Govern 365 – Administrator Guide

A Product by Netwoven

Administrator GuideDOCUMENT VERSION 1.0

NoticesThis document is classified as “Customer Ready” and is intended for use by Govern 365 customers only.

This document is subject to change at any time and is contingent on the evolution of the product. Changes shall be made at the sole discretion of Netwoven.

This document and the solution it describes are protected by copyrights in accordance with applicable laws.

Copyright © Netwoven Inc. 2019. All rights reserved.

 

Table of Contents1. Introduction..........................................................................................................6

1.1. Scope.............................................................................................................61.2. Target Readership.........................................................................................61.3. Related Documents........................................................................................6

2. Overview..............................................................................................................62.1. About Govern 365..........................................................................................62.2. Govern 365 Login...........................................................................................7

2.2.1. Launch Govern 365.................................................................................72.2.2. Log in to Govern 365...............................................................................7

3. Home Page...........................................................................................................83.1. Home Page Menu...........................................................................................83.2. Dashboard.....................................................................................................9

4. Provisioning Requests........................................................................................114.1. Submit a New Request.................................................................................12

4.1.1. Welcome................................................................................................124.1.2. Request Details.....................................................................................144.1.3. Confirm..................................................................................................15

4.2. Configure Request Form..............................................................................154.2.1. Add a New Step (Tab)............................................................................174.2.2. Additional Step Controls........................................................................174.2.3. Add Fields..............................................................................................184.2.4. Additional Field Controls........................................................................194.2.5. Available Fields......................................................................................25

4.3. Configure Provisioning Steps.......................................................................294.3.1. Provisioning Steps.................................................................................29

4.4. Request a New Template.............................................................................324.5. Approve a Template.....................................................................................334.6. Workflow Tasks............................................................................................34

5. App Settings.......................................................................................................345.1. Tenant Settings............................................................................................35

5.1.1. General..................................................................................................355.1.2. Yammer.................................................................................................365.1.3. Inventory...............................................................................................36

5.1.4. Report....................................................................................................365.1.5. Teams....................................................................................................37

5.2. User Management........................................................................................375.3. Organizational Signup..................................................................................385.4. Register Remote Service for Provisioning....................................................395.5. Full Permissions Signup...............................................................................39

6. Content Inventory..............................................................................................406.1. Configure Inventory Data Storage...............................................................416.2. Configure Data Collection............................................................................416.3. Inventory Job History...................................................................................436.4. View Reports................................................................................................43

6.4.1. All Containers Report.............................................................................446.4.2. Containers with Inactive Owners Report................................................446.4.3. SharePoint Content and Activity Report................................................456.4.4. Microsoft Teams Content and Activity Report........................................456.4.5. User Report...........................................................................................466.4.6. Microsoft Groups Content and Activity Report.......................................466.4.7. Yammer Content and Activity Report....................................................47

7. Content Lifecycle Management..........................................................................477.1. Overview......................................................................................................487.2. Disposition Rules.........................................................................................48

7.2.1. Add Rules..............................................................................................507.2.2. Show Result...........................................................................................54

7.3. Recertification Policies.................................................................................547.3.1. Preview Result.......................................................................................607.3.2. My Content Lifecycle Tasks...................................................................617.3.3. Ownership Recertification Task.............................................................627.3.4. Metadata Recertification Task...............................................................627.3.5. User Permission Recertification Task.....................................................637.3.6. Recertification Status Report.................................................................65

7.4 Content Lifecycle Job History...........................................................................677.4.1. Disposition Job History...........................................................................677.4.2. Recertification Job History.....................................................................67

8. Help.................................................................................................................... 688.1. Admin Guide................................................................................................68

8.2. User Guide...................................................................................................698.3. Support Request..........................................................................................698.4. View Support Requests................................................................................70

9. Infrastructure Site Collection..............................................................................709.1. Managing Available Provisioning Templates................................................709.2. Site Requests...............................................................................................719.3. Site Request Form Configuration.................................................................729.4. Admin Steps.................................................................................................729.5. Email Templates..........................................................................................729.6. Site Directory...............................................................................................739.7. Functional Area............................................................................................739.8. Department Area.........................................................................................739.9. Disposition...................................................................................................749.10. DispositionWorkFlow.................................................................................749.11. Recertification...........................................................................................759.12. RecertificationWorkFlow...........................................................................759.13. RecertificationReport................................................................................769.14. New SharePoint group “Govern O365 Service Admin Group”...................769.15. New SharePoint group “O365 Governance - IT Approval Group”..............779.16. Site Collection and Site Templates...........................................................77

1. IntroductionMicrosoft® Office 365 is one of the most popular cloud-based productivity software solutions. As per Microsoft, 85% of Fortune 500 companies are leveraging Office 365 to provide greater collaboration, productivity, & intelligence to transform their business outcomes. Once deployed, however, organizations need to place a proper governance plan to strike the right balance between user empowerment and administrative control. Govern 365 from Netwoven, automates the implementation of governance policies and helps organizations achieve the most out of their Office 365 investments.

With Govern 365, users can easily implement governance processes, prevent Office 365 group and site sprawl, automatically dispose of unused containers and effectively provision sites with appropriate security and compliance polices.

To facilitate all these, Govern 365 offers a comprehensive set of utilities at the hands of IT administrator so as to ease and streamline all governance aspects of O365 deployment, management and maintenance. This guide aims to aid the Administrator for using Govern 365 towards this goal.

1.1. ScopeThe scope of this document is to present and describe the user interface and functionality available in Govern 365 for admin users.

1.2. Target ReadershipThis document is primarily addressed to:

Office 365 Content Owners, Users and IT administrators

1.3. Related Documents[1] Govern 365 Product Datasheet[2] Govern 365 User Guide[3] Govern 365 - Tenant Signup Guide

2. Overview2.1. About Govern 365

Govern 365 is aimed at managing your Office 365 artifacts effectively. This avoids common governance pitfalls such as lack of automation, slow IT turnaround times, inadequate audit trails, proliferation and sprawl.

Provisioning is central to the governance process - it is where the enactment of your governance policies begins. You can institute fine-grained governance policies with minimal administrative burden through automation, pre-configured forms and templates.

Govern 365 makes content finding easier, simplifies the process to clean stale content, helps select the right tool for content management and collaboration and lessens the dependency on IT to make operations more efficient.

The key benefits for the administrative users are:

Govern 365 takes away the overhead of gathering provisioning metadata & processing provisioning requests

Gain valuable insights into your Office 365 environment with powerful inventory report Take quick action on violations like containers without active owners, out of bounds external

sharing and more... Streamline disposition with powerful rules & processes that work across workloads

2.2. Govern 365 LoginGovern 365 is an Office 365 App. It is made available to all users through the Office 365 App Launcher or “Waffle” control in the top left-hand corner of your screen within Office 365.

2.2.1. Launch Govern 365If you don’t see the application pinned to your launcher, then click on “Explore all your apps”, scroll down to the “Other” section, select the “Provisioning Requests” app, right click on it and pin it to your Office 365 App Launcher. Once pinned to your launcher, you should the figure below.

Step 1: Click on “Provisioning Requests”.Step 2: This will launch the Provisioning tool and you should see the landing page as Govern 365 Dashboard.N.B: Alternatively, you can directly open the application by clicking on the link given by your administrator as applicable in your installation. As an example, it may typically look like https://o365governance.azurewebsites.net

2.2.2. Log in to Govern 365You will see the Welcome Page after launching the application. Click on “Log in” Option at the top right corner, furnish your credentials and you will be directed to the Govern 365 Dashboard. If you are already logged in to Office 365, then you should be automatically taken to the Dashboard.

3. Home PageThe home page contains a menu bar and a dashboard showing all existing provisioning requests submitted in the application by all users along with their statuses as shown below.

3.1. Home Page MenuThe menu bar has few top-level menu items and each one of those menus have few sub menu items.The overall menu organization is described below.Menu Sub-Menu Description

Provisioning Requests

Submit a New Request

This is primarily intended for end users. This form is configured by the admin using configure request form wizard.

Configure Request Form

Any user form may be modeled as consisting of few sections and certain number of fields of different types within each section. The configure request form is precisely based on this abstraction and presented as a very flexible wizard enabling the admin to easily create or modify request forms by selecting items from drop downs or specifying required texts.

Configure Provisioning Steps

The provisioning steps are based on templates. The admin is able to select from a set of templates, and specify items like group name, site quota, features to be activated etc. which are then automatically created while a container is successfully provisioned.

Request a New Template

This is a facility where a new template can be generated from a site collection or site as an xml file. Admin may specify the details and a request for creating a template is generated. Once business owner approves, it is made available to the end users for ready use.

Approve a Template

A template needs to be approved by the corresponding business owner before it can be used. Approvers can select from a set of templates pending approval and take appropriate action.

Workflow Tasks Business may decide to implement workflows before a provisioning can be made. The admin will get to see the list of provisioning requests pending for approval and can take appropriate actions.

Content Inventory

Configure Data Storage

This is where the admin decides where to store the content inventory data. It can either be stored as CSV file in the Govern 365’s infrastructural site collection location or in some Azure table storage.

Configure Data Collection

Govern 365 allows you to configure which elements of your Office 365 tenant will be crawled and inventoried. Here admin can enable or disable or decide to run the crawling immediately by selecting from a list of all available elements.

Inventory Job History

This is a log of all inventory crawl jobs that are run on all the elements with their status, duration etc.

View Reports This is a comprehensive reporting facility. This is a Power BI interface connected to content inventory data offering a host of built in reports, slicing and dicing on any report as well as custom reports.

Content Lifecycle Management

Disposition Rules This manages the lifecycle of the content by creating disposition rules and enabling or running them

Content Lifecycle Job History

This is a log of all disposition jobs that are run on all the elements with their status, duration etc.

App Settings Tenant Settings Here the admin specifies the details of the Azure Active Directory, and the SharePoint site that will store provisioning requests and form configuration.

User Management

Assign users to application roles of user or administrator.

Organizational Signup

Provide consent for all users in the organization to use Govern 365 Application. The permissions requested by the application are shown on the consent page.

Register Remote Service for Provisioning

The RER is the mechanism by which each provisioning job is initialized. This RER is installed in your Infrastructure site collection and calls the provisioning engine each time a qualified request is created.

Full Permissions Signup

Provide consent to the logged in user to have full permissions for Govern 365 Application across the tenant.

Help Admin Guide This refers to this guide for downloadingUser Guide This refers to the User guide for downloading

Support Request Provides a facility for raising a service request to Govern 365 support team

View Support Requests

This shows a log of all the support requests with status and other relevant information.

Welcome, “User Name”

Log out Allows the user to log out

Role of the user Specifies the role of the currently logged in user

User Name Displays the full name of the user

3.2. Dashboard

This displays the summary of all “Site Provisioning Requests”. As admin, you would be able to see all requests submitted by all the users as opposed to a non-admin user in which case the user would see only the requests submitted by him. This has a small (+) button for creating a new provisioning request. The dashboard table has the following columns:

1. Title This is the Title of the requested container (e.g. Site Collection/ Sub Site, O365 Group, Yammer Group, Microsoft Team, etc.) to be provisioned.

2. StatusThis field can show different values for the current status of the request as given below.

Status DescriptionDraft Indicates that you chose “Save As Draft” option while creating a

new provisioning request without submitting it right away. This allows users to save details of their request so that they can come back and complete it later.

Submitted Indicates that some user has submitted a new request. A request

in this status is typically going through a pre-provisioning business process, like an approval.

Pending a. If your organization has not implemented workflows and auto approval is enabled, the request is directly moved from Submitted to Pending Status.

b. If your organization has implemented workflows, the request status is changed from “Submitted” to “Pending” once it is complete. The request will only be picked up by the engine for provisioning when the status is “Pending”.

Running During the provisioning process request status is changed to “Running”.

Provisioned When the request has been successfully provisioned.Failed When the request does not succeed during the provisioning

process for any reason, the status changes to “Failed” with an error code. The request will be retried 3 times to work around any situational errors prior to it entering Failed status. If the retries do not fix the issue, the error details can be viewed as shown below by clicking on the “view details” icon under the action column. It is recommended that you raise a support request to your IT department for any persisting errors. Your IT department will troubleshoot the error and reach out to the Govern 365 support team by logging a ticket for any additional help.

3. OwnerThis displays the name of the user who requested for the site provisioning.

4. CreatedThis displays the date and time when the user submitted or created the request. This has a toggle for rearranging the records in ascending or descending order of timestamps.

5. Action On hovering the mouse under the action column, below icon appears.

View details and edit if the request in draft status. On clicking the above icon, depending on the status of the item you will

be taken to the appropriate pages such that requisite action may be taken.

Just beside the “Dashboard” appearing in the left corner, you will find this icon to refresh the data.

4. Provisioning RequestsThis menu set provides for the complete management of the provisioning process. First of all the admin needs to create the form for submitting a provisioning request to be used by the end user. Once done, it is readily available to the end user. Admin is also able to specify what exact steps would be followed in terms of allocation of resources for the desired container as part of configuring the provisioning steps. This is based on choice of certain templates and admin can add any number of templates pertaining to the requirement of business. Also, the admin is able to create new templates from the existing site or site collection and once business approves those, they are also readily available for the end users. This significantly improves the turn- around time.It also has the facility to look at and take appropriate actions for all the submitted provisioning requests as workflow items pending for approval assuming that the business has implemented an approval policy before a provisioning can be made as requested by a user.The following sections elaborate the exact steps that would need to be taken for using the above-mentioned facilities with a typical example and supporting screenshots. However, please note that the examples are only for the purpose of demonstration and would be different for your install since they are completely configurable to suit your particular requirement.

4.1. Submit a New Request<Write the details from User Doc b appropriate linkages taken from the configure request form section>The process of submitting a new request begins either by clicking on “Submit a New Request” under the “Provisioning Requests” tab or by clicking on the (+) button (on the Dashboard Header) as shown in the next figure. Your user would click on either of these to launch the Provisioning Wizard.Please Note: As admin, before you launch Govern 365 in your organization, you will need to configure the form that will be used by the users to submit their provisioning requests. This is explained in the next section. However, the following is an illustrative example of a form that would result as per the configuration you might do, which is detailed in the next section.

Here there are three sub-sections, namely, Welcome, Request Details and Confirm Submission with some typical screen shots and brief explanations of what your users will see as a result of the example configuration you might make to create the form.

4.1.1. WelcomeThe form is to be designed in such a way that your users will be posed with few simple questions to be answered and as a result an appropriate container will be created as per their need. These questions are supposed to be intuitive and self-explanatory and meant to be created by you appropriately based on the business need of your users. The following screen shots are given below as an example.This is the landing page where all submitted provisioning requests along with their statuses are shown.

Once you do the configuration (as explained in the next section), the form would appear as below.

4.1.2. Request DetailsIn this section, user will have to specify certain nominal but essential information so that requested container can be created. A host of other attributes will automatically be determined by the wizard and will be put in as defaults. The set of details that the user need to specify may include the title and description of the site and the site collection, the intended use of the site, the primary URL, user’s functional or departmental belonging and may be a few compliance checkboxes in terms of agreement to statutory guidelines.For example, if the user needs to share authoritative content with the entire organization or a large portion of it and wishes not to have a conversation medium for engaging with users visiting your site, the Request Details screen as shown in the figure below, would appear.

After filling up the request details as per the chosen template, user can either Save the form as Draft or proceed with Final Submission (refer to Table below).

Button Description

Save as Draft This button will save the request without actually submitting it for provisioning. On saving, the user will be redirected to the Dashboard page with a success message on the top right corner. The user can come back to the request at a later occasion, complete and submit finally.

Next Clicking on this button takes the user to the next screen and he will be directed to the Confirm page for final submission of the request.

4.1.3. ConfirmThe Confirm step of the provisioning process performs a final set of validations against the information that have been provided. If any issues are found, system will prompt the user to address them, and will be highlighted with a red cross on the left navigation pane. Otherwise, the user will be able to click the submit button to submit the request for processing.

Please Note: Depending on the specific configuration for your organization, the request will either go directly to the Provisioning Engine for processing or it may require going through a pre-provisioning business process prior to being submitted. This configuration is template specific. As an example, many organizations will implement an approval process and / or training process that requires department owner approval prior to the creation of an intranet Communications site (used for publishing authoritative information). However, a request for a new MS Team for collaboration will typically process immediately.

4.2. Configure Request Form

The form that the end user would use is not a static onetime form. You, as an administrator, would actually design/configure the New Request Form that would be used by the end user.

In general, any user form may be visualized to comprise of certain sections or categories of information. In turn, each such category may hold a set of fields of varied types accepting the input. There would be an appropriate label for each field and the user would be able to provide the required input depending on the type of the field. This is how you would configure the new request form and once saved, the designed form would automatically be available for creating a new provisioning request.

Govern 365 uses this paradigm and implements a very flexible wizard to create forms, giving you full freedom to choose information categories, fields contained therein and the field types. In the context of it, the category of information is termed as “Tabs/Steps” in your interface. You can create any number of such Tabs. These Tabs would appear on the left navigation panel of the New Request Form as independent items after you have completed your design and saved it. Again, each such tab in the interface logically represents a “Field Group” and the field group in turn is designed to hold any number of “Fields” as per your discretion. There are quite a few properties associated with each field and those properties are utilized to create the New Request Form and/ or during fine-grain provisioning of a request.The table below explains the structure of the configuration form visible to you once you choose “Configure Request Form” menu under “Provisioning Requests” tab on Govern 365 landing page.Level 1 Level 2 Level 3 Attributes DescriptionTab/Step

Appears as menu item in the left navigation of submit new request form

Holds One Field GroupField Group

Placeholder for multiple fields

Field Group Name A meaningful name which appears as the section heading to hold a set of information as well as appears as a menu item in the left navigation pane.

Field Group Description

A detailed description of what the field group may contain

Fields Each field has multiple attributes

Field Type This is a selection from an exhaustive list as a dropdown e.g. Label, line of text, Radio button etc. Depending on the field type selected some of the

following attributes of the field would appear differently

Field Name This is the name by which this field would always be identified

Field label The new request form has dynamic help content on its right hand side. This aims to guide the user in understanding the fields and their uses. This column value would appear there as the name of the field

Help Text This would appear as help texts within the help content of the field

Required This is a flag that marks the field as required or not. Many fields would be by default considered as not required depending on the type of the field and in other cases, you could mark the field as required or not

Specify Text/Values This would appear in the new request form as a short description against the field

Others There could be quite a few other attributes available depending on the field type and is given in the appendix

Let’s now take a look at the details of creation of a new request form with the help of an illustrative example and supportive screen shots.

Please Note: The tabs and the field entries therein, as they appear in the screenshots (attached as figures below) will differ depending upon your specific requirement.

4.2.1. Add a New Step (Tab)After clicking on “Configure Request Form”, you will be prompted to “Add a New Step (Tab)” as shown below.

After you click on Add a New Step (Tab), the screen below will appear where you need to specify the Field Group Name, Field Group Description, Field Type, Field Name and its associated attributes. This is described in the next section.

4.2.2. Additional Step Controls

Each step (tab) as created in the previous section has few additional controls, which would apply to the Field Group (and all the fields within) as a whole. These include the following button icons as mentioned in the table below. They appear at the right hand corner of the section label.Icons Action Description

Move This moves the whole step into other location by dragging it over any other step. This helps rearranging the steps as a whole

Delete Deletes a complete step

Expand/Collapse Visually collapses/expands all the fields within a step

Advanced Setting It allows for some general settings and appearance of the tab as described in figures below

Additional Step Controls

The General section shown in the figure above specifies the name and description of the Step.

The

appearance section expanded in the figure above, determines whether this tab would be visible or not in the new request form. It may so happen that the admin may create few steps while configuring the form but may make it visible only when it is required.You may add as many steps/sections to capture the desired content and also control its appearance by using the form configuration wizard.

4.2.3. Add FieldsWhen you create a new step, it automatically adds the provision for creating a Field Group and also enables you with a field widget for adding fields into the field group as shown in the second figure below. The details of each field attributes are already specified previously. The figure below shows the mapping/ correspondence of the inputs that were given in creating the sample new request form as explained in section 4.1.

Content of Field Label and help text

Field Name: WelcomeField Type : LabelContent of Field Label and Specify

Field Group Name

4.2.4. Additional Field ControlsEach field has few additional controls, which would apply to the field as a whole including all its attributes. These include the following button icons. They appear at the right hand corner of the section label.Icons Action Description

Move This moves the field into other location by dragging it over any other field. This helps rearranging the fields within a step

Delete Field Deletes the field completely along with all its attributes

Add Field Add a new field just below the current field

Advanced Setting This allows for settings quite a few important attributes for the field and presented as separate sections in a dialog box. Currently those are General setting, Appearance, Data source, Formatting, Events, Content Lifecycle Rule criteria and Recertification Metadata Mapping. These are described below. However, only appropriate sections and not all sections would be available for a given field depending on the type of the field.

The following is a snapshot of the advanced setting of a field.

The general section allows for the editing of the Field name, Label and the Help Text associated with the field.

The appearance section controls whether the field will be visible in the screen and whether it would be enabled for making choices as shown in figure below. The options available are Yes/No/Expression.

The data source section has an expression field where a JavaScript can be written using SPA framework to define the data source (e.g. the template that will be used for creating a container based on the selection of other fields) for the field. It also has a provision for selecting one or more fields such that any changes in those fields would trigger reevaluation of the script and hence the data source. The details of various fields available under data source are given in the appendix.

The formatting section allows you to specify a CSS class that may be used while rendering the field on screen.

In the Events section, one can write an appropriate java script to trigger a routine

on changing the value in this field.

In the Content Lifecycle Rule Criteria section, user can tick the appropriate containers such that this field will be available as a field in the refinement criteria for those container types while defining the disposition rule or a recertification policy.

Similarly, in the Recertification Metadata Mapping section, user can tick the appropriate containers such that this field will be available as a provisioning metadata for those container types and will be available for recertification.

4.2.5. Available FieldsThe following are the set of fields available while you define a new field during configuring the form. The filed type choices are either Required Fields, Special Fields or a set of other general fields.Required Fields

Site Title – Title of site

Site Description –Provide the description of the site

Site Template – Provides the template of the site. You can have other fields in this section whose functions are explained below.

Select List – A provision is kept for selecting a list holding all the templates. However, currently, this field is auto selected and otherwise kept disabled as some of the fields of the named document library are used by the system and hence may not be changed readily.Select View – Select View to filter templates from the listSelect Column – Select which column will be displayed in create request formParent Site URL – Parent URL of the site that needs to be duly filled in

Relative URL – Relative URL of the site

Inherit Permissions – If permission is to be inherited. This field comes when “Web” template is selected

Inherit Navigation – If navigation is to be inherited. This field comes when “Web” template is selected

Primary Owner – Owner of the site. This option comes when “Site” template is

selected

Secondary Owner – Secondary Owner of the site. Labeled as Site Owners. This option comes when “Site” template is selected.

Special Fields

Site Quota Field –In this context you can enter all data related to Site Quota

(N.B. Choices need to be entered on separate lines)Language – Enter your language preference

Time Zone – Enter your time zone preferenceSite Policy – Check the site policy and how the fields under it need to be filled.

Other Fields

Single Line of Text

(N.B. Pattern – Validation pattern for this text field)

Multiple Lines of Text

Choice

SharePoint List

It is categorized again into other field types that the admin needs to duly fill in.

Select List – Displays a list which has all the templates. Choose the appropriate list

Select View – Select View to filter items (templates in this case) from the list Select Column – Select the column which will be displayed in the create

request form

Calculated Field

The actual calculation logic shall be written in the advance settings section of this

field.People Picker

(N.B. Advanced Settings)

Please note that for the fields that require a data source can be configured via modal pop-up of the advanced settings of the field.

In advanced setting JavaScript expression can be added in data source panel You can also specify dependency with other fields in advance settings data

source panel

4.3. Configure Provisioning StepsBeyond configuring the request form, additional provisional steps may be specified for fine- grained control of the provisioning process.

4.3.1. Provisioning StepsProvisioning steps are additional actions which can be performed after provisioning which can be saved per template and applied when containers are created as a result of a provisioning request with the corresponding template.You can choose from the following templates and also from other custom templates that you may create for your install.

Yammer Template Internal Template External Template Office 365 Group Template Internal Template Empty Sub Site Template

This process starts with the selection of a given template as given in the figure below.

Once a template is selected, you are expected to fill in relevant sections as demonstrated below. The parameters specified for each section are quite intuitive and can readily be related to each section.Provisioning Steps Parameters can be static values or dynamic values from Site Request Form. For e.g. Group Name can be entered in Provisioning Steps as static value, or picked from Field Values from Site Request Form. In case values are not static, Site Request Field values are used for the corresponding parameters.SharePoint Groups

It has the following parameters. One can add multiple groups by selecting the small page icon on the right hand side of the panel.

Group Name – Provide a name for the Group Group Description – Provide a description for the Group Permission Level – Select from a list of {contributor,owner,viewer}

Site Quota

Specify the quota from a list of values {200 MB, 300 MB, 400 MB}Activate Features

This is a facility where selected feaures are activated when the provisioning request is completed. Select the features from a dropdown. Features list is retrieved from 'Provisioning Features' list in infrastructure site. Configure the features in 'Provisioning Features' list per template in infrastructure site.

Site Properties (Property Bag)

Specify all the site properties as key-value pairs.The values can be added to site collection or site, based on template. Values can be static or dynamic.

Custom Actions

The custom actions are executed once the site is created. One needs to specify the location of the action trigger and the corresponding code block that needs to be

executed.Extensibility Provider

Provide the details of the extensibility provider.

Site Policies

Specify site policies

Additional Site Collection Administrators

Provide the names of such people.

4.4. Request a New TemplateThis is the facility where a custom template may be included in Govern 365 for ready use by the users. Templates may be generated from any of your existing site

collections or sites.Step 1: For creating a new template, select 'Request a New Template' option from the menu. Each template is an xml file. Step2: Once a template is generated, it can be used to create other site collections or sites with the same SharePoint artifacts.It contains the following fields -

- Title: Template Title- Description: Template Description- Template File Name: .xml file name of the Template file- Site URL: URL of the site which is to be used after its creation from the

template- Thumbnail URL: URL of the site which is to be used as a thumbnail- Include Search Configuration: Option to include Search Configuration- Include Site Groups: Option to include Group Configuration

- Persist Composed Look Files: Option to save composed look files like .spcolor with the template xml.

Step 3: After the parameters are saved, the user is redirected to Dashboard with Template Request in 'Pending' status. Provisioning Job would process the template request and store template xml files in Templates Library. Step 4: You can review and test the template and change the status to 'Approved' to make it available for use by all users.

4.5. Approve a TemplateOnce a template is requested, it needs to be approved before it can be used. In this menu option, you would be able to see all pending template approval requests. Once a template is approved, it is added to the repository of templates within Govern 365 and is made available to the users readily.

4.6. Workflow TasksIf your organization has any pre provisioning business process, then Govern 365 would take care of it by implementing an automated workflow created specifically for your organization. In such cases, for any provisioning request, an appropriate workflow will run and if you were a part of an Approver Group, workflow tasks would be assigned to you for Approval. Once you select this menu, the Workflow Task dashboard displays the tasks that have been assigned to you for approval.A user submits a new provisioning request and it appears as a task here pending approval from the relevant approver. Once the approval is given, then only the container is provisioned.Application displays the tasks from 'Tasks' list from Infrastructure Site Collection.Application displays the tasks. Based on role. Admin role users are displayed tasks of all the users. Users with 'User' role see only their specific tasks.Workflow Tasks are displayed with the following attributes.

Task Id – It displays ID of Task Title - This contains Title of Site Provisioned Request Assigned To – Task assigned to the person who is responsible Action Icons – Icons for approval or rejection

You can approve or request the workflow task by clicking on ‘Approve' and 'Reject' icon in the list. Also review the site request before approving, you can click on details icon (first icon) to see the details of request and then decide to approve/reject the task.

5. App SettingsThis setting is meant for configuring Govern 365 in the context of your organization. It has the following menu options

Tenant Settings

User Management Organizational Signup Register Remote Service for Provisioning Full Permissions Signup

5.1. Tenant SettingsThis has facilities for setting the parameters of the tenant. It allows you to set parameters for the following.

General Yammer Inventory Report Teams

5.1.1. GeneralThis allows you to set the overall parameters for the tenant under Govern 365

This is a screenshot of the General Settings page. Below is the glossary and explanation of how each field works and helpsthe admin to manage the Tenant Settings. Name –Enter the name of the tenant for information purpose; a required field to recognize the tenantDescription– A small description about the Tenant. (An optional field)

AAD Domain- This is auto filled. It takes the last part of email address of the user and it should sync with the Azure Active Directory, e.g. if the logged in user’s email is test@juniper.net. Hence, ADD Domain = juniper.net(A required field)AD Full Qualified Name–Displays full name as verified by AD (A required field)Infrastructure Site URL- Enter URL of Site Collection ( Team Site Template ) to be used to storeGovern 365 Artifacts. Create Infrastrucutre Site Collection manually and keep it ready for configuration. (A required field)Permission Level-This is to be specified as Full or MinimalAdmin Email- Show email of Admin. Preferably, email address of Portal Admin, who is currently doing the installation. (A required field)Auto Approval– Check the box if Auto Approval is to be done always. (A required field)User Assignment Required– Check the box ifthe tenant needs a user assignment alwaysSubsite Override – Check the box ifsub site override is to be allowed

5.1.2. YammerThis allows for the setting of relevant parameters for your Yammer network. It sets the following fields.

Yammer Client Id: The id that your install recognizes as Yammer client Yammer Access Token: The access token that authorizes Govern 365 to connect to

your Yammer network. This token is used by Govern 365 to write events to Yammer and retrieve Yammer data.

Yammer Domain: This is the authorized domain for your Yammer network

5.1.3. InventoryGovern 365 needs to maintain all inventory data and create reports based on those using Power BI.Hence, it is imperative that your install allows Govern 365 to collect these data and produce reports. This is the configuration utility to enable Govern 365 to do that. If unchecked, the application will not collect these data. By default, these are checked.

5.1.4. ReportThis setting is about integrating Power BI to the inventory data collected within Govern 365.Please download the Power BI report template from https://o365governance-qa.azurewebsites.net/Reports/Govern365Inventory-v2.4.pbix, refine it to meet your requirements, publish it to a Workspace at powerbi.com, and create a new dashboard. Then provide the details below to integrate the dashboard into the application.

Power BI Workspace Id (GUID in workspace URL): The GUID of your workspace at powerbi.com Power BI Dashboard Name: This is the name with which the Power BI dashboard will come up

with

5.1.5.TeamsTo allow for collecting Teams inventory data, currently, the Team’s service account is needed. This is where you enable Govern 365 with the Teams credential.

Teams Service Account: The name of the Teams service account for your install Teams Service Account Password: Password for the Service account

5.2. User Management

This allows the Admin to manage the users directly and assign various roles to the users.Assign Role to User - On clicking this button, the following popup appears

This has two major sections that need to be duly filled up by the Admin. This is how you could do it.

Enter a “User Principle Name” Select Roles between the two – ADMIN or USER. This determines the set of

facilities that would be available for the said user.Clicking the “Save” button after submitting the role marks the user with the specified role definition.

5.3. Organizational SignupThis is where the consent is provided for this application to access your SharePoint tenant. The list of permissions requested by the application is shown on the consent page. Click on the Sign-Up Organization button from the “App Setting” menu after assigning roles.

For the new MS flow-based approval task in both workflow task and recertification task module the permission needs to be refreshed and reconsented so that these new flow permissions are reflected in your organizational AAD app.

Enter the credentials and provide consent.

After giving consent, you will be redirected to 'Home Page’.

5.4. Register Remote Service for ProvisioningAfter Tenant Signup, for provisioning the admins must enable the Remote Service. The RER is the mechanism by which each provisioning job is initialized. This RER is installed in your Infrastructure site collection and calls the provisioning engine each time a qualified request is created. This step may be automated for you in future but currently this needs to be done separately.In the screen shot below you find how the Remote Service page looks.

User ID– Provide the credential of the user who is authorized to use this service (a required field)Password- Enter the password (a required field)

5.5. Full Permissions SignupAs opposed to selective permissions, this is a one step signup for the logged in user who would have full permissions for the application in the tenant.

On clicking the “Full Permissions Signup” button, the logged in user will be taken out of the application and on re log in the user will have full permissions for the application across the tenant.

6. Content InventoryGovern 365 maintains an inventory of content by extracting data from your containers so that it can generate various reports using Power BI visualization tool which is essential for your administrative and/ or disposition decisions. It gives you a choice to select the containers and/ or data files as per your business needs; by selecting the “Configure Data Collection” menu and enabling or disabling your desired containers. The available container/ file options, as of now are: SharePoint Site Collections, SharePoint Sites Sub-sites, Office 365 Groups, Yammer, Version

Management Files, Team and Azure Active Directory. It further gives you a choice to store this inventory data either as flat files (CSV) in your Infrastructure Site Collection or as Azure Table in your own or Netwoven’s Azure storage, when you select the “Configure Data Storage” menu. This inventory is dynamically updated by data crawl and the reports are refreshed accordingly.These reports could include summaryof the following:

Office 365 Container Inventory Activity for All containers Office 365 Containers with Inactive Owners SharePoint Content and Activity Microsoft Teams Content and Activity User Count by Department, Region, etc. as per your business organization Microsoft Groups Content and Activity Yammer Content and Activity

You can view these reports by selecting the “View Reports” menu. You can also create your own customized visual reports here.By selecting the “Inventory Job History” menu you can view the statuses of jobs/ processes for data pulling currently in the system. The process may have been successfully completed or it may have failed, in which case you can view the corresponding error message to be able to take remedial actions.The rest of this section will guide you through the details of the steps involved in content inventory creation and handling with a typical example and supporting screenshots.

6.1. Configure Inventory Data StorageHere you are able to specify where the inventory data will be stored. Either you can store in a CSV file or you could use Azure table. The Azure table again could lie in your own Azure storage or even Netwoven’s Azure storage.It also has an option to allow Govern 365 to be able to use Teams service account. This needs to be permitted if you wish to allow Govern 365 to be able to collect channel level messages/posts/conversations for Teams. Otherwise, inventory data around that will not be collected.

6.2. Configure Data CollectionThis feature enables the admin for collecting data for an inventory report of all the containers (sites, webs, teams, groups etc.) provisioned so far.The user can follow the steps below for collecting the data.Step 1: Go to “Content Inventory” “Configure Data Collection” Check all items at one go by clicking on Enable All button or specifically enable/disable

individual items.

Step 2: Once done go to “App Settings” “Content Inventory Data Storage”, select the appropriate container for inventory data storage (for Azure table storage please specify a storage account name and account key.Step 3: Specify the Account Name and SAS key for the Azure Storage account. Inventory will be collected in the “ContentInventory” table located in above storage.Step 4: Click on Save.

The newly introduced azure storage table (located at specified name and key) is periodically updated via the activities reported by “Office 365 management API”. So, locate the appropriate app from azure AD then check if the app has permission for "office 365 management API’s", if not add below application permissions also

then grant admin consent.

Below tables will be created to hold the inventory data ContentInventory – Stores different container (sites, webs, office 365 groups,

teams, yammers, list-libraries, files) inventory data. ContentOwner – Holds the owner’s info for different containers (related by id

of each container item in ContentInventory table) User – Holds azure ad users’ data6.3. Inventory Job History

This is a log of all the inventory jobs that had been run to collect inventory data. The columns reflect all the important parameters for the job.

6.4.View ReportsDownload master version of PBIX report from link in App Settings -> Tenant Settings -> Report Tab Step 1: Make changes to PBIX report: 

Modify Power BI data source connection string to point to the Azure storage account 

Make other changes if needed (e.g. expand Site Property Bag values, mash up with other data corporate sources) 

Save modified file Power BI file to Inventory library of infrastructure site (optional) 

Step 2: Create an App workspace in powerbi.com tenant (optionally grant us access) Step 3: Publish the PBIX report to the app workspace and create a Dashboard Step 4: Configure Report location in Govern 365 Web interface 

App Setting -> Tenant Settings -> Report Tab: App workspace GUID and Dashboard Name

For further details you may also refer to the Tenant Signup guide.Once the Power BI report is run with the content inventory data contained in the PBIX file, a set of reports would appear as given below. Of course, you could always modify or add new reports using Power BI suiting to your own requirement.

6.4.1.All Containers ReportThis report displays the inventory, attributes, and usage of containers in your O365 environment such as Groups, Teams, SharePoint sites and Yammer groups.

6.4.2.Containers with Inactive Owners ReportThis report displays the containers in your O365 environment that are owned by users who are not active.

6.4.3.SharePoint Content and Activity ReportThis report displays the inventory and usage of SharePoint sites, sub sites, templates, Files etc. it also indicates content that are externally shared.

6.4.4.Microsoft Teams Content and Activity ReportThis report displays the inventory and usage of Microsoft Teams in your O365 environment, their classification and visibility. it also indicates content that are externally shared. If internal data is shared through Teams service account, fine grain reports can be provided regarding usage e.g. channels, posts, conversations etc.

6.4.5.User ReportThis provides a report on all your O365 users based on their departmental/regional/national belonging and also with other details per user.

6.4.6.Microsoft Groups Content and Activity ReportThis report displays the inventory and usage of Microsoft Groups in your O365 environment, their classifications and visibility.

6.4.7.Yammer Content and Activity ReportThis report displays the inventory and usage of Yammer in your O365 environment, their activity and visibility.

7. Content Lifecycle ManagementGovern 365 provides a twofold facility to manage the lifecycle of content and the containers. On one hand it allows to selectively choose stale content and dispose them off. On the other hand, it allows validation of containers in terms of ownership, membership, permissions and metadata associated with those. The process is completely rule based and executed by workflows. The facilities are organized as separate menu items under the top-level menu of Content Lifecycle Management.

7.1. OverviewThe disposal process is completely rule based. You can define a set of rules and based on the criteria the content will be disposed of. While defining the rule, you can select the containers on which the rule is applied. The rule itself can be built comprising of one or more criteria based on the attributes of the selected container and applying few comparison operators against the chosen fields. The disposal process has few options. You can decide the filtered content to be deleted. You could send the filtered content as CSV attachment to a designated recipient. Alternately, save the rule results as CSV file in a library for further investigation. Once a rule is created it appears in a dashboard where all the existing rules are displayed, and the admin is able to activate/edit or delete any rule in general.As an additional facility, log of all job histories in terms of all the rules that are fired are available indicating status of all such jobs.The validation of containers in terms of their ownership etc. is generally called recertification. User starts by defining a policy. A policy specifies the recertification activities (e.g. Metadata/Security classification, Ownership or User permission/Membership) and also the scope of recertification namely SharePoint Site Collections, SharePoint Sites or Sub sites, Office 365 Groups or Microsoft Teams. It is always possible to create one or more policies having targeted recertification scope and activity or a more generic policy to hold many of these

types together. Within the policy, the user is able to define refinement criteria or rule much like the same way as the disposal rules. In essence, user is able to create a dragnet towards a filtered set of containers on which recertification process flow will be triggered. The process flow is managed by Microsoft Flow and once a recertification job is triggered, the identified owners of the selected containers would receive separate workflow tasks depending on the type and scope as defined in the policy. The assigned users will be able to review the status of the containers in terms of ownership, permissions and metadata, be able to modify them and finally recertify them as valid.The details of the above content lifecycle management facilities are described below moving through the menu items available along with their details.

7.2. Disposition RulesThis menu presents all the existing rules that are already defined in the system and also with a button to add a new rule.

The actions that can be taken on any given rule are the following Edit – Admin can edit an existing rule to revise any criteria Enable/Disable – An existing rule Show History – The job history of an existing rule run previously Delete – Delete a selected rule.

Go to “Content Lifecycle Management” “Disposition Rules”List of available rules will be displayed on the Disposition Rules page.

Column  Description Name Name of the Disposition RuleDescription Description of the Disposition Rule

Rule Action Rule Action set for the RuleContainer Type Container Type targeted by the RuleEnabled Rule is Enabled/ DisabledCreated By Admin Who have created the RuleCreated On (UTC) Rule Creation Date in UTC formatModified By Last Modified by UserModified On ( UTC) Last Modification Date in UTC formatAction

To Edit the Existing Rule

To Enable/ Disable Rule

To Show Rule execution history

Run the Rule Immediately

To Remove the Rule

The user can add a new Disposition Rule by clicking on the Add Rule button.

7.2.1. Add RulesThe Admin can add a Disposition Rule by performing the steps below.On the Disposition Rule page click on Add Rule button to open the New Rule Creation Page

Add the following information for configuring a disposition rule. Name - Name of the Rule. The rule will be identified by this name.

Description – Description of the Rule to briefly state the goal of this rule Define container – Types of O365 container on which Disposition Rules will

Run Types of Containers Supported

Containers DescriptionSharePoint Site Collections (SPSite) To Apply Rule on SharePoint site

collections available in TenantSharePoint Sites Sub-sites (SPWeb) To Apply Rule on SharePoint

subsite available in TenantOffice 365 Groups (O365Group) To Apply Rule on O365 Groups

available in TenantMicrosoft Teams To Apply Rule on Microsoft Teams

available in Tenant

User is able to select one or more or all containers within a rule.Once the containers are specified, there are refinement criteria that may be applied on the selected containers as stated below. The facility embodies a typical rule definition involving relevant fields, operators to act on them and comparison with a specified value. The may be multiple such conditions applied.

Define Rule Criteria – Field – Select a relevant field from a dropdown. This is a configurable set of

fields, marked during configuration of the provisioning request form to be made available to the disposition process.

Operator – The operator is a condition that will be matched for the field to the given value being specified next. For all the metadata fields related to container the available operators are

The operator field adjusts itself to show the relevant operators based on the nature of the field selected. As for example, for a datetime based metadata field such as Last Modified Date the operator dropdown changes to

Value – Specify an appropriate value against which the condition is evaluated.

As an illustration again, for selection of a datetime type of metadata field the criteria section changes as follows.

Select period - The period may be specified with the following granularity.

User also can add multiple filter conditions with AND/OR logic To add multiple condition User, need to click (+) button beside each filter condition. Similarly, to remove any filter condition click (-) button.To apply AND user needs to select “All” from the dropdown presented in the first line of the filter text as shown below

To apply OR user needs to select “Any” from the dropdown presented in the first line of the filter text as shown below

How to Use the rule criteria

Consider the following example as a typical criteria specification. The intent is to specify a rule to filter site collections which have Last modified date over 3 years ago.

Assume that in this case user selected the container as SharePoint Site Collection.

Select Field: Last Modified Date Operator: More ThanValue: 3 Select Period: years

Actions - User is able to exercise few different options before the rule actually takes effect.Select an action from the following list.

Actions Description

Delete Directly disposes the containers discovered by the defined rule and places it to the Recycle Bin

Delete Permanently Directly disposes the containers discovered by the defined rule and does not place it into the Recycle Bin

Flow Trigger the pre-configured Disposition Flow

Lock Locks the discovered containers from User access

Mail Send Mail to the Tenant admin regarding the rule and the discovered containers.

Read Only Makes the containers Read only to all Users discovered by the defined rule

Save Rule Result Save the discovered containers in a csv in the Disposition Library of the Govern 365 Infrastructure Site presumably for further review.

7.2.2. Show ResultAfter configuring the Rule details, the admin can Run the “Show Results”. It will show a filtered result set of the containers satisfying the rule criteria defined above. This way, admin knows what exact containers would be picked up for disposition.If the action is selected as Flow, Govern 365 will run a pre-configured flow for this filtered set of Containers

7.3. Recertification Policies

The activity of recertification is presented through the following menu items. Recertification Policies My Content Lifecycle Tasks Recertification Status Reports Recertification Job History

Go to “Content Lifecycle Management” “Recertification Policies”A list of all the policies defined so far will be displayed on the Recertification Policies page.The user can add a new policy by clicking “Add Policy”. Otherwise, the actions that can be taken on any given policy in the table are the following

Edit Policy – Admin can edit an existing policy Enable/Disable Policy – A toggle for the policy to be made active/inactive Show History – The job history of an existing policy run previously Delete Policy – Delete a selected policy View Report – View the recertification status report against the selected

policy.

The table grid displayed for the policies has the following columns.Column Description Policy Name Name of the Recertification PolicyDescription Description of the Recertification PolicyPolicy Owner User who created the PolicyDate Created Creation Date of the policy Status Policy is Active/ In-activeAction

To Edit the Existing policy

To Enable/ Disable policy

To Show policy execution history

Run the policy Immediately

To Remove the policy

View the report of the Policy Execution

Result

The Admin can add a recertification policy by clicking on “Add Policy” button. The following screen will appear.

Add the following information for defining the policy. Policy Name - Name of the Policy. The policy will be identified by this name. Policy Description – Description of the policy to briefly state the objective of

this policy Recertification Activities – Select the recertification activity you want to

launch. Also, one or more activities can be selected. (Metadata/security classification, ownership, user permission/membership)

Recertification Scope – Define which specific container type you want to apply the policy on. The scopes that are available for selection is given below.

Types of Containers Supported are:Containers DescriptionSharePoint Site Collections (SPSite) To Apply policy on SharePoint site

collections available in TenantSharePoint Sites Sub-sites (SPWeb) To Apply policy on SharePoint

subsite available in TenantOffice 365 Groups (O365Group) To Apply policy on O365 Groups

available in TenantMicrosoft Teams To Apply policy on Microsoft Teams

available in Tenant

Recertification Refinement Criteria – After selection of recertification scope, user may define the recertification refinement criteria. This is a filter that would be applied on the selected containers above.

The refinement criteria option offers additional facility to filter a set of containers out the marked container types satisfying the given conditions specified by the criteria. User has the option to target all selected types of container or to define

a criteria to select a subset of it. As for example, if you have selected Site collection and O365 Groups for a policy and you enable “Select all container” toggle button then all the Site Collection and the O365 Groups will be selected for this policy.

Alternatively, you can specify conditions to filter out a desired sub set.

Select Field – Select a relevant field from a dropdown. This is a configurable set of fields, marked during configuration of the provisioning request form to be made available to recertification process.

Select Operator – Select Operator to define a criterion for the selected field. The available operators are as shown in the figure.

The operators that are shown are context sensitive and actually depends on the type of fields chosen. For Datetime based metadata field such as Last Modified Date the operator dropdown changes to

Value – Specify an appropriate value such that the comparison can be done

effectively.For selection of datetime type metadata field in Field dropdown the criteria section changes the UI

User also can add multiple filer conditions with AND/OR logic To add multiple condition user needs to click (+) button beside each filter

condition. Similarly, to remove any filter condition click (-) button.To apply AND user needs to select “All” from the dropdown presented in the first line of the filter text as shown below

To apply OR user needs to select “Any” from the dropdown presented in the first line of the filter text as shown below

Recertification Process Frequency – This specifies the time period after which a recertification process will automatically be launched based on the policy being defined.This will enable organizations to automate the recertification process.

Select period – The period refers to the time after which the recertification for the selected set of containers would automatically be initiated.

Action – Action to be performed as per the policySelect an Action (Save, Run Recertification Flow, Mail Result) which is to be performed.Actions DescriptionMail Result Mail the list of containers extracted by

the rule defined in the policy.Run Recertification Flow This actually initiates the recertification

process. Internally, a backend scheduler job will pick up this policy, evaluates the containers based on the defined criteria, then saves the result in a .csv file in “RecertificationWorkflow” library on infrastructure site. Thereafter, recertification workflow (designed in Microsoft Flow) will pick up that file and start creating task for the container owners.

Save Result This only saves the rule results in a .csv file through the backend scheduler job as stated above but does not initiate the workflow as such.

How to Use the Refinement Criteria

Let consider the following example of a policy. Let us assume that Admin wants to create a policy only for Site Collection and Sub Site and those containers will need to be recertified for Ownership and User Permissions. This policy intends to run the recertification on the containers belonging to Finance department. To achieve that, admin needs to define a filter criteria such as “Name” “contains” “Finance” as choices for the field, condition and value respectively. So, all SharePoint Site Collection and Sub sites which

Contains finance will be discovered and Policy will be enforced every 4 months for recertification.

In this case User need to select Recertification Activities: Ownership and User Permissions / MembershipRecertification Scope: SharePoint Site Collection and SharePoint Sub Site. Select Field: Name/Title Operator: ContainsValue: Finance

Process Frequency: 4 Months

7.3.1. Preview Result

After configuring the details, the admin can Run the “Preview Results” to review the result set that would be submitted for recertification based on the selection criteria set in the steps above.

7.3.2. My Content Lifecycle Tasks

Go to “Content Lifecyle Management” “My Content Lifecycle Tasks”. This screen shows all the recertification tasks assigned to the currently logged in user.User can click on one task, see the details and complete it. On the other hand, user can select few tasks and recertify them as a bulk action assuming that the details are already verified.Once a policy is created, a backend scheduler job picks up the policy, evaluates it, create tasks and send mails to the respective container owners for the selected containers.The mail also provides a link to come directly to this page. The screen would appear as follows and the details are explained below.

The table has the following columns.Column Names DescriptionTask Title This is the name of the task with a

hyperlink. This will take the user to the actual task screen. The task screens would be different as appropriate for the recertification type and will be explained individually in the later sections

Due Date This is the date by which the task is expected to be completed. This is set after 15 days from the date of creation of the task and is configurable.

Recertification Scope This specifies the scope of

recertification or in other words the container types that are selected by the policy.

Recertification Type This indicates the nature of the recertification task e.g. Ownership/User Permissions/Metadata

Date Created Creation date of the taskTask Status Phase of the recertification process

(currently only In progress status)

7.3.3. Ownership Recertification Task

If a task is regarding ownership recertification, then clicking on the hyperlink of the task title, the following screen would appear.

Here you can add new owners, remove existing owners, reassign to another user if you think someone else might be a better person to assert the ownership status and then finally recertify.This screen provides few buttons that are described below.

Back: Takes you back to task list screen Reset: Refreshes the current view Reassign: Delegate the task to some other user Recertify: Finally, once you feel the container is ready to be recertified click

on this. Once you click on recertify the task will be treated as finished and your name, date will be recorded as the recertifying person against the container with the current recertification scope.

7.3.4. Metadata Recertification Task

If a task is of metadata recertification type, then clicking the hyperlink on the task title the following screen would appear.

This will show you all provisioning metadata along with their current values for the associated container. You can review them and update them by clicking “Update Metadata”. You can reassign the task to another user if required. Finally, clicking the recertify button would complete the task.This screen provides few buttons that are described below.

Back: Takes you back to task list screen Reset: Refreshes the current view Reassign: Delegate the task to some other user Recertify: Finally, once you feel that all the metadata are correct, it is ready

to be recertified. Click on this button. Once you click on recertify the task will be treated as finished and your name, date will be recorded as the recertifying person against the container with the current recertification scope.

7.3.5. User Permission Recertification Task

If a task is of user-permission recertification type, then clicking the hyperlink on the task title the following screens would appear.If the container is an Office 365 group or Teams connected group, then a screen similar to Ownership recertification task screen will appear as follows and it has already been described.

If the container is a SharePoint Site or Sub Site, then the screen will have two sections e.g.

Review SPO Site/Subsite level Permission Review List/Library Level Permission

Review SPO Site/Subsite level PermissionClick on the section title to expand it to reveal the following

This section is intended for reviewing memberships and permissions for the entire site. To achieve that it will take you to native SharePoint permission management screen on a new tab by clicking on the review permissions link. You are expected to review all the users and their permissions there, make changes as may be required and then come back to this screen to finally certify and complete the task. Before, clicking on the recertify button, please make sure to review the List/Library level permissions as well as explained below.

Review List/Library PermissionThis section filters all the lists/libraries within this site which have unique permissions assigned to them. The idea is to bring focus only on the objects which have their inheritance broken. To review the current permissions, click

on the review permission link given alongside. This will open up the native SharePoint permissions management screen for that particular list or library and you are expected to validate all users and permissions there or change them if needed.

Once both the above sections are reviewed and finalised, click on the recertify button to complete the task.The buttons on the task screen are explained below.

Back: Takes you back to task list screen Reset: Refreshes the current view Reassign: Delegate the task to some other user Recertify: Finally, once you feel that all the user permissions are correct or

modified properly, it is ready to be recertified. Click on this button. Once you click on recertify the task will be treated as finished and your name, date will be recorded as the recertifying person against the container with the current recertification scope.

7.3.6. Recertification Status Report

Go to “Content Lifecycle Management” -> “Recertification Status Report”.

This screen provides you with the comprehensive overview of recertification status of all tasks on a per container type basis. The following is the screen shot.

Select a container type from the drop down on the top left to view all the tasks associated with that container types.

The columns in the table are explained below.

Column Name DescriptionContainer Name The name of the

site/subsite/group/teams Primary Owner A link is given to see all the primary

owners associate with the containerOwnership(O) Ownership recertification task status

for this containerActivation Date(O) Ownership recertification task

creation date for this containerMem/Perm(M/P) Membership/user permission

recertification task status for this container

Activation Date(M/P) Membership/user permission recertification task creation date for this container

Metadata(M) Metadata recertification task status for this container

Activation Date(M) Metadata recertification task creation date for this container

If you click on the hyperlink given in the status column, you can see the relevant details of the associated policy in terms of the policy name, policy owner, policy creation date and when was the container recertified last time.

7.4 Content Lifecycle Job History

This is intended as a simple audit facility to review all the content lifecycle jobs that were performed by the system. These jobs are grouped separately as disposition jobs and recertification jobs. It shows all the previous run jobs with their status.

1.

2.

3.

4.

5.

6.

7.

7.1.

7.2.

7.3.

7.4.

7.4.1. Disposition Job History

This is the place where the log of previously run disposition jobs can be reviewed.

The following table details out the columns shown in the screen.

Column Name DescriptionJob Name The identity of the job as assigned by

the system Job Start Date (UTC) Job start time as stamped by the

systemJob End Date (UTC) Job end time as stamped by the

systemStatus Current status of the job e.g.

Running, Success, Fail etc. Message If the job runs into error and fails for

some reason appropriate indicative error message will be shown here

Run By It’s either a Web Job or the account name of the user if someone had exercised the Run Immediately option

Duration (Minutes) Time taken by the jobAction Clicking here would export the job

history details in a Log.txt file

7.4.2. Recertification Job History

This is the place where the log of previously run disposition jobs can be reviewed. This can also be seen by selecting recertification in the top dropdown.

The details of the table and the columns are exactly the same as described in the disposition job section.

8. HelpThe Help section provides you with the following facilities.

Admin Guide User Guide

Support Request View Support Requests

1.2.3.4.5.6.7.8.

8.1. Admin Guide

This allows you to directly download the Admin guide in .docx format.

8.2. User Guide

This allows you to directly download the User guide in .docx format.

8.3. Support Request

This is where you can raise a support ticket to the Govern 365 support team.

To raise a service request you can use the following fields. Request Title–Give it a name such that you can associate it with the issue

clearly Request Description – Define the problem clearly so that support team can

reproduce it easily Request Type – Mark the request appropriately as a bug/question as per your

understanding

8.4. View Support Requests

This is where you can see the status of all the support requests.

9. Infrastructure Site CollectionThis is the space where Govern 365 keeps its application data. It is also meant to store the submitted requests and the status for the provisioned sites.The Infrastructure site collection can also be used by the Office 365 Governance admin to manage the following functionalities of the Office 365 Governance application:

9.1. Managing Available Provisioning TemplatesThis feature takes care of managing templates for the sites you want to do provisioning. This encompasses the following:You can modify the following template properties while managing the templates:

o Titleo Nameo Template Scope – create a scope irrespective of whether it is a Site, Group,

Yammer, Teams or Web Template.o Status – Approved (only the approved templates could be used to provision

sites) or Blank (cannot be used to provision the sites).o Workflow Name – Used to capture the name of the approval workflow which

is to be called by the container (teams, group, or web template) in case the

auto-approval is disabled.

9.2. Site RequestsAll the submitted requests for the sites to be provisioned are stored in a specific list within the Infrastructure Site Collection to be reviewed by the Govern 365 admin. The Site Request list will include the following information about the provisioning requests: Title of the requested site Request Status – Submitted (the final request that has been submitted) or

Draft (for a request that is to be submitted at a later point) Provisioning Job Status – This includes the status for the submitted requests.

o Draft: Provisioning Request is saved by user, for later modification. Request in Draft mode can be modified and deleted.

o Submitted: Provisioning Request is submitted by user and cannot be modified after submission. Request can be viewed in submitted status by clicking on icon under Action column on Dashboard.

o Pending: In case, if organization has not implemented workflows and auto approval is enabled, request is directly moved from Submitted to Pending Status. In case, workflow is implemented, after completion of approval process, Request status is changed from Submitted to Pending status. Request are only provisioned when status is Pending.

o Running: During the provisioning process, request status is changed to 'Running'.

o Provisioned: On successful completion of provisioned process, request status is changed to 'Provisioned'

o Failed: In case of any technical error while provisioning process, request status is changed to 'Failed'. Details of Technical error can be viewed by going to details of Site Request by pressing 'Details' icon under 'Action' column.

Provisioning Job Error – This field displays the details of the reasons for the failure of a provisioning request (in case the submitted request fails to be processed).

Provisioning Job Owner – This field contains the requester name of the user who requested the provisioning.

9.3. Site Request Form ConfigurationThe “SiteRequestFormConfig” list includes the JSON data related to the “Create New Request Form”.

9.4. Admin StepsThe “AdminSteps” list includes the JSON data related to the Post Provisioning Steps.

9.5. Email Templates

The “Email Templates” list contains the templates of the notifications to be sent out at various stages of the provisioning requests.

9.6.9.6.9.6.9.6.9.6.9.6.9.6.9.6.9.6.9.6.9.6.9.6.9.6.

Site DirectoryThe Site Directory list stores all the information regarding the Provisioned Sites, Groups, Teams etc.The information is captured under the following fields:

Title Site Template (the template to be used for the requested provisioning) Functional Area (Example: Legal) Department Area (Example: Compliance – within the Legal Dept.) Owners (the owners of the sites to be provisioned – by default this user is the

requester)

9.7. Functional AreaThis list is the feeder list for the “Functional Area” info included in the containers (Site, web, Groups, Teams etc.)

9.8. Department AreaThis list is the feeder list for the “Department Area” that contains related information in the containers (Site, web, Groups, Teams etc.). The values in this list are dependent on the values selected from the Functional Area.

9.9. Disposition

This library contains the disposition rule results when action from “Create Rule” page is “Save Results”.

9.10. DispositionWorkFlow

This library contains the disposition rule results when action from “Create Rule” page is “Flow”.

9.11. Recertification

This library contains the recertification rule results when action from “Add Policy” page is “Save Results”.

9.12. RecertificationWorkFlow

This library contains the recertification rule results when action from “Add Policy” page is “Run Recertification Flow”.

9.13. RecertificationReport

This library contains the consolidated report for each container against all recertification policies in the system.The report can be viewed from the screen “Content Lifecycle Management” -> “Recertification Status Report”

9.14. New SharePoint group “Govern O365 Service Admin Group”

Create a new SharePoint group named “Govern O365 Service Admin Group” in this infrastructure site collection. Choose permission levels as “Design and Contribute”.

Add people in this group to whom recertification task will be assigned if the first level container owners do not respond to their recertification task within 15 days.The task will be available to the people of this group for 12 days to respond.

9.15. New SharePoint group “O365 Governance - IT Approval Group”

Create a new SharePoint group named “O365 Governance - IT Approval Group” in this infrastructure site collection. Choose permission levels as “Full Control”.

Add people in the group to whom provisioning request task will be submitted for approval.

9.16. Site Collection and Site Templates

This library contains all approved templates based on which the containers are provisioned.

To activate approval process on respective template type notice the field called “Is Approval WF Required” column.The same can be accomplished from the application by navigating “App Settings” -> “Approval Flow Settings for Template”