Merge pull request #210833 from OWinfreyATL/owinfreyATL-LCW-HowTo-Updates

BCS2022 · web-flow · commit 28d6a09bb8b9 · 2022-09-13T08:31:23.000-07:00
updates and set leave date time update
diff --git a/articles/active-directory/governance/TOC.yml b/articles/active-directory/governance/TOC.yml
@@ -89,7 +89,7 @@
       href: lifecycle-workflow-extensibility.md
     - name: Versioning (Preview)
       href: lifecycle-workflow-versioning.md 
-    - name: Workflow Audit logs
+    - name: Workflow Audit logs (Preview)
       href: lifecycle-workflow-audits.md
     - name: Workflow History (Preview)
       href: lifecycle-workflow-history.md     
diff --git a/articles/active-directory/governance/lifecycle-workflow-tasks.md b/articles/active-directory/governance/lifecycle-workflow-tasks.md
@@ -24,13 +24,13 @@ Lifecycle Workflows currently support the following tasks:
 |Task  |taskDefinitionID  |
 |---------|---------|
 |[Send welcome email to new hire](lifecycle-workflow-tasks.md#send-welcome-email-to-new-hire)     |   70b29d51-b59a-4773-9280-8841dfd3f2ea      |
-|[Generate Temporary Access Password and send via email to user's manager](lifecycle-workflow-tasks.md#generate-temporary-access-password-and-send-via-email-to-users-manager)     |  1b555e50-7f65-41d5-b514-5894a026d10d       |
-|[Add user to group](lifecycle-workflow-tasks.md#add-user-to-group)     |    22085229-5809-45e8-97fd-270d28d66910     |
-|[Add user to team](lifecycle-workflow-tasks.md#add-user-to-team)      |  e440ed8d-25a1-4618-84ce-091ed5be5594       |
+|[Generate Temporary Access Pass and send via email to user's manager](lifecycle-workflow-tasks.md#generate-temporary-access-pass-and-send-via-email-to-users-manager)     |  1b555e50-7f65-41d5-b514-5894a026d10d       |
+|[Add user to groups](lifecycle-workflow-tasks.md#add-user-to-groups)     |    22085229-5809-45e8-97fd-270d28d66910     |
+|[Add user to teams](lifecycle-workflow-tasks.md#add-user-to-teams)      |  e440ed8d-25a1-4618-84ce-091ed5be5594       |
 |[Enable user account](lifecycle-workflow-tasks.md#enable-user-account)     |    6fc52c9d-398b-4305-9763-15f42c1676fc     |
 |[Run a custom task extension](lifecycle-workflow-tasks.md#run-a-custom-task-extension)    |    4262b724-8dba-4fad-afc3-43fcbb497a0e    |
 |[Disable user account](lifecycle-workflow-tasks.md#disable-user-account)     |   1dfdfcc7-52fa-4c2e-bf3a-e3919cc12950      |
-|[Remove user from group](lifecycle-workflow-tasks.md#remove-user-from-groups)     |   1953a66c-751c-45e5-8bfe-01462c70da3c      |
+|[Remove user from selected group](lifecycle-workflow-tasks.md#remove-user-from-selected-groups)     |   1953a66c-751c-45e5-8bfe-01462c70da3c      |
 |[Remove users from all groups](lifecycle-workflow-tasks.md#remove-users-from-all-groups)     |    b3a31406-2a15-4c9a-b25b-a658fa5f07fc     |
 |[Remove user from teams](lifecycle-workflow-tasks.md#remove-user-from-teams)    |    06aa7acb-01af-4824-8899-b14e5ed788d6     |
 |[Remove user from all teams](lifecycle-workflow-tasks.md#remove-users-from-all-teams)     |    81f7b200-2816-4b3b-8c5d-dc556f07b024     |
@@ -46,16 +46,19 @@ Lifecycle Workflows currently support the following tasks:
 Common task parameters are the non-unique parameters contained in every task. When adding tasks to a new workflow, or a workflow template, you can customize and configure these parameters so that they match your requirements.
 
 
+> [!NOTE]
+> The user's employee hire date is used as the start time for the Temporary Access Pass. Please make sure that the TAP lifetime task setting and the [time portion of your user's hire date](how-to-lifecycle-workflow-sync-attributes.md#importance-of-time) are set appropriately so that the TAP is still valid when the user starts their first day.
+
 |Parameter  |Definition  |
 |---------|---------|
 |category     |  A  read-only string that identifies the category or categories of the task. Automatically determined when the taskDefinitionID is chosen.     |
 |taskDefinitionId     | A string referencing a taskDefinition which determines which task to run.       |
 |isEnabled     | A boolean value that denotes whether the task is set to run or not. If set to “true" then the task will run. Defaults to true.       |
 |displayName     |  A unique string that identifies the task.       |
 |description     | A string that describes the purpose of the task for administrative use. (Optional)         |
-|executionSequence     | An integer that is read-only which states in what order the task will run in a workflow. For more information about executionSequence and workflow order, see: [Execution conditions](understanding-lifecycle-workflows.md#parts-of-a-workflow).       |
+|executionSequence     | An integer that is read-only which states in what order the task will run in a workflow. For more information about executionSequence and workflow order, see: [Configure Scope](understanding-lifecycle-workflows.md#configure-scope).       |
 |continueOnError     |  A boolean value that determines if the failure of this task stops the subsequent workflows from running.        |
-|arguments     |  Contains unique parameters relevant for the given task       |
+|arguments     |  Contains unique parameters relevant for the given task.       |
 
 
 
@@ -100,9 +103,9 @@ For Microsoft Graph the parameters for the **Send welcome email to new hire** ta
 
 ```
 
-### Generate Temporary Access Password and send via email to user's manager
+### Generate Temporary Access Pass and send via email to user's manager
 
-When a compatible user joins your organization, Lifecycle Workflows allow you to automatically generate a Temporary Access Password(TAP) and have it sent to the new user's manager.
+When a compatible user joins your organization, Lifecycle Workflows allow you to automatically generate a Temporary Access Pass(TAP) and have it sent to the new user's manager.
 
 With this task in the Azure portal, you're able to give the task a name and description. You must also set the following:
 
@@ -111,31 +114,31 @@ With this task in the Azure portal, you're able to give the task a name and desc
 :::image type="content" source="media/lifecycle-workflow-task/tap-task.png" alt-text="Screenshot of Workflows task: TAP task.":::
  
 
-The Azure AD prerequisites to run the **Generate Temporary Access Password and send via email to user's manager** task are:
+The Azure AD prerequisites to run the **Generate Temporary Access Pass and send via email to user's manager** task are:
 
 - A populated manager attribute for the user.
 - A populated manager's mail attribute for the user.
 - An enabled TAP tenant policy. For more information, see [Enable the Temporary Access Pass policy](../authentication/howto-authentication-temporary-access-pass.md#enable-the-temporary-access-pass-policy)
  
 
 > [!IMPORTANT]
-> A user having this task run for them in a workflow must also not have any other authentication methods, sign ins, or AAD role assignments for this task to work for them.
+> A user having this task run for them in a workflow must also not have any other authentication methods, sign-ins, or AAD role assignments for this task to work for them.
 
-For Microsoft Graph the parameters for the **Generate Temporary Access Password and send via email to user's manager** task are as follows:
+For Microsoft Graph the parameters for the **Generate Temporary Access Pass and send via email to user's manager** task are as follows:
 
 |Parameter |Definition  |
 |---------|---------|
 |category    |  joiner      |
 |displayName     | GenerateTAPAndSendEmail (Customizable by user)      |
-|description     | Generate Temporary Access Password and send via email to user's manager (Customizable by user)       |
+|description     | Generate Temporary Access Pass and send via email to user's manager (Customizable by user)       |
 |taskDefinitionId     |   1b555e50-7f65-41d5-b514-5894a026d10d     |
 |arguments     |  Argument contains the name parameter "tapLifetimeInMinutes", which is the lifetime of the temporaryAccessPass in minutes starting at startDateTime. Minimum 10, Maximum 43200 (equivalent to 30 days). The argument also contains the tapIsUsableOnce parameter, which determines whether the password is limited to a one time use. If true, the pass can be used once; if false, the pass can be used multiple times within the temporaryAccessPass lifetime.    |
 
 
 ```Example for usage within the workflow
 {
     "category": "joiner",
-    "description": "Generate Temporary Access Password and send via email to user's manager",
+    "description": "Generate Temporary Access Pass and send via email to user's manager",
     "displayName": "GenerateTAPAndSendEmail",
     "isEnabled": true,
     "continueOnError": true,
@@ -158,29 +161,29 @@ For Microsoft Graph the parameters for the **Generate Temporary Access Password
 > The employee hire date is the same as the startDateTime used for the tapLifetimeInMinutes parameter.
 
 
-### Add user to group
+### Add user to groups
 
-Allows users to be added to a cloud-only group. To control access to on-premises applications and resources, you need to enable group writeback. For more information, see [Azure AD Connect group writeback](../hybrid/how-to-connect-group-writeback-v2.md). 
+Allows users to be added to cloud-only groups. To control access to on-premises applications and resources, you need to enable group writeback. For more information, see [Azure AD Connect group writeback](../hybrid/how-to-connect-group-writeback-v2.md). 
 
 You're able to customize the task name and description for this task.
 :::image type="content" source="media/lifecycle-workflow-task/add-group-task.png" alt-text="Screenshot of Workflows task: Add user to group task.":::
 
 
-For Microsoft Graph the parameters for the **Add user to group** task are as follows:
+For Microsoft Graph the parameters for the **Add user to groups** task are as follows:
 
 |Parameter |Definition  |
 |---------|---------|
 |category    |  joiner,leaver      |
 |displayName     |  AddUserToGroup (Customizable by user)        |
-|description     |  Add user to group (Customizable by user)       |
+|description     |  Add user to groups (Customizable by user)       |
 |taskDefinitionId     |   22085229-5809-45e8-97fd-270d28d66910      |
 |arguments     |  Argument contains a name parameter that is the "groupID", and a value parameter which is the group ID of the group you are adding the user to.    |
 
 
 ```Example for usage within the workflow
 {
             "category": "joiner,leaver",
-            "description": "Add user to group",
+            "description": "Add user to groups",
             "displayName": "AddUserToGroup",
             "isEnabled": true,
             "continueOnError": true,
@@ -196,19 +199,19 @@ For Microsoft Graph the parameters for the **Add user to group** task are as fol
 ```
 
 
-### Add user to team
+### Add user to teams
 
 You're able to add a user to an existing static team. You're able to customize the task name and description for this task.
 :::image type="content" source="media/lifecycle-workflow-task/add-team-task.png" alt-text="Screenshot of Workflows task: add user to team.":::
 
 
-For Microsoft Graph the parameters for the **Add user to team** task are as follows:
+For Microsoft Graph the parameters for the **Add user to teams** task are as follows:
 
 |Parameter |Definition  |
 |---------|---------|
 |category    |  joiner,leaver      |
 |displayName     |  AddUserToTeam (Customizable by user)       |
-|description     |  Add user to team (Customizable by user)        |
+|description     |  Add user to teams (Customizable by user)        |
 |taskDefinitionId     |   e440ed8d-25a1-4618-84ce-091ed5be5594      |
 |argument     |  Argument contains a name parameter that is the "teamID", and a value parameter which is the team ID of the existing team you are adding a user to.    |
 
@@ -336,16 +339,16 @@ For Microsoft Graph the parameters for the **Disable user account** task are as
 
 ```
 
-### Remove user from groups
+### Remove user from selected groups
 
-Allows you to remove a user from cloud-only groups. To control access to on-premises applications and resources, you need to enable group writeback. For more information, see [Azure AD Connect group writeback](../hybrid/how-to-connect-group-writeback-v2.md). 
+Allows you to remove a user from cloud-only groups. Dynamic and Privileged Access Groups not supported. To control access to on-premises applications and resources, you need to enable group writeback. For more information, see [Azure AD Connect group writeback](../hybrid/how-to-connect-group-writeback-v2.md). 
 
 You're able to customize the task name and description for this task in the Azure portal.
 :::image type="content" source="media/lifecycle-workflow-task/remove-group-task.png" alt-text="Screenshot of Workflows task: Remove user from select groups.":::
 
 
 
-For Microsoft Graph the parameters for the **Remove user from groups** task are as follows:
+For Microsoft Graph the parameters for the **Remove user from selected groups** task are as follows:
 
 |Parameter |Definition  |
 |---------|---------|
@@ -378,7 +381,7 @@ For Microsoft Graph the parameters for the **Remove user from groups** task are
 
 ### Remove users from all groups
 
-Allows users to be removed from every cloud-only group they are a member of. To control access to on-premises applications and resources, you need to enable group writeback. For more information, see [Azure AD Connect group writeback](../hybrid/how-to-connect-group-writeback-v2.md). 
+Allows users to be removed from every cloud-only group they are a member of. Dynamic and Privileged Access Groups not supported. To control access to on-premises applications and resources, you need to enable group writeback. For more information, see [Azure AD Connect group writeback](../hybrid/how-to-connect-group-writeback-v2.md). 
 
 
 You're able to customize the task name and description for this task in the Azure portal.
@@ -643,4 +646,4 @@ For Microsoft Graph the parameters for the **Send offboarding email to users man
 ## Next steps
 
 - [Manage lifecycle workflows properties](manage-workflow-properties.md)
-- [Manage lifecycle workflow versions](delete-lifecycle-workflow.md)
+- [Manage lifecycle workflow versions](delete-lifecycle-workflow.md)
diff --git a/articles/active-directory/governance/lifecycle-workflows-developer-reference.md b/articles/active-directory/governance/lifecycle-workflows-developer-reference.md
@@ -64,7 +64,7 @@ Lets examine the tasks section of a sample workflow.
 ```
 
 
-This task uses 1b555e50-7f65-41d5-b514-5894a026d10d, which is the taskDefinitionID for [Generate Temporary Access Password and send via email to user's manager](lifecycle-workflow-tasks.md#generate-temporary-access-password-and-send-via-email-to-users-manager).  This is a pre-defined task created by Microsoft and will send a user's manager an email that contains a temporary access pass.  This task requires the following more arguments.
+This task uses 1b555e50-7f65-41d5-b514-5894a026d10d, which is the taskDefinitionID for [Generate Temporary Access Pass and send via email to user's manager](lifecycle-workflow-tasks.md#generate-temporary-access-pass-and-send-via-email-to-users-manager).  This is a pre-defined task created by Microsoft and will send a user's manager an email that contains a temporary access pass.  This task requires the following more arguments.
 
 |Parameter |Definition  |
 |---------|---------|
