Merge pull request #225546 from OWinfreyATL/OwinfreyATL-LCW-Limits

Limits and restrictions update

Author: prmerger-automator[bot]

articles/active-directory/governance/on-demand-workflow.md

@@ -8,22 +8,23 @@ ms.service: active-directory
 ms.subservice: compliance
 ms.workload: identity
 ms.topic: how-to 
-ms.date: 01/26/2023
+ms.date: 01/30/2023
 ms.custom: template-how-to 
 ---
 
 
 # Run a workflow on-demand (Preview)
 
-While most workflows by default are scheduled to run every 3 hours, workflows created using Lifecycle Workflows can also run on-demand so that they can be applied to specific users whenever you see fit. A workflow can be run on demand for any user and doesn't take into account whether or not a user meets the workflow's execution conditions. Workflows created in the Azure portal are disabled by default. Running a workflow on-demand allows you to run workflows that can't be run on schedule currently such as leaver workflows. It also allows you to test workflows before their scheduled run. You can test the workflow on a smaller group of users before enabling it for a broader audience.
+Scheduled workflows by default run every 3 hours, but can also run on-demand so that they can be applied to specific users whenever you see fit. A workflow can be run on demand for any user, and doesn't take into account whether or not a user meets the workflow's execution conditions. Running a workflow on-demand allows you to test workflows before their scheduled run. This testing, on a set of users up to 10 at a time, allows you to see how a workflow will run before it processes a larger set of users. Testing your workflow before their scheduled runs helps you proactively solve potential lifecycle issues more quickly.
 
->[!NOTE]
->Be aware that you currently cannot run a workflow on-demand if it is set to disabled, which is the default state of newly created workflows using the Azure portal.  You need to set the workflow to enabled to use the on-demand feature.
 
 ## Run a workflow on-demand in the Azure portal
 
 Use the following steps to run a workflow on-demand.
 
+>[!NOTE]
+>To be run on demand, the  workflow must be enabled.
+
 1. Sign in to the [Azure portal](https://portal.azure.com).
 
 1. Select **Azure Active Directory** and then select **Identity Governance**.
@@ -50,6 +51,7 @@ Use the following steps to run a workflow on-demand.
 
      :::image type="content" source="media/on-demand-workflow/on-demand-run.png" alt-text="Screenshot of a workflow being run on-demand.":::
 
+
 ## Run a workflow on-demand using Microsoft Graph
 
 To run a workflow on-demand using API via Microsoft Graph, see: [workflow: activate (run a workflow on-demand)](/graph/api/identitygovernance-workflow-activate).

articles/active-directory/governance/understanding-lifecycle-workflows.md

@@ -23,14 +23,31 @@ The following document provides an overview of a workflow created using Lifecycl
 
 [!INCLUDE [Azure AD Premium P2 license](../../../includes/lifecycle-workflows-license.md)]
 
-## Permissions
+## Permissions and Roles
 
-The following permissions are required for Lifecycle Workflows:
+For a full list of supported delegate and application permissions required to use Lifecycle Workflows, see: [Lifecycle workflows permissions](/graph/permissions-reference#lifecycle-workflows-permissions).
 
-|Parameter  |Display String  |Description  |Admin Consent Required  |
-|---------|---------|---------|---------|
-|LifecycleWorkflows.Read.All     | Read all lifecycle workflows and tasks.| Allows the app to list and read all workflows and tasks related to lifecycle workflows on behalf of the signed-in user.| Yes
-|LifecycleWorkflows.ReadWrite.All     | Read and write all lifecycle workflows and tasks.| Allows the app to create, update, list, read and delete all workflows and tasks related to lifecycle workflows on behalf of the signed-in user.| Yes
+For delegated scenarios, the admin needs one of the following [Azure AD roles](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles):
+
+- Global administrator
+- Global reader
+- Lifecycle workflows administrator
+
+## Restrictions
+
+
+|Column1  |Limit  |
+|---------|---------|
+|Number of Workflows     |   50 per tenant      |
+|Number of Tasks     |  25 per workflow       |
+|Number of Custom Task Extensions     |  100 per tenant       |
+|offsetInDays range of triggerAndScopeBasedConditions executionConditions     |  60 days       |
+|Workflow schedule interval in hours     |   1-24 hours      |
+|Number of users per on-demand selection	     |  10       |
+|durationBeforeTimeout range of custom task extensions     |   5 minutes-3 hours      |
+
+> [!NOTE]
+> If creating, or updating, a workflow via API the offsetInDays range will be between -60-60 days. The negative value will signal happening before the timeBasedAttribute, while the positive value will signal happening afterwards.
 
 ## Parts of a workflow