This section contains the settings related to the involvement of your organization's users in the cleanup process. Users will receive email notifications when files, folders, or teams are about to be unshared.
To save the changes you make, click SAVE SETTINGS in the section footer.
User-driven cleanup will unshare all external permissions on the relevant file, folder, or team - including anonymous links. It will, however, not remove permissions to the item that come through an external user's membership of a group, SharePoint group or team that has access to the item.
Global user-driven cleanup settings
The green or red dot in this line indicates whether or not all settings in this section (User-driven cleanup) are active.
Toggling the entire section on and off happens in the footer at the bottom of the section.
Setting the section to INACTIVE means that no email notifications will go out to users and that none of the settings in this section take effect.
When set to ACTIVE, emails go out 24 hours later at the earliest.
Cleanup users in these (Azure AD) groups only
Clicking MANAGE here will allow you to select the specific user groups you want to be part the user-driven cleanup. If you don't select any groups here, no users will be included in the user-driven cleanup.
You can choose to either include or exclude the groups you select below:
- If you choose to Exclude the selected groups, then users in all current and future groups will be part of user-driven cleanup except the groups you select.
- If you choose to Include selected groups, then only users in the groups you select will be part of user-driven cleanup. With this option you can opt to also just include all current and future groups.
The items listed under Available groups are the Microsoft 365 groups in your Microsoft Entra ID (formerly Azure Active Directory). You may want to create new groups in your Microsoft Entra ID to help a more organized and controlled cleanup process in the Tricent tool.
You add groups to the list Selected groups by clicking the arrow () to the right of the group name. Remember to click OK once you have the groups you want to include in Selected groups.
Note that if a user is a member of both a group chosen for user-driven cleanup and one (or more) that is not, then the user will be part of the cleanup.
Cleanup files/folders on these apps/services
This setting allows you to limit the cleanup to certain apps/services in your Microsoft environment.
This can be useful if your organization, for instance, has the approach that the users' OneDrive is for personal or private documents. If that's the case, simply exclude OneDrive from the user-driven cleanup.
Include teams in cleanup
Toggling this feature allows you to leverage the knowledge of team owners in the cleanup process. Team owners will start receiving notification emails that include the teams they are responsible for, once they are eligible for cleanup.
When you toggle the switch on, an extra setting will open called Suggest teams to cleanup for these users only.
Suggest teams to cleanup for these users only
Cleaning up teams is done by team owners by default if Include teams in cleanup is toggled. However, using this setting, you can choose to limit the cleanup to only teams with owners in one or more Azure Active Directory groups.
Clicking MANAGE will open a side panel where you can select the groups you want to include.
Run the cleanup every
This indicates how often you want the user-driven cleanup process to run.
Read more about how the email notifications and cleanup cycle work right here.
In cleanup emails, ask the users to consider no more than
When the cleanup process runs, users will receive notification emails when they have shared items that are about to be unshared.
Using this setting, you can define the maximum number of items presented to the end-user in the email. The list will contain the items with the shortest time to expire at the top.
Exclude files/folders/teams for cleanup that are younger than
With this setting, you can ensure a grace period for files, folders, and teams that have been created recently. These items will not be included in the user-driven cleanup. An admin can, however, ask a file/folder owner to keep sharing or not by using the actions in the Insights area during the set grace period.
Sharing of files/folders can be extended for a maximum of
This sets the number of days files/folders are allowed to be extended at a time by users. When users are asked to stop or keep sharing a file/folder, this is the maximum number of days they can choose to extend the sharing.
Sharing of teams can be extended for a maximum of
This sets the number of days teams are allowed to be extended at a time by users. When users are asked to stop or keep sharing a team, this is the maximum number of days they can choose to extend the sharing.
Using the dropdown here allows you to pick whether the cleanup date on the shared file or folder is calculated from...
-
Last modified - changes to the properties of the item, for instance, renaming or alterations in sharing permissions.
-
Created - the time when the item was created.
Note that the cleanup of teams will always be calculated from their created date.
Allow user-driven cleanup on weekends
The user-driven cleanup will also happen on weekends (Saturdays and Sundays) when toggled on. This means that users will also receive notification emails and cleanup will be carried out during those days.
If you have started a cleanup cycle that runs from Saturday to Saturday, and then toggle this setting off, the cycle will be pushed to running Monday to Monday. Read more about the cleanup cycle and notifications here.
Automated cleanup
The settings in this section form the basis of your automated cleanup process. This is the cleanup that runs automatically and silently (no email notification goes out to the user) in the background. The automated cleanup events are, however, available to you as an admin in the History area.
To save changes to the settings, click SAVE SETTINGS in the section footer.
Automated cleanup will unshare all external permissions on the relevant file/folder including anonymous links. It will, however, not remove permissions to the file/folder that come through an external user's membership of a group, SharePoint group or team with access to the file/folder.
Automated cleanup
The green or red dot in this line indicates whether or not all the settings in this section (Automated cleanup) are active. Toggling the entire section on and off happens in the footer at the bottom of the section.
Cleanup users in these (Azure AD) groups only
Clicking MANAGE here will allow you to select the specific user groups you want to be part the user-driven cleanup. If you don't select any groups here, no users will be included in the automated cleanup.
You can choose to either include or exclude the groups you select below:
- If you choose to Exclude the selected groups, then users in all current and future groups will be part of user-driven cleanup except the groups you select.
- If you choose to Include selected groups, then only users in the groups you select will be part of user-driven cleanup. With this option you can opt to also just include all current and future groups.
By ticking Use same groups as user-driven cleanup you can choose to include the same groups as the ones you picked in Cleanup users in these (Azure AD) groups only under User-driven cleanup.
The items listed under Available groups are the Microsoft 365 groups in your Microsoft Entra ID (formerly Azure Active Directory).
Note that if a user is a member of both a group chosen for automated cleanup and one (or more) that is not, then the user will be part of the cleanup.
Cleanup files/folders on these apps/services
This setting allows you to limit the cleanup to certain apps/services in your Microsoft environment.
This can be useful if your organization, for instance, has the approach that the users' OneDrive is for personal or private documents. If that's the case, simply exclude OneDrive from the user-driven cleanup.
Automatically stop sharing inactive files/folders/teams externally after
This sets the number of days files, folders, and teams are allowed to be shared externally from their "last modified" date. After this period has passed, the external sharing of the file/folder/team will automatically be revoked without the involvement of the item's owner.
As this setting and the one below are quite blunt instruments that can have far-reaching consequences, we have included a little "are you sure?" dialogue when toggling.
Using a timeframe that is easy to communicate to your organization - such as 100 days - can be a good idea if you choose to use this setting.
Automatically stop sharing files/folders/teams externally that are older than
This sets the maximum age allowed for files, folders, and teams shared externally. The age of an item is calculated from its creation date. After this period has passed, the external sharing of the file/folder/team will automatically be revoked without the involvement of the item's owner.
Using a timeframe that is easy to communicate to your organization - such as 365 days - can be a good idea, if you choose to use this setting.
Trusted domains
Comments
0 comments
Please sign in to leave a comment.