EasyLife
Engine Activities
CategoryEventIdDescription
ENGINEASSOCIATE-GROUP-TO-SITEThe EasyLife Security Group is associated with the site
ENGINESYNC-SITEPermission synchronization is performed between the associated group and site admins
ENGINEDELETEA site is deleted by EasyLife
ENGINEDELETE-SPO-GROUPThe SharePoint Security Group was deleted permanently after 90 days
Groups Management
Admin Activities
CategoryEventIdDescription
ADMINASSIGN-POLICYAn admin assigns a policy to a group
ADMINREMOVE-POLICYAn admin removes a policy from a group
ADMINASSIGN-TEMPLATEAn admin assigns a template to a group
ADMINREMOVE-TEMPLATEAn admin removes a template from a group
ADMINASSIG-NOWNERAn admin assigns an owner to a group
ADMINREMOVE-OWNERAn admin removes an owner from a group
ADMINDELETEAn admin deletes a group
User Activities
CategoryEventIdDescription
ACCOUNTDELETEDeletes a group
ACCOUNTARCHIVE-TEAMArchives a team with EasyLife
ACCOUNTUNARCHIVE-TEAMUnarchives a team with EasyLife
ACCOUNTSTART-ACCESSREVIEWStarts an access review
ACCOUNTCANCEL-ACCESSREVIEWCancels an access review
ACCOUNTCOMPLETE-ACCESSREVIEW-STEPCompletes an access review step
ACCOUNTTAKE-TEAM-CHANNEL-OWNERSHIPTakes over a channel ownership if there are no other owners assigned during an access review
ACCOUNTGET-ACCESSSREVIEWRetrieves the access review
ACCOUNTCOMPLETE-ACCESSREVIEWCompletes the access review
POLICYCONFIRMConfirms a group
POLICYEXTEND-EXPIRATIONExtends a group that is not in use
POLICYASSIGN-TEMPLATEAssigns a target template using a template policy
POLICYASSIGN-POLICYAssigns a target policy using a template policy
POLICYMINIMUMOWNER-COMPLIANTAn owner makes the minimum owner policy compliant
POLICYMINIMUMOWNER-INCOMPLIANTAn owner makes the minimum owner policy incompliant
Engine Activities
CategoryEventIdDescription
ENGINECREATE-GROUPCreates a group on behalf of a user
ENGINECREATE-TEAMCreates a team on behalf of a user
ENGINEARCHIVE-TEAMArchives a team due to an escalation
ENGINEDELETEDeletes a group due to an escalation
ENGINEREMOVE-GUESTSDeletes guests from a group due to an escalation
ENGINEREMOVE-MEMBERS-AND-GUESTSRemoves members and groups due to an escalation

Collected Values

Each event entry contains essential details including ObjectId, DisplayName, Category, EventId, PreviousValue, NextValue, Description, CreatedBy, and Created.

Querying Event Logs

Upon successful connection of your Application Insights and Log Analytics Workspace, you can execute queries on the log analytics workspace to retrieve log information. Below are examples of such queries:

  • Retrieve all logs in chronological order:
AppTraces
| project
EventId = Properties.eventId, Category = Properties.category,
ResourceId = Properties.resourceId,
Name = Properties.name,
Description = Properties.description,
Actor = Properties.actor,
PreviousValue = Properties.previousValue,
NextValue = Properties.nextValue,
TimeGenerated
| order by TimeGenerated desc
  • Retrieve all events that executed a deletion operation
AppTraces
| project
EventId = Properties.eventId,
Category = Properties.category,
ResourceId = Properties.resourceId,
Name = Properties.name,
Description = Properties.description,
Actor = Properties.actor,
PreviousValue = Properties.previousValue,
NextValue = Properties.nextValue,
TimeGenerated
| where EventId == 'DELETE'
| order by TimeGenerated desc

Notifications

The notifications section allows you to control whether EasyLife sends email notifications to your users, how these notifications are sent, and what the default language for the email notifications is.

By default, notifications are sent via Teams, but you can disable it and notifications will be sent by email. EasyLife sends all emails from a SendGrid account using the EasyLife email domains and templates. You can choose to send email notifications from a shared mailbox (which is our recommended approach) in your Exchange Online environment instead. Enable the check box next to Use a custom from address and enter the primary email address of the shared mailbox in the text box below.

It is also possible to enable Progressive notifications, which will only work if Teams notifications are enabled. This means that Teams will send the first reminder for an incompliant policy, and every subsequent reminder will be via email. If the user takes action and makes the policy compliant, the workflow resets.

warning

Make sure that the EasyLife 365 API can access the shared mailbox.

info

Escalations notifications are always sent via email.

Language

EasyLife 365 Collaboration can consider different settings when choosing the language for email notifications.

If the check box Use mailbox regional settings is enabled, EasyLife uses the user's mailbox regional settings from Exchange Online. If the check box is not enabled (or EasyLife 365 Collaboration doesn't have permission to read mailbox settings or the mailbox is not hosted on Exchange Online), it uses the Entra ID attribute PreferredLanguage.

info

If you want to use this feature, you cannot restrict API permissions to members of a distribution group.

If a language cannot be determined using any of the above methods, EasyLife falls back to the default language. The default language for notification emails is English. You can change that by selecting another language from the Default language drop-down.

This table lists the types of email notifications EasyLife sends to your users:

Email TemplateAudience
Microsoft Group creation notification
This email is sent to the person requesting a new resource using the Wizard in the EasyLife 365 Collaboration App.
Owners
Minimum Owner policy warning
This email is sent to owners of a resource if the minimum owner policy is not met. The users will see how much time is left until an escalation will happen and what are the consequences of missing this timeframe.
Owners
Access Review warning
This email will be sent to an owner if an access review is due.
Owners
Expiration warning
This email will be sent to an owner once a resource has been expired and a confirmation is required by the owner if the resource is still in use or not.
Owners
Confirmation warning
This email will be sent to an owner once a resource utilization must be confirmed.
Owners
Minimum Owner escalation
This email will be triggered once the owner fails to act on a resource. The configuration for the timeframe and the recipient of the notification is configured in the policy.
Recipient specified in policy
Access Review escalation
This email will be triggered once the owner fails to act on a resource. The configuration for the timeframe and the recipient of the notification is configured in the policy.
Recipient specified in policy
Expiration Review escalation
This email will be triggered once the owner fails to act on a resource. The configuration for the timeframe and the recipient of the notification is configured in the policy.
Recipient specified in policy
Confirmation escalation
This email will be triggered once the owner fails to act on a resource. The configuration for the timeframe and the recipient of the notification is configured in the policy.
Recipient specified in policy
Ownerless escalation
This email will be triggered if an ownerless resource has been identified.
Note: the email will only be triggered once per resource.
Recipient specified in policy

License

View license information for EasyLife 365 within your tenant.