Skip to main content

Articles in this section

See more
Print

Microsoft Teams Certification Review rule

  • Updated

 

Rule description

This rule returns Teams based on the specified query and then sends a request to the Teams owner(s) to certify the Teams membership, continued existence, or both.

For more details about group certification, please see the Configuration of Group Membership and Teams Certification article. 

 

When to use this rule

Without proper periodic control, Microsoft 365 may become polluted with an excessive amount of Teams. One of the solutions to keep the growing number of Teams under control is to enforce their attestation and certification process. Certification is a process when Team owners review and certify that the Team itself and its membership are correct and current.

Use this rule when you need the Teams' owners to check or certify:

  1. Team existence
  2. Team membership accuracy
  3. Both the Team existence and Team membership accuracy

You can run a certification review for all Teams or only for Teams that have external members. 

Note: In case a replication group is configured in your environment, Cayosoft recommends running certification rules on the publisher for better performance.

 

Rule Settings

Query Section

Setting name Description

General Settings

  

Display Name starts with

Email starts with

Specify the search query to identify Teams included in the certification process. 

Archived teams

Specify if archived teams should be included in the rule scope.

No file access for more than (days)

No new posts for more than (days)
Note: To apply these filters you should run at first the following rule: Home > RULES > Built-in Rules (Pre-configured) > Analytics collection | Teams Usage.

Specify the number of days during which the Team didn't access the files or didn't write new posts.

 

Certification period (days)

Specify the certification period in days. The default value is 'Every rule execution creates a new certification task per group'.

By default, the certification rule execution schedule defines the certification period. A new certification task is created for each group on every rule execution. You can set the desired certification period in days if you want to run the rule more frequently than the certification period. The rule would ignore groups with pending or completed tasks within this period.

So, if the default value is used, every time the rule runs new certification items will be created.

if the number of days is specified, then the rule does not create any new certification items for a group with a pending or completed certification item state within the specified number.  When the specified number of days passes, the new certification items will be created again when the rule runs.

Other Query Settings

  

Members filter

Specify if you want to run the certification review for:

  1. All Teams in the rule scope.
  2. Teams with at least one guest member.
  3. Teams with guest members only. In this case, the Team will be sent to certification if it has no other members than guests.

Properties to display

Properties to display, specified in the rule, are not the actual properties used in the Output report. The output report has a special, non-changeable format. It displays ID, Group name, Assigned to, Status, and Error fields.

If the ID field is empty in the report, it means that the work item for certification was not created for the Team. This may happen if the Team doesn't have the owner, for example.

Filter

 

To hide unwanted data based on criteria set the filtering conditions here.

Example: filter by the found object Display Name.

Sort by

Sort result object list.

Initialization script

Usually, rules use query criteria to limit the query search scope. It improves the performance of the executed rule.

Due to PowerShell limitations, it is not possible to use the calculated expressions in filter criteria. That is the point where the initialization script can help. You can initialize a global variable in this setting and then use it in filter criteria.

Important: To use a variable, declared in the initialization script, in the query scope, it must be global: $global:<variable name>.

Example: List groups, created in the last ten days.

  1. Add this initialization script:
{$global:DatePeriod = (Get-Date).AddDays(-10)}
  1. Use $DatePeriod variable in the filter criteria builder:

 

Action Section

Setting name Description

Type of certification

 

There are three types of certification:

  1. The Team is still needed - the certifier should check whether he needs this Team or not. Team membership is not essential in this case.
  2. The Team's membership is accurate - the certifier should certify the membership of the Team is correct, and mark those members that need to be removed.
  3. The Team is still needed, and the membership is accurate - the certifier should check whether he needs this Team and the Team membership.

Work Item Title

  

Work item title

The work item title describes the work item for the user in notification emails and the list of work items in the Web Portal.

Work item comment

Specify the comment for the created work items.

Certifiers

  

User(s) listed as group owners

Specify if the owner of the target Team should be the certifier. In this case, the Team owner will be requested to provide Team certification.

Selected user(s)

Provide Microsoft 365 user ID for one or more user accounts to be certifiers if needed.

Defined by script

You can use a script that sets the certifiers. The script should return an array of strings; each string equals the object ID of the certifier.

Example:

{ @("9203750c-c989-4e7e-a86b-786a269f307d","811e4b97-c76d-4e7b-9b2b-be5b5e6df22c") }

Remediation and Expiration

  

Team removal by user

Specify which action must be performed when the team owner selects to remove the team during certification: delete or archive.

Note:Team can not be archived if it has a private channel and the Microsoft 365 connection account that is specified in the Microsoft 365 extension is not the owner of this private channel.

Certification review expires in (days)

Specify the number of days for certifiers to complete the certification review. If review is not completed within the given period, the certification request is set to Expire, and remediation actions are taken, as configured below.

Remediation

Select what action to perform when the certification review expires:

Note: To perform a remediation action, the Cancel Expired Work Items rule should be run, and the 'Expired' notification even should be enabled.
  1. Send a report to the certifier.
  2. Send a report and archive the Team.
  3. Send a report and delete the Team.

Email Notifications

  

Notification

Select events and configure email notifications to send upon these events:

  1. A new certification request was created - a notification is sent when the certification rule runs.
  2. The group is certified - notification is sent when the 'Certify' web action is performed.
  3. The certification request expired - notification is sent when the Cancel Expired Work Items rule runs.
  4. The certification request was canceled - notification is sent when the 'Certify' web action is performed.

 

Output Section

This section defines the output format of this rule.

To get more information about this section, please see the Output section article.

 

Enforce/Schedule section

This section defines the schedule for how often to run the rule.

To get more information about this section, please see the Enforce/Schedule section article.

 

 Change History

Version Notes
8.2.0

Members filter values are modified:

  1. 'Teams with guest members only' value is added.
  2. 'Only teams with guest' value is renamed to 'Teams with at least one guest member'.
7.2.0 Team removal by user and Archived teams settings are added.
6.4.0 Members filter and Certification period (days) setting are added.
6.3.0 The rule was introduced in the product.

 

 

© Copyright 2013-2025 Cayosoft Inc. All rights reserved.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request
Return to top

Related articles

Comments

0 comments

Please sign in to leave a comment.