Merge pull request #10438 from MicrosoftDocs/main

Auto Publish – main to live - 2025-11-10 23:00 UTC

Author: learn-build-service-prod[bot]

docs/id-governance/TOC.yml

@@ -401,7 +401,7 @@
           href: customize-workflow-email.md
         - name: Check the status of a workflow
           href: check-status-workflow.md
-        - name: Reprocess workflows (Preview)
+        - name: Reprocess workflows
           href: reprocess-workflow.md    
         - name: Download workflow history reports
           href: download-workflow-history.md
@@ -416,7 +416,9 @@
         - name: Manage synced AD DS users
           href: manage-workflow-on-premises.md                
         - name: Check Workflow Insights
-          href: manage-workflow-insights.md             
+          href: manage-workflow-insights.md
+        - name: Workflow Sensitivity Labels
+          href: workflow-sensitivity-labels.md               
       - name: Delete
         items: 
         - name: Delete a Lifecycle workflow

docs/id-governance/media/workflow-sensitivity-labels/group-sensitivity-labels.png

@@ -1,5 +1,5 @@
 ---
-title: Reprocess workflow runs using Lifecycle Workflows (Preview)
+title: Reprocess workflow runs using Lifecycle Workflows
 description: This article guides a user on reprocessing workflow runs using Lifecycle Workflows
 author: owinfreyATL
 ms.author: owinfrey
@@ -12,7 +12,7 @@ ms.date: 09/06/2025
 #CustomerIntent: As a Lifecycle Workflow Administrator, I want to reprocess workflow runs so that I can quickly re-run workflows that may have failed.
 ---
 
-# Reprocess workflow runs using Lifecycle Workflows (Preview)
+# Reprocess workflow runs using Lifecycle Workflows
 
 Reprocessing workflows is a feature that allows workflows created using lifecycle workflows to be run again to ensure workflows operate as intended. This is useful when dealing with runs that failed for some reason. This article provides step-by-step instructions for reprocessing workflows using the Microsoft Entra admin center, enabling you to quickly and efficiently manage workflow runs for users or specific runs.
 

docs/id-governance/reprocess-workflow.md

@@ -0,0 +1,50 @@
+---
+title: Sensitivity Labels in Lifecycle Workflows
+description: This article describes sensitivity labels in Workflows, and how to see them during the task creation process.
+author: owinfreyATL
+ms.author: owinfrey
+ms.service: entra-id-governance
+ms.subservice: lifecycle-workflows
+ms.topic: how-to #Required; leave this attribute/value as-is
+ms.date: 11/04/2025
+
+#CustomerIntent: As an identity governance administrator, I want to view sensitivity labels of groups so that I can maintain security of groups within my environment.
+---
+
+# Sensitivity labels in Lifecycle Workflows
+
+Maintaining and classifying secure data within your environment is an important part in maintaining a secure environment. Sensitivity labels from Microsoft Purview Information Protection let you classify and protect your organization's data, while making sure that user productivity and their ability to collaborate isn't hindered. With sensitivity labels in Lifecycle Workflows, administrators are able to quickly view the sensitivity labels of groups during creation, and editing, of workflow tasks. 
+
+## License requirements
+
+[!INCLUDE [Microsoft Entra ID Governance license](~/includes/entra-entra-governance-license.md)]
+
+## Prerequisites
+
+Along with Microsoft Entra licenses required for Lifecycle workflows, you must also have:
+
+- [A created sensitivity label](/purview/create-sensitivity-labels?tabs=classic-label-scheme#create-and-configure-sensitivity-labels)
+- [A sensitivity applied to the group you want to use within a Lifecycle workflow task](/purview/sensitivity-labels-teams-groups-sites#using-sensitivity-labels-for-microsoft-teams-microsoft-365-groups-and-sharepoint-sites)
+
+## View the sensitivity label of a group used in a workflow task
+
+Sensitivity labels of groups can be viewed when using groups as a scope for workflows, and via specific group workflow tasks. To view the sensitivity labels of groups using Lifecycle workflows, do the following steps:
+
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Lifecycle Workflows Administrator](../identity/role-based-access-control/permissions-reference.md#lifecycle-workflows-administrator).
+
+1. Browse to **ID Governance** > **Lifecycle workflows** > **Create a workflow**.
+
+1. On the **Choose a workflow** page, select the workflow template that you want to use.
+
+1. Add Basic information, trigger, and scope.
+
+1. If group scope is chosen, when the **+Select group** option is picked you're able to see the sensitivity labels of each group.
+    :::image type="content" source="media/workflow-sensitivity-labels/group-sensitivity-labels.png" alt-text="Screenshot of workflow sensitivity label." lightbox="media/workflow-sensitivity-labels/group-sensitivity-labels.png":::
+1. If not using a group scope you're also able to see the sensitivity label of groups by selecting a group task, and then adding a group to the task.
+
+
+
+## Related content
+
+- [Lifecycle Workflow built-in tasks](lifecycle-workflow-tasks.md)
+

docs/id-governance/workflow-sensitivity-labels.md

@@ -35,10 +35,13 @@ There are different roles, permissions, and license requirements to view health
 - The `Group.Read.All` permission is the least privileged permission required to *view groups*.
 - The `HealthMonitoringAlert.Read.All` permission is required to *view the alerts using the Microsoft Graph API*.
 - The `HealthMonitoringAlert.ReadWrite.All` permission is required to *view and modify the alerts using the Microsoft Graph API*.
+- The `HealthMonitoringAlertConfig.Read.All` permission is required to *view the configured email notification using Microsoft Graph /reports/healthmonitoring/alertConfigurations/{alertType} API* or to *view the configured webhook notification using Microsoft Graph /subscriptions API*.
+- The `HealthMonitoringAlertConfig.ReadWrite.All` permission is required to *view and modify email notification using Microsoft Graph /reports/healthmonitoring/alertConfigurations/{alertType} API* or to *view and modify the configured webhook notification using Microsoft Graph /subscriptions API*.
 - For a full list of roles, see [Least privileged role by task](../role-based-access-control/delegate-by-task.md#monitoring-and-health---audit-and-sign-in-logs-least-privileged-roles).
 
 > [!NOTE]
-> Newly onboarded tenants might not have enough data to generate alerts for about 30 days.
+> * Newly onboarded tenants might not have enough data to generate alerts for about 30 days. <br>
+> * If you see error due to missing required Microsoft Graph permissions, to get more information about Micorosft Graph permisisons, see [Microsoft graph permissions](/graph/permissions-overview).
 
 ## Determine email notification recipients
 
@@ -145,6 +148,9 @@ Microsoft Graph change notifications allow your application to receive real-time
 
 To start receiving notifications, your application sends a `POST` request to the /`subscriptions` endpoint to subscribe to a specific resource, in this case, health monitoring alerts. Microsoft Graph then validates the request and confirms the subscription. Once the subscription is active, Microsoft Graph sends a notification to your designated endpoint whenever the subscribed resource is created. For more information, see [Microsoft Graph change notifications](/graph/change-notifications-overview).
 
+> [!NOTE]
+> If you see error due to missing required Microsoft Graph permissions, to get more information about Micorosft Graph permisisons, see [Microsoft graph permissions](/graph/permissions-overview).
+
 After receiving a notification, you should investigate the alert either through the Microsoft Entra admin center or through the Microsoft Graph API. If you need to assess the alert's impact, we recommend either polling or introducing a short delay before calling the health monitoring alert API for impact assessment data to be available. For more information, see [How to investigate health scenario alerts](howto-investigate-health-scenario-alerts.md).
 
 The following example shows a basic request to subscribe to changes to Health Monitoring alert changes.
@@ -171,4 +177,4 @@ If you want to subscribe to notifications for only one specific alert type, amen
 ## Related content
 
 - [Set up notifications for changes in resource data](/graph/change-notifications-overview)
-- [Configure email notifications for alerts](/graph/api/healthmonitoring-alertconfiguration-update?view=graph-rest-beta&preserve-view=true)
+- [Configure email notifications for alerts](/graph/api/healthmonitoring-alertconfiguration-update?view=graph-rest-beta&preserve-view=true)