Profiles

Profile

A "Profile" is a set of configuration rules for an object. When you assign and apply a Profile on a Governed Object, Governor will apply all those configuration rules to the target object.

SUBJECT TO CHANGE Currently Profiles are defined as a "One Time" action. It means after applying the profile, Governor will not monitor and enforce the policies defined in the profile. So, user or "owner" of this object is free to change it out of Governor.

One or many Profiles can be assigned to one object. It allows to be granular in the profiles generation and does not add too much complexity to the profile. If there is more than one Profile covering the same configuration properties, the profiles are applied in order, so the last Profile wins.

Restrictions

Each Profile is applicable for certain types of objects.

You can define a Profile which is applicable to Exchange User Mailboxes only. Or you can define a Profile for assign a M365 License to a Hybrid, Cloud-only or Guest User.

Use Restrictions to narrow the types of objects for a Profile. A Profile is only applicable to an object, if the restrictions of the profile match the target object.

Restrictions can be made on:

Schemas, i.e. "Guest User"
Object Types, i.e. "Users"
Configuration Types, i.e. "AzureADUser"

Rules

Every profile consists of two sets of rules.

addRules are applied when the Profile is applied to a Governed Object.

removeRules are applied when the Profile is removed from a Governed Object.

Samples

We could define a "Profile" for

Company common Mailbox settings.
Shared Mailbox specific settings
Business Unit, etc.

With Profiles, we can easily manage the Joiner, Mover, Leaver Process by assigning or changing the profile for a User.

With Profiles, we can change a mailbox property for all mailboxes in the company. For example enable Archive or change the Default Calendar permissions.

Standardize Business Assets

Pixel Out is a medium size company with approx. 1000 users in several countries.

They want to standardize their M365 License assignments, take control of available cloud services per-user and grant access to MS Teams. In addition, they want to standardize their mailbox settings for users by country, and hardening the Mailbox Settings.

Pixel Out company could now define the following profiles:

Profile	Description
Sales Users	User should be member of MS Teams "Sales Operations", Distribution List "Sales", should have License E3 and Power BI license
VIP Users	User should be member of MS Teams "Board", Distribution List "Board Members" and should have License E5
Worker Users	User should be member of MS Teams Department A, Distribution List "Factory Employees", should have License F3 and Power BI license
US Mailbox Settings	Timezone and language are defined for this country
CH Mailbox Settings	Timezone and language are defined for this country
IT Mailbox Settings	Timezone and language are defined for this country
Mailbox Hardening	Security-related standard settings to apply on all company mailboxes

Public Room in Exchange Online

Mandatory changes/settings

This profile should delete any value in the BookingPolicy and ResourceDelegates as the meaning is to enforce the room to be available to any user. Reason for this is because with this profile we can convert any moderated or restricted Room into public and we need to perform a cleanup of these attributes.

As this is a generic profile we are not enforcing the TimeZone or Regional Settings but if the company has only one common location this is sufficient..

Note  We could combine this profile with another different one to define the Regional settings (see CompanyMailbox Profile)

        {
          "type": "Literal",
          "field": "ExoMailboxCalendarSettings.BookInPolicy",
          "value": ""
        },
        {
          "type": "Literal",
          "field": "ExoMailboxCalendarSettings.ResourceDelegates",
          "value": ""
        },
        {
          "type": "Literal",
          "field": "ExoMailboxCalendarSettings.ForwardRequestsToDelegates",
          "value": false
        }

Optional Changes/settings

Calendar Settings

        {
          "type": "Literal",
          "field": "ExoMailboxCalendarSettings.ConflictPercentageAllowed",
          "value": 90
        },
        {
          "type": "Literal",
          "field": "ExoMailboxCalendarSettings.DeleteSubject",
          "value": true
        },
        {
          "type": "Literal",
          "field": "ExoMailboxCalendarSettings.MaximumConflictInstances",
          "value": 30
        },
        {
          "type": "Literal",
          "field": "ExoMailboxCalendarSettings.RemovePrivateProperty",
          "value": false
        },
        {
          "type": "Literal",
          "field": "ExoMailboxCalendarSettings.BookingWindowInDays",
          "value": 400
        }

Calendar Configuration

We can decide to change the default values for the company values

        {
          "type": "Literal",
          "field": "ExoMailboxCalendarConfiguration.WorkDays",
          "value": "AllDays"
        },
        {
          "type": "Literal",
          "field": "ExoMailboxCalendarConfiguration.WeekStartDay",
          "value": "Monday"
        },
        {
          "type": "Literal",
          "field": "ExoMailboxCalendarConfiguration.WorkingHoursStartTime",
          "value": "00:30:00"
        },
        {
          "type": "Literal",
          "field": "ExoMailboxCalendarConfiguration.WorkingHoursEndTime",
          "value": "23:30:00"
        }

Reference

Profile JSON Reference

Profile​

Restrictions​

Rules​

Samples​

Standardize Business Assets​

Public Room in Exchange Online​

Mandatory changes/settings​

Optional Changes/settings​

Calendar Settings​

Calendar Configuration​

Reference​