Data Retention - OfficeDev/microsoft-teams-apps-request-a-guest GitHub Wiki

The Request-a-guest app uses data such as guest names, organisations and email addresses. This data is required to approve and invite the guest. The retention of this data varies per workload.

A description of the location of this data is included below along with options for retention.

Exchange mailbox

By default notification emails are sent to the service account mailbox. This includes information around the guest such as email address, name and organisation.

Retention

Email retention is dependent on your organisations policy. A specific retention policy could be applied to the mailbox to delete items that are no longer required.

If email notifications are not required these steps can be removed from the Logic app by following the steps below:

  • Sign into the Azure Portal with administrative credentials
  • Navigate to the resource group created as part of the deployment by searching for resource groups in the search bar

Resource groups

  • Select the resource group used for Request-a-guest
  • Select the 'DomainCheck' Logic app and click 'Edit'

Edit DomainCheck

  • Expand the last step title 'If Domain is on the allow list, update with authorised'
  • Under the 'True' branch click the 3 dots next to 'Send success email to Monitoring mailbox' and click delete

Delete DomainCheck step

  • Repeat the process under the 'False' branch for 'Send failure email to Monitoring mailbox'
  • Click 'Save' on the Logic apps Designer
  • Select the 'RequestaGuest' Logic app and click 'Edit'
  • Click to expand the last step 'If modified by is a guest approver action the request'
  • Under the 'True' branch click the 3 dots next to 'Send success email to Monitoring mailbox' and click 'Delete'

Delete DomainCheck step

  • Repeat the process under the 'False' branch for 'Send decline email to monitoring mailbox'
  • Click 'Save' on the Logic apps designer

Teams

Adaptive cards are posted to the approvers channel. Notifications are also sent via chat messages to the original inviter. This data includes the guest name, email address and organisation.

Retention

Teams retention is dependent on your organisations retention policy. If required a specific policy can be applied to the approvers Team to remove items that reach a certain age

SharePoint

Guest information including email address, name and organisation together with the approval or rejection comments are stored on the SharePoint list.

Retention

SharePoint retention is based on your organisations retention policy. If required a specific policy can be applied to the guest request SharePoint site to remove items that reach a certain age.

Logic apps

Data is passed to each Logic app to execute the tasks. This data includes the guest name, email address and organisation. Although the data is not stored in the Logic app some of the data is accessible from the run history.

Retention

Run history has a default retention of 90 days. There is a preview feature which allows you to configure the retention of run history to between 7 and 90 days. To configure this retention follow the steps below for each Logic app:

  • Sign into the Azure Portal with administrative credentials
  • Navigate to the resource group created as part of the deployment by searching for resource groups in the search bar

Resource groups

  • Select the resource group used for Request-a-guest
  • For each of the Logic apps (DomainCheck, TeamsApproval, RequestaGuest) follow the steps below:
    • Click on the Logic app to access the settings
    • Under Settings select 'Workflow Settings'
    • Under 'Run history retention in days' select 'Custom'
    • Specify a customer retention period between 7 and 90 days
    • Click Save

Resource groups

Further Reading

Home

Architecture

Cost Estimates

Data Retention

Deployment Guide

Troubleshooting