Introduction - Govern 365



Govern 365 – Tenant Signup GuideA Product by NetwovenTenant Signup GuideDOCUMENT VERSION 2.0NoticesThis document is classified as “Customer Ready” and is intended for use by Govern 365 customers only.This document is subject to change at any time and is contingent on the evolution of the product. Changes shall be made at the sole discretion of Netwoven. This document is included as Govern 365 “SaaS Materials”.This document and the solution it describes, are protected by copyrights in accordance with applicable laws. Copyright ? Netwoven Inc 2019. All rights reserved.Table of Contents TOC \o "1-3" \h \z \u 1Introduction PAGEREF _Toc44558607 \h 52New Tenant Sign Up PAGEREF _Toc44558608 \h 52.1Register and Provide Consent PAGEREF _Toc44558609 \h 53Completing Signup PAGEREF _Toc44558610 \h 74Additional Configuration PAGEREF _Toc44558611 \h 114.1Configure Security Classification PAGEREF _Toc44558612 \h 114.1.1Configure Security Classification PAGEREF _Toc44558613 \h 114.2Configure Prerequisites for Content Inventory and Reporting PAGEREF _Toc44558614 \h 134.2.1Configure Inventory Data Storage Account in Azure PAGEREF _Toc44558615 \h 134.2.2Configure Inventory Data Collection PAGEREF _Toc44558616 \h 164.2.3Collection of Inventory Data PAGEREF _Toc44558617 \h 174.3Configure Inventory Reports PAGEREF _Toc44558618 \h 184.3.1Power BI Setup PAGEREF _Toc44558619 \h 184.3.2Change Data Source to Azure Storage account PAGEREF _Toc44558620 \h 184.3.3Alternate approach to connect to a different data source PAGEREF _Toc44558621 \h 204.3.4Enhance Power BI Report PAGEREF _Toc44558622 \h 214.4Configure Disposition Flow PAGEREF _Toc44558623 \h 234.4.1Download and Import Flow.zip PAGEREF _Toc44558624 \h 234.4.2Configure Actionable Email for Disposition Flow PAGEREF _Toc44558625 \h 314.4.3Configure Flow PAGEREF _Toc44558626 \h 344.4.4Install SPFX package PAGEREF _Toc44558627 \h 354.5Configure Provisioning Requests Approval Flow PAGEREF _Toc44558628 \h 354.5.1Download and Import Flow.zip PAGEREF _Toc44558629 \h 354.5.2Configure Flow PAGEREF _Toc44558630 \h 364.6Configure Re-certification Flow PAGEREF _Toc44558631 \h 414.6.1Download and Import Flow.zip PAGEREF _Toc44558632 \h 414.6.2Configure Flow PAGEREF _Toc44558633 \h 41IntroductionFirstly, thank you very much for your interest in Govern 365. Your attention to the balance between maintaining the appropriate administrative control and providing a seamless user experience in Office 365 is essential to the long-term success of your modern workplace transformation initiative and we are ecstatic to help you along the path!Although we have invested a considerable amount of time and thought into streamlining, automating and making intuitive the new tenant sign-up process, we understand that a little more information can help. This document is intended as an accompanying guide to clarify and enumerate the details as well as help you successfully complete your sign-up process. If you have any questions at any point during the process, please don’t hesitate to reach out govern365support@.New Tenant Sign UpPlease make sure that the user performing the sign-up process has the Office 365 Global Administrator role.Register and Provide ConsentGo to and click on the “Start a Free Trial” button. Clicking the “Start a Free Trial” button will take you to a form to fill out. Complete the form and you will be sent an email with a link to the “Tenant Signup” page at the “Sign Up” Text (shown in the Tenant Sign-Up page above) and click on the “log in” button. Enter your credentials (global administrator) on the login page that appears as shown below.Provide Consent to the Govern 365 application to get access to your tenant with requested permissions, by clicking on ‘Accept’ button.After the successful submission of your tenant signup request, the below screen is displayed. It will take ~15 minutes to an hour to complete the remainder of automated configuration tasks. We will send you an email with Tenant Configuration completion and login Information as soon as our automated part of the process is pleting SignupAfter the registration and consent process completes, login to the Govern 365 application. A notification will be displayed at the top of the dashboard page enumerating the pending manual tasks that you need to complete (as shown in the screenshot below). Perform each task in the steps listed below and check the box next to complete the task and stop displaying it in the Dashboard anization?Sign Up – Click on this link to sign up on behalf of the entire organization (so that every user does not have to individually consent)20589198298000Assign Users to Roles – Click on this link to add/Remove users or groups from your AD into one of the user roles (Admin and User) for the application. For starters, you may only want to add a few of your close service admin colleagues. Later you will add more users for your pilot and ultimately you will add all users that you expect to use the application in your organization for Go-Live.Register?the Provisioning Remote Event Receiver – Click on this link to Register Remote Event Receiver. The RER handles the triggering of the Provisioning engine and process from a submitted request. Provide the credentials of the same user who initiated the signup process to complete this step.21800282042000If you are interested in collecting inventory data about aggregate conversation count in a channel or the date and time stamp of the most recent conversation in Microsoft Teams, a service account is required. In the Tenant Settings page, click on Teams and specify the credentials for the service account.The account specified for Teams provisioning must meet the following requirements:Must be a cloud-only account in Azure AD (UPN in the format user@<domain>.)Disable Multi Factor Authentication for the accountSet password to never expire (or expire after the longest time your security policies permit) Assign a Microsoft Teams license to the accountIf your organization restricts who can create Office 365 Groups (described here), then add this service account to the security group authorized to create groups. (Note: this requires assigning Azure AD Premium license to the service account)5. Yammer access token – To generate Yammer access Token, please follow the steps below-Go to Yammer and click on Setting & Apps iconThen click “MyApps” and then “Register New App” buttonFill up the formApplication Name – Any suitable name like – Govern365<Tenant>Organization – Your organization nameSupport e-mail – Your support emailWebsite – Your web site URLRedirect URI – Your web site URLCopy the client Id Click on the link – “Generate a developer token for this application” to generate token and copy thatCopy the yammer domainGo to “App Settings” in Govern 365 application then “Tenant Settings” and click on “Yammer Tab”24688938685400Paste the copied items to the form below – Additional ConfigurationA few other configurations and settings need to be done to complete the overall Tenant signup process as stated below.Security Classification data setupContent inventory and Reporting setupDisposition flow setupConfigure Security ClassificationThis provides for the security classification e.g. Internal, External or Confidential of the containers that would be provisioned by Govern 365.Configure Security ClassificationFirst you need to check what are the classification values has already been set in the tenant. To view this go to (App Settings -> Tenant Settings)Then click on “Classification” tab as shown below.0000If the tenant has already classifications enabled, you would see them as comma separated values. In that case if you wish you can add/update values (comma separated) and click on Set Classification button to save the updated values.If you see the first text field (Classification values: (Provide comma separated) empty that means there are no classifications set in the tenant, so you can add new values (comma separated).Provide a default value in the second column. (This value needs to be any single classification provided in the first column).You may or may not provide any usage guideline url in the third column. This is not mandatory, If you know the usage guidelines exists somewhere in your organization regarding the usage of classifications then provide the full url here).After that click on “Set Classification”.Launch Govern 365 site and go to “Provisioning Requests” -> “Submit a New Request”The newly added security classification field would be added in the form as shown below.Please note: If no values for security classifications are configured by tenant admin then this field will not be visible despite all the above steps taken. Follow the steps here to configure this in your tenantIf any default classification is set, then the same will be seen by default in the security classification dropdown list.Configure Prerequisites for Content Inventory and ReportingA content inventory is an ever-changing data set. As content is created, edited, deleted, or moved in Office 365, you need to be able to monitor all contents from a content audit perspective and as a result build the right content ern 365 crawls all the designated content sources regularly, extracts the required inventory data and makes them available to a Power BI interface for ready visualization. This document helps the administrator to set up and configure Govern 365 in your environment for the purpose of the said inventory management and reporting.Configure Inventory Data Storage Account in AzureCreate a new Azure storage account to store the inventory data navigating to all resources and selecting to create a new storage account. Provide all necessary information and click on “Review + create”.Once the storage account is created, click on “Go to resource”.Click on “Access Keys” in the left navigation and copy/save both the connection strings in a handy place.Configure Inventory Data CollectionLog into the Govern 365 application as Admin, navigate to “App Settings -> Tenant Settings -> Inventory Tab”, and check the Inventory and Report checkboxes.Navigate to “Content Inventory -> Configure Data Storage”, select Azure Table Storage and provide the Account Name and Key from one of the connection strings saved earlier. Click Save.Navigate to “Content Inventory -> Configure Data Collection” and enable Office 365 objects for which inventory needs to be collected using the slider (first icon under the Action column). To select all objects, click on “Enable All” button at the bottom.0000This completes the setup of inventory collection processCollection of Inventory DataTo start collecting content inventory data, you can either kick off the Content Inventory (full crawl) job for chosen container types immediately or wait for the job’s scheduled run at Saturday 6 AM UTC. To run the Content Inventory (full crawl) job on demand, navigate to “Content Inventory -> Configure Data Collection” and click on the “Start” button (2nd icon under the Action column) against the desired container type as shown below.After some time, navigate to “Content Inventory -> Inventory Job History”and verify that the jobs have completed successfully. In Azure portal, navigate to the Storage Account created earlier and select Storage Explorer (preview) in the left navigation. You should see the tables created and populated with data.Configure Inventory ReportsPower BI SetupDownload the latest version of Microsoft Power BI Desktop application (free) from into , and using the Workspaces link in the left nav, create a new app workspace for storing the Govern 365 dashboard, reports, and data set. Add members to the workspace as necessary. All members need Power BI Pro licenses (standalone or included with Office 365 E5) assigned to access the named workspace. Verify that appropriate Power BI API permissions are granted to Govern 365 app registered in Azure AD.Change Data Source to Azure Storage accountLog into the Govern 365 application as Admin, navigate to “App Settings -> Tenant Settings ->Report Tab”, and download the master version of Power BI report from link provided on the page.Open the downloaded PBIX file in Power BI Desktop, and make the following modifications to the report.Change the Power BI data source connection to point to the customer’s Azure storage account: From the “Edit Queries” ribbon menu item, select the “Edit Queries” option to launch a new “Power Query Editor” window in addition to the existing Power BI Desktop window.In the “Power Query Editor” window, select the AzureStorageAccountName parameter in the left navigation, and provide the storage account name configured earlier. Then click on “Close and Apply” ribbon menu item on the top left. This should prompt for the account key, and then refresh the data in the report from the specified Azure storage account.Alternate approach to connect to a different data sourceFrom Edit Queries -> Edit ParametersIt will prompt the below screen asking for “account name”. Enter the new storage account name.Click ok and you will see below screen. Click on Apply changes on top.Then below screen will appear prompting to enter the storage account keyPut the account key for azure storage and click on connectEnhance Power BI ReportYou can always modify/enhance the existing Power BI reports as per your requirement. Some examples are provided below.You can extract Property Bag values attached to containers and use them in report, mash up Govern 365 Inventory data with other corporate data sources, add/change visualizations etc. For example, select a query (e.g. Content Inventory) in the Power Query Editor window, and click on Advanced Editor ribbon menu to see the Power Query (or M) steps applied to data fetched from the table in Azure storage account.Save the modified PBIX file to Inventory library of the SharePoint infrastructure site for future reference (optional).Choose File ->Publish option in Power BI Desktop to publish the report to the app workspace created earlier in . This will publish the reports and data set to the Power BI Service.Create a Dashboard by pinning desired tiles from reports.Create a refresh schedule for the Data Set published to the app workspace. Credentials to Azure storage account may need to be entered again.Note the GUID of the workspace in the URL and the name of the Dashboard created.Configure the Govern 365 application to point to the published dashboard at : Navigate to “App Setting -> Tenant Settings -> Report tab” and specify the App workspace GUID and Dashboard Name.0000Configure Disposition FlowMicrosoft “Flow” needs to be set up in your tenant for enabling Govern 365 to execute the disposition rules. It is important that the user performing the sign-up process must have Office 365 Global Administrator role to set up “Flow”Download and Import Flow.zipNavigate to below screen (App Settings -> Tenant Settings)Next from the below screen click on “Disposition” tab, you will see two download links one for downloading the flow another for downloading spfx package. Click on those links to download these files(.zip and .sppkg file)You need to import that downloaded flow zip file into your Flow tenant. You will also have to specify the Flow name and connections. Below are the exact steps that you will need to perform.Go to and sign in with the tenant admin account for which the flow is to be setup.After signing in, click on My flows as shown in the screen below.The following screen appears. Go to “Team flows” and click on Import. The following screen appears.Upload the zip file from your local store as demonstrated below.Wait till the package gets imported successfully. System will show the message below indicating that the package import is in progress.Once the import is completed click on “Update” button under “Import setup” as shown below.You will be presented with the update (import) set up options as shown below.Change the setup option to “Create as new“ from “update” and provide an appropriate name for the “Resource name” and click on save. You should see the following screen once the import set up is completed.Now it is time for setting up the connection. Click on Action (wrench icon) under related resource and you will see the screen below.Click on “Create new” to create a new outlook office365 connection as shown in the image below.The following screen appears and then click on “New connection”.In the new connection screen that appears as below, search for “outlook”, and select “outlook office 365” from the list.A modal pop up appears as below.Click on create and you will be presented with a screen to choose from the existing accounts or using a new one. Choose the right sign in account. After that the selected connection will be added to connections list.After this, you will need to add connections in the similar way for each of the entries under related resource by clicking on the “action” against each entry and provide the connection details. In each case you will observe the added connection as below.This way, you will come to creating the connection for the last one which is “SharePoint Connection”. Select SharePoint as described in the following image. The following screen would appear and leave the chosen option as it is since the cloud service is already selected by default.Click on “Create” and go back to the Import set up screen as shown below.Click on action related to “SharePoint connection” and select the newly added connection and save it.Finally, click on Import as shown below once all the connections are set up.You need to wait till the import process gets successfully completed and the following message is displayed.After successful import, edit the Flow and change the trigger to use the “DispositionWorkflow” library in the associated infrastructure site, change URL and save the flow as per the screen below.Configure Actionable Email for Disposition FlowThere are certain prerequisites for setting up actionable email that is to enable the user to click on actionable buttons directly on the mail.Register a provider id with Microsoft?actionable email dashboardGo to Microsoft actionable email dashboard page from the link:? sign in with the respective tenant id for which flow is being configured.??Click on?"New Provider"???The form below will appear. You need to provide few information in this form and save this for approval. Please refer the screenshot below, fill up the form and then save. After saving respective tenant administrators will be notified regarding the approval.?Provide the target URL as this stage, you will have to await approval from the tenant administrators. Once they approve this request i.e. this provider will be shown as approved on the dashboard.??Configure FlowAfter importing the disposition flow in your tenant the following configuration(changes) need to be done.?Edit the flow??Update the Site Address. This value can be obtained by visiting () and there is a link of infrastructure site. This infrastructure link needs to be provided as Site Address.?Update the value of originator id in action "Initialize actionable email originator id" with the previously noted provider id as was shown in actionable email dashboard.?Next “Save” the flow.?Install SPFX packageDeploy provided SPFX App to Tenant App Catalog site as given in the following image.Locate the app catalog site (from <tenant>-admin. site -> Apps -> Apps Catalog) and upload the “.sppkg” file in the "Apps for SharePoint" list Check the option to enable the app for all site collection - this will make an entry in Tenant Wide Extensions list.This completes setting up of the “Flow” process and the disposition rules will be executed as the designed flow.Configure Provisioning Requests Approval FlowMicrosoft “Flow” (Power Automate) needs to be set up in your tenant for enabling Govern 365 to execute the approval requests for newly submitted provisioning requests. It is important that the user performing the sign-up process must have Office 365 Global Administrator role to set up “Flow”.Download and Import Flow.zipNavigate to below screen (App Settings -> Tenant Settings)Click on “Disposition” tab in the screen below and you will see few download links. Click the link in the item “Please download the container approval flow template” to download the zip file.Configure FlowAfter importing the approval flow in your tenant, the following configuration(changes) need to be done.?Before you proceed, please ensure that you create a SharePoint group in infrastructure site with the name “O365 Governance - IT Approval Group”.You need to import that downloaded flow zip file into your Flow tenant. You will also have to specify the Flow name and connections. Below are the exact steps that you will need to perform.Go to and sign in with the tenant admin account for which the flow is to be setup.After signing in, click on My flows as shown in the screen below.The following screen appears.Go to “Team flows” and click on Import. The following screen appears.Upload the zip file from your local store as demonstrated below.Wait till the package gets uploaded successfully. Once it is uploaded successfully then update the connections. Please follow the exact steps as previously specified in section 4.4.1 Download and Import Flow.zip). Once all the connections are updated, click on Import as per the screen below.Once the import is complete, open the flow in edit mode where you need to update the values corresponding to your environment as mentioned in the steps below.Site Address-20638019812000Value (Initialize Infrastructure Site Url)Site AddressSite AddressUpdate job status to pending (Site Address)Update request status (Site Address)Update provisioning job status (Site Address)Update status to pending (Site Address)This completes the approval flow set up in the Govern 365 application.Configure Re-certification FlowMicrosoft “Flow” needs to be set up in your tenant for enabling Govern 365 to execute the recertification task requests for the newly submitted recertification policy requests. It is important that the user performing the sign-up process must have Office 365 Global Administrator role to set up “Flow”.Download and Import Flow.zipNavigate to below screen (App Settings -> Tenant Settings)Click on the “Disposition” tab and locate the download link for re-certification flow. Click on that to download the zip file.Configure FlowAfter importing the disposition flow in your tenant, the following configuration(changes) need to be done.?Before proceeding further, please ensure that you create a SharePoint group in infrastructure site with the name “Govern O365 Service Admin Group” having Design/Contribute Permission.You need to import that downloaded flow zip file into your Flow tenant. You will also have to specify the Flow name and connections. Below are the exact steps that you will need to perform.Go to and sign in with the tenant admin account for which the flow is to be setup.After signing in, click on My flows as shown in the screen below.The following screen appears.Go to “Team flows” and click on Import. The following screen appears.Upload the zip file from your local store as demonstrated below.Wait till the package gets uploaded successfully. Once it is uploaded successfully then update the connections as previously specified in 4.4.1 Download and Import Flow.zipOnce the connections are updated, click on Import.Once imported then change the values below with those of the corresponding infrastructure site of your tenant.Also create two default SharePoint document libraries in corresponding infrastructure site RecertificationRecertificationWorkFlowNow open the flow in edit mode where you need to update the values corresponding to your environment as mentioned below.Step: When a file is created in a folderSet the infrastructure site address URL in “Site Address” and select Folder Id to RecertificationWorkflowStep: Initialize RequestUrl Set the infrastructure site address in value field.This completes the setup of recertification flow in Govern 365 application. ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download