Settings
Customize the settings for EasyLife 365 Collaboration to align with your organization's needs through the settings tab within the EasyLife 365 Admin Insiders.
Permissions
In this section, manage the permissions for EasyLife 365 Collaboration within your organization's tenant. Grant permissions during onboarding and update them as necessary for new features.
The EasyLife 365 Admin Insiders automatically checks permission status and alerts you to any required updates.
Groups
EasyLife 365 group management is enabled by default and cannot be disabled. It encompasses the core functionality of EasyLife 365, including Governance for Teams and Groups. To activate lifecycle management for Teams and Groups, ensure that Enable Engine scans is selected.
Teams
By default, when a Team is archived, its members retain write access to the Team's SharePoint site. If you prefer to grant members read-only access instead, ensure to select the option labeled Members receive read-only permissions when archiving. It's essential to note that this setting applies universally to any Team archived by EasyLife 365 Collaboration from this point forward. Regarding SharePoint, this involves transferring all Site members (groups and users) to the Site visitors group when archiving. Upon unarchiving, only the linked security group is reverted back to the Site members group.
Education
If you operate an education tenant, you can enable provisioning for Education Templates in EasyLife 365 Collaboration. Once enabled, grant the necessary permissions in the permissions section to create templates for classrooms.
Viva Engage
EasyLife 365 Collaboration supports the management of Viva Engage Groups in native mode. To enable this functionality, ensure Enable Viva Engage is checked and provide an app access token with the correct permission Create Group. To learn more about Viva Engage in EasyLife 365, visit the Viva Engage How-To.
The EasyLife 365 Collaboration Engine monitors compliance across Microsoft 365 Groups and Teams within your organization. Enable or disable daily scans of groups in your tenant here. Disabling scans will pause Group policy enforcement and compliance workflows while still permitting the creation of new Microsoft 365 resources via EasyLife.
Guests
Enable guest account management with EasyLife 365 by selecting the box Enable Guest Account Management. The EasyLife 365 Admin Insiders only displays templates or policies for guest accounts if this checkbox is enabled. The EasyLife 365 Collaboration App only shows the Guests tab if this checkbox is enabled.
Invitation
The invitation email is sent in the default language of the tenant. To send the invitation email in another language, select the language from the dropdown below Invitation mail language.
The default redirect URL for new guest accounts is https://myapplications.microsoft.com. We recommend changing this to https://teams.microsoft.com/_?tenantId={yourTenantId}. To modify the default redirect URL, enter the URL in the textbox below Default redirect URL.
Permissions for Guest Account Management
Enable the checkbox Allow users to take over ownership of guest accounts with no owners to permit users to take ownership of existing guest accounts through the EasyLife 365 Collaboration App.
Enable the checkbox Guest owners are allowed to delete guests without a template if you want to allow guest account owners to delete guest accounts without a template.
Enable the checkbox Guest owners are allowed to enable/disable guests without a template if you want to allow guest account owners to enable or disable guest accounts without a template.
Enable the checkbox Hide the membership tab in the guest details to conceal the membership tab in the details view of a guest account.
Enable the checkbox Hide the all guests search in the EasyLife 365 Collaboration App to hide the search bar in the guest account overview.
Enable the checkbox Enable existing guest addition workflow if you want to specify how existing guests can be added to groups using an EasyLife workflow. Enabling this feature allows adding an approval workflow for the addition of guest accounts in a Team.
Access restrictions for Guest Account Management
Access restrictions enable guest account management for a specific group of users:
- Create an Entra ID security group and add the users who should be allowed to use guest account management features to the group.
- Type the name of the group in the search bar below
Access restrictionsand click to select the group. - Click
Save changesto restrict guest account management features to members of the selected group.
Guest account engine
The guest account engine periodically scans the compliance status of all guest accounts in your organization. To enable periodic scans, select the box Enable Guest Account Engine scans.
SharePoint
Enable the management of SharePoint sites with EasyLife 365 by selecting the box Enable SharePoint Site Management. If this checkbox is enabled, the EasyLife 365 Admin Insiders only displays templates or policies for the Communication Sites and Team sites. All sites your user creates will be shown under the Collaboration tab.
Engine scans
You must enable the Enable engine scans option to conduct daily policy scans. Failure to do so means the policies you set on SharePoint sites won't be checked, no notifications will be sent, and even in case of an escalation, no action will be taken. Therefore, this option must be selected.
Security group naming convention
For each SharePoint site your users provision, a security group will be created containing all the site collection administrators as owners and as members. The SharePoint membership will be replaced with the security group membership. All created security groups will be prefixed with SG_EL_SPO_ and named after the SharePoint id by default. If your company needs to use another prefix, you can change it in the field Security Group Prefix. Each EasyLife-managed SharePoint site will have an associated security group with the naming convention.
Approvals
Approval workflows enable you to define multiple approval stages for the resources that can be provisioned through EasyLife 365 Collaboration. Check the Enable Approvals, and you will see Approvals in Templates where you can create multiple workflows for your needs and connect them with specific templates. To learn more about templates, visit the Approvals section.
Logging
Efficient logging mechanisms in the EasyLife application are crucial for tracking activities and ensuring compliance. Here, we detail two primary logging methods integral to EasyLife's functionality.
Microsoft 365 Audit Logs
Microsoft 365 Audit Logs serve as a robust tool for comprehensively tracking app and user activities within EasyLife. By leveraging tailored filters for EasyLife 365 apps, customers can effortlessly navigate and review logged activities within their audit logs.
Event Logging
Event logging is another vital component, providing a structured approach to capturing governance activities within our applications. These activities are meticulously recorded in an analytics workspace of your choice, ensuring systematic documentation for future reference and compliance purposes.
By default, event logging is disabled. To enable it, navigate to the Logging tab and select the Log events box. Learn more about configuring event logging here.
Viewing Resource Logs
To view logs of resources, ensure correct configuration of event logging in Read Mode.
Once event logging is enabled, governance events are seamlessly forwarded to your configured Application Insight. With data retention in your environment and read mode enabled, you can effortlessly monitor activities performed for a resource within the EasyLife 365 Admin Insiders. Follow these steps:
- Visit the manage section for the resource and click on the info button near the resource name.
- Click on the Logs tab to view all actions taken on this resource.
All event logs are neatly organized chronologically, with the newest entries appearing first.
Available Events
The following section outlines all events tracked through the event logging feature, categorized for clarity.
Guest Account Management
Admin Activities
| Category | EventId | Description |
|---|---|---|
| ADMIN | ASSIGN-POLICY | Assigns a policy to the resource |
| ADMIN | REMOVE-POLICY | Removes a policy from the resource |
| ADMIN | ASSIGN-TEMPLATE | Assigns a template to the resource |
| ADMIN | REMOVE-TEMPLATE | Removes a template from the resource |
| ADMIN | ASSIGN-OWNER | Assigns an owner to the guest account |
| ADMIN | REMOVE-OWNER | Removes an owner from the guest account |
| ADMIN | DELETE | Deletes a guest account |
User Activities
| Category | EventId | Description |
|---|---|---|
| ENGINE | INVITE | Engine invites a guest on behalf of another user |
| POLICY | SEND-INVITATION | Resends an invitation |
| ACCOUNT | DISABLE | Disables a guest |
| ACCOUNT | ENABLE | Enables a guest |
| ACCOUNT | DELETE | Deletes a guest |
| ACCOUNT | REMOVE-OWNER | An owner removes another owner from a guest |
| ACCOUNT | CHANGE-OWNER | Changes the owner for a guest |
| ACCOUNT | TAKE-OWNERSHIP | A user takes over the ownership of a guest |
| ACCOUNT | UPDATE-METADATA | Updates the metadata of a guest |
| POLICY | EXTEND-DISABLEMENT | Extends a disabled guest |
| POLICY | CONFIRM | Confirms a guest |
| POLICY | EXTEND-INACTIVITY | Extends an inactive guest |
Engine Activities
| Category | EventId | Description |
|---|---|---|
| ENGINE | DELETE | Deletes a guest due to an escalation |
| ENGINE | DISABLE | Disables a guest due to an escalation |
SharePoint Management
Admin Activities
| Category | EventId | Description |
|---|---|---|
| ADMIN | ASSIGN-POLICY | An admin assigns a policy to a site |
| ADMIN | REMOVE-POLICY | An admin removes a policy from a site |
| ADMIN | ASSIGN-TEMPLATE | An admin assigns a template to a site |
| ADMIN | REMOVE-TEMPLATE | An admin removes a template from a site |
| ADMIN | ASSIGN-OWNER | An admin assigns an owner to a site |
| ADMIN | REMOVE-OWNER | An admin removes an owner from a site |
| ADMIN | UNLINK-SITE | Unlinks the SharePoint site and deletes the associated security group |
| ADMIN | LINK-SITE | The admin converts a site to an EasyLife managed site and associates a security group |
User Activities
| Category | EventId | Description |
|---|---|---|
| POLICY | MINIMUMOWNER-COMPLIANT | An owner makes the minimum owner policy compliant |
| POLICY | MINIMUMOWNER-INCOMPLIANT | An owner makes the minimum owner policy incompliant |
| POLICY | ASSIGN-TEMPLATE | An owner assigns a template to a site |
| POLICY | EXTEND-EXPIRATION | An owner makes an expired site compliant |
| POLICY | ASSIGN-POLICY | An owner assigns a policy to a site |
| POLICY | CONFIRM | An owner confirms a site |
| POLICY | COMPLETE-ACESSREVIEW | An owner completes an access review |
| ACCOUNT | DELETE | An owner deletes a SharePoint site with EasyLife |
Engine Activities
| Category | EventId | Description |
|---|---|---|
| ENGINE | ASSOCIATE-GROUP-TO-SITE | The EasyLife Security Group is associated with the site |
| ENGINE | SYNC-SITE | Permission synchronization is performed between the associated group and site admins |
| ENGINE | DELETE | A site is deleted by EasyLife |
| ENGINE | DELETE-SPO-GROUP | The SharePoint Security Group was deleted permanently after 90 days |
Groups Management
Admin Activities
| Category | EventId | Description |
|---|---|---|
| ADMIN | ASSIGN-POLICY | An admin assigns a policy to a group |
| ADMIN | REMOVE-POLICY | An admin removes a policy from a group |
| ADMIN | ASSIGN-TEMPLATE | An admin assigns a template to a group |
| ADMIN | REMOVE-TEMPLATE | An admin removes a template from a group |
| ADMIN | ASSIG-NOWNER | An admin assigns an owner to a group |
| ADMIN | REMOVE-OWNER | An admin removes an owner from a group |
| ADMIN | DELETE | An admin deletes a group |
User Activities
| Category | EventId | Description |
|---|---|---|
| ACCOUNT | DELETE | Deletes a group |
| ACCOUNT | ARCHIVE-TEAM | Archives a team with EasyLife |
| ACCOUNT | UNARCHIVE-TEAM | Unarchives a team with EasyLife |
| ACCOUNT | START-ACCESSREVIEW | Starts an access review |
| ACCOUNT | CANCEL-ACCESSREVIEW | Cancels an access review |
| ACCOUNT | COMPLETE-ACCESSREVIEW-STEP | Completes an access review step |
| ACCOUNT | TAKE-TEAM-CHANNEL-OWNERSHIP | Takes over a channel ownership if there are no other owners assigned during an access review |
| ACCOUNT | GET-ACCESSSREVIEW | Retrieves the access review |
| ACCOUNT | COMPLETE-ACCESSREVIEW | Completes the access review |
| POLICY | CONFIRM | Confirms a group |
| POLICY | EXTEND-EXPIRATION | Extends a group that is not in use |
| POLICY | ASSIGN-TEMPLATE | Assigns a target template using a template policy |
| POLICY | ASSIGN-POLICY | Assigns a target policy using a template policy |
| POLICY | MINIMUMOWNER-COMPLIANT | An owner makes the minimum owner policy compliant |
| POLICY | MINIMUMOWNER-INCOMPLIANT | An owner makes the minimum owner policy incompliant |
Engine Activities
| Category | EventId | Description |
|---|---|---|
| ENGINE | CREATE-GROUP | Creates a group on behalf of a user |
| ENGINE | CREATE-TEAM | Creates a team on behalf of a user |
| ENGINE | ARCHIVE-TEAM | Archives a team due to an escalation |
| ENGINE | DELETE | Deletes a group due to an escalation |
| ENGINE | REMOVE-GUESTS | Deletes guests from a group due to an escalation |
| ENGINE | REMOVE-MEMBERS-AND-GUESTS | Removes members and groups due to an escalation |
Collected Values
Each event entry contains essential details including ObjectId, DisplayName, Category, EventId, PreviousValue, NextValue, Description, CreatedBy, and Created.
Querying Event Logs
Upon successful connection of your Application Insights and Log Analytics Workspace, you can execute queries on the log analytics workspace to retrieve log information. Below are examples of such queries:
- Retrieve all logs in chronological order:
AppTraces
| project
EventId = Properties.eventId, Category = Properties.category,
ResourceId = Properties.resourceId,
Name = Properties.name,
Description = Properties.description,
Actor = Properties.actor,
PreviousValue = Properties.previousValue,
NextValue = Properties.nextValue,
TimeGenerated
| order by TimeGenerated desc
- Retrieve all events that executed a deletion operation
AppTraces
| project
EventId = Properties.eventId,
Category = Properties.category,
ResourceId = Properties.resourceId,
Name = Properties.name,
Description = Properties.description,
Actor = Properties.actor,
PreviousValue = Properties.previousValue,
NextValue = Properties.nextValue,
TimeGenerated
| where EventId == 'DELETE'
| order by TimeGenerated desc
Notifications
The notifications section allows you to control whether EasyLife sends email notifications to your users, how these notifications are sent, and what the default language for the email notifications is.
By default, notifications are sent via Teams, but you can disable it and notifications will be sent by email. EasyLife sends all emails from a SendGrid account using the EasyLife email domains and templates. You can choose to send email notifications from a shared mailbox (which is our recommended approach) in your Exchange Online environment instead. Enable the check box next to Use a custom from address and enter the primary email address of the shared mailbox in the text box below.
It is also possible to enable Progressive notifications, which will only work if Teams notifications are enabled. This means that Teams will send the first reminder for an incompliant policy, and every subsequent reminder will be via email. If the user takes action and makes the policy compliant, the workflow resets.
Make sure that the EasyLife 365 API can access the shared mailbox.
Escalations notifications are always sent via email.
Language
EasyLife 365 Collaboration can consider different settings when choosing the language for email notifications.
If the check box Use mailbox regional settings is enabled, EasyLife uses the user's mailbox regional settings from Exchange Online. If the check box is not enabled (or EasyLife 365 Collaboration doesn't have permission to read mailbox settings or the mailbox is not hosted on Exchange Online), it uses the Entra ID attribute PreferredLanguage.
If you want to use this feature, you cannot restrict API permissions to members of a distribution group.
If a language cannot be determined using any of the above methods, EasyLife falls back to the default language. The default language for notification emails is English. You can change that by selecting another language from the Default language drop-down.
This table lists the types of email notifications EasyLife sends to your users:
| Email Template | Audience |
|---|---|
| Microsoft Group creation notification This email is sent to the person requesting a new resource using the Wizard in the EasyLife 365 Collaboration App. | Owners |
| Minimum Owner policy warning This email is sent to owners of a resource if the minimum owner policy is not met. The users will see how much time is left until an escalation will happen and what are the consequences of missing this timeframe. | Owners |
| Access Review warning This email will be sent to an owner if an access review is due. | Owners |
| Expiration warning This email will be sent to an owner once a resource has been expired and a confirmation is required by the owner if the resource is still in use or not. | Owners |
| Confirmation warning This email will be sent to an owner once a resource utilization must be confirmed. | Owners |
| Minimum Owner escalation This email will be triggered once the owner fails to act on a resource. The configuration for the timeframe and the recipient of the notification is configured in the policy. | Recipient specified in policy |
| Access Review escalation This email will be triggered once the owner fails to act on a resource. The configuration for the timeframe and the recipient of the notification is configured in the policy. | Recipient specified in policy |
| Expiration Review escalation This email will be triggered once the owner fails to act on a resource. The configuration for the timeframe and the recipient of the notification is configured in the policy. | Recipient specified in policy |
| Confirmation escalation This email will be triggered once the owner fails to act on a resource. The configuration for the timeframe and the recipient of the notification is configured in the policy. | Recipient specified in policy |
| Ownerless escalation This email will be triggered if an ownerless resource has been identified. Note: the email will only be triggered once per resource. | Recipient specified in policy |
Teams App
For Insiders Instance users, access the Teams App section to obtain the required app package for upload to Teams.
License
View license information for EasyLife 365 within your tenant.