How to Set Up Microsoft 365 Group Expiration Policy
The need for the creation of Microsoft 365 groups increases day by day concerning newer projects and collaborations. But are we removing these groups when they’ve served their purpose? The answer often remains uncertain 🙃. Fortunately, the Microsoft 365 Group Expiration Policy steps in as the solution, allowing administrators to set predefined active days for automatic group deletion.
The group expiration policy reduces clutter and enhances visibility, especially when managing groups efficiently. It also helps to avoid security risks through unauthorized access to the groups.
In this guide, we’ll dive deep into the group expiration policy, its configuration, its limitations, how to renew an expired M365 group, etc.
Similar to guest user expiration in SharePoint Online, group expiration policy is a feature designed to help organizations manage their Microsoft 365 groups effectively. It automates the process of deleting groups that are no longer in use and ensuring that groups remain relevant to the organization’s evolving needs.
Note: When a Microsoft 365 group is expired due to expiration policy, it will get “soft deleted”. A soft deleted group can be recovered for up to 30 days from the date of deletion.
The policy-applied groups will be automatically renewed 35 days before the group expires if anyone one of the following actions is carried out within it. Services that are affected by the Microsoft 365 group expiration policy are:
- SharePoint File Manipulation: Viewing, editing, downloading, uploading, and sharing files within the SharePoint group stops the group’s expiration. However, viewing a SharePoint page can’t be taken for automatic renewal of the group.
- Group mail activities in Outlook: Activities related to group emails in Outlook, such as reading, writing, reacting, etc., are taken into account for group renewal.
- Microsoft Teams activity: Visiting a Teams channel in a team that is associated with the group that has an expiration policy renews the group automatically. In addition to this, the Microsoft Teams expiration and renewal stimulates the renewal of Microsoft 365 group expiration.
- Interaction with Viva Engage: Viewing a post within a Viva Engage community (Yammer) stops the group from expiring and leads the group to automatic renewal.
- Activities with Microsoft 365 Forms: Viewing, creating, editing, or submitting a Microsoft 365 Form associated with a group exempts it from expirations and ensures automatic renewal.
Note: Groups do not renew instantly when auto-renewing activities happen. Instead, a flag is set on the group to show that it’s prepared for renewal as it approaches its expiration. The renewal will happen within 24 hours if the group is near to expiry.
Microsoft Entra ID P1 or P2 licenses are required for configuring the M365 group expiration policy. However, it is not necessary to assign those licenses to all the users of the group to which the policy is going to be applied.
- Global administrator, Group administrator, or User administrator can configure, update, delete, or renew the Microsoft 365 group expiration policy settings.
- Group owners can read, renew, and restore the group expiration policy for groups they own.
It’s crucial to note that the Microsoft 365 group expiration policy is disabled by default. Admins must enable it for their organization if they intend to utilize this feature. To configure the expiration policy for groups, first, login to the Microsoft 365 Entra admin center using the global or user administrator.
1. Navigate to Identity → Groups → All groups.
2. Select the ‘Expiration’ tab.
3. Select the group lifetime (180 or 365) from the ‘Group lifetime (in days)’ drop-down. If you want to select custom lifetime, select the ‘Custom’ option and type the days.
Note: Your custom lifetime period must be greater than or equal to 30 days.
4. Enter an email in the ‘Email contact for groups with no owners’ textbox to send renewal/expiration notifications for orphaned groups (Ownerless groups).
5. Select any one of the options below from the ‘Enable expiration for these Microsoft 365 groups’ option with respect to your need.
- All – Select this option, if you want to apply the group expiration policy for all groups.
- Selected – Select this option, if you want to apply the group expiration policy for a selected list of groups.
- Select the ‘Add’ button and select the required users, then click on the ‘Select’ button.
6. Click on the ‘Save’ button to save the configured group expiration policy.
The groups having the expiration policy will begin to delete after the specified lifetime (from the date of creation) if no actions are performed in it. However, if there’s a need to keep a group that’s approaching its expiration, admins or owners can renew it for another expiration interval using the group expiry notification.
Prior to 30 days, 15 days, and 1 day for the expiration of the group an email will be sent to the owner or provided email id for orphaned groups. Expiration notifications for groups having Teams are also visible in the Teams Owners feed. Group owners must have Exchange licenses to receive notifications via Outlook emails.
Group owners can easily access the group details page from the group renewal notification email. On that page, they can find comprehensive information about the group, including its description, renewal, and expiration dates, and the option to initiate the group’s renewal.
Click on the ‘Renew Group’ option and select ‘Yes’ for the confirmation of the group renewal. After the successful renewal of the group, the expiration will be skipped to the next interval.
What happens when a Microsoft 365 group expires? The group will be soft deleted one day after its expiration date, and an email will be sent to the group owner or the relevant person. The email states that the group will be permanently deleted within 30 days from the current date (email sent date).
Group Owners can restore the group using the ‘Restore Group’ option within the restoration notification email.
Note: The restoration process may take up to 24 hours depending upon the types of contents and files present in the group.
When an M365 group is deleted due to the expiration policy, its data from the SPO Sites, Teams, Planner, EXO mailbox, and more will be permanently erased. However, if the group mailbox is on legal hold, the mailbox will not be deleted from the group, it can be retained. Admins can utilize the Exchange Online PowerShell module to restore such group mailbox data.
In addition to this, if a group with a retention policy expires and is deleted, the conversations with the group mailbox and files in the SPO site can be retained from the retention container. This retention process must be done within a specified number of days as defined in the retention policy. Although group users can’t see the contents after the expiration, they can recover the site and mailbox data via e-discovery.
Note: If you have a group that you no longer intend to use but wish to preserve its content, consider archiving the group and exporting its contents.
To remove the group expiration policy in Entra ID, follow the below steps
- Navigate to Entra admin portal → Identity → Groups → All groups.
- Select the ‘Expiration’ tab.
- Select ‘None’ from the ‘Enable expiration for these Microsoft 365 groups’ option and select ‘Save’.
Admins need to connect to the Microsoft Graph PowerShell module to configure the group expiration policies through the PowerShell.
Note: You can also configure this by connecting to the Azure AD PowerShell module. But it is under deprecation, so we are going forward with Mg Graph PowerShell.
To create a group expiration policy for all groups using the PowerShell execute the below graph PowerShell cmdlet.
New-MgGroupLifecyclePolicy -ManagedGroupTypes All -GroupLifetimeInDays 180 –AlternateNotificationEmails [email protected]
Here, replace the email address “[email protected]” with the appropriate email address to which the renewal notifications must be sent for the orphaned groups. Also, replace the “180” with the required total lifetime for the group.
You can also use the ”Update-MgGroupLifecyclePolicy” cmdlet to update the expiry lifetime of the group.
Update-MgGroupLifecyclePolicy -GroupLifecyclePolicyId <GroupExpirationPolicyID> -GroupLifetimeInDays 360 -AlternateNotificationEmails [email protected]
To create the group expiration policy for selected groups, execute the following cmdlet.
New-MgGroupLifecyclePolicy -ManagedGroupTypes Selected -GroupLifetimeInDays 180 -AlternateNotificationEmails [email protected]
To add a specific group to the expiration policy, execute the following cmdlet with the appropriate expiration policy ID and with the group ID
Add-MgGroupToLifecyclePolicy -GroupLifecyclePolicyId <GroupExpirationPolicyID> -GroupId <GroupID>
Similarly, to delete the configured group expiration policy, use the following cmdlet.
Remove-MgGroupLifecyclePolicy -GroupLifecyclePolicyId <GroupExpirationPolicyID>
While the group expiration policy is a powerful tool, it has some limitations to consider:
- Limited customization: The policy provides only basic settings for expiration. Organizations with more complex needs may find it lacking. For example, it is impossible to create two or more group expiration policies in a M365 tenant.
- Deletion of groups and content: If a group is not renewed, it will be deleted along with its associated content from sources such as Outlook, SharePoint, Teams, and Power BI.
- No recovery option: Once a group is permanently deleted, it cannot be recovered.
- Limited group selection: When you want to configure the expiration policy only for selected groups, you can’t add more than 500 groups to the list.
- Does not match with licensed groups: The Microsoft 365 licensed groups do not expire with this policy, because it is active with the licenses.
- Problem with email: If an incorrect email is configured within the policy settings, the reliability of renewal notifications for orphaned groups becomes questionable.
While our exploration of the Microsoft 365 group expiration policy has been enlightening, it’s time to enhance your admin monitoring capabilities. Microsoft 365 group monitoring is crucial for real-time insights into collaboration, security, and resource allocation, making it crucial for effective management. AdminDroid – the comprehensive reporting and auditing solution, is here to redefine your M365 management experience.
AdminDroid’s free Microsoft 365 group reporting offers a broad spectrum of insights into your organization’s groups. The categorization of group-related reports simplifies the identification and analysis of every group’s detail with just a click. The group reports covered by AdminDroid include:
- M365 groups and membership summary
- Details on empty and recently deleted groups
- List of security groups and details on nested groups
- Distribution group details and their members
- M365 cloud groups and on-premises synced groups
- M365 group details based on member counts
Beyond group insights, the AdminDroid Azure AD reports provide free insights into Microsoft 365 users, user passwords, external users, and licenses.
As a vigilant guardian, the AdminDroid’s free Microsoft 365 auditing tool empowers administrators to stay ahead of evolving group dynamics. This auditing feature enables admins to enhance security by closely monitoring changes in user profiles, logins, passwords, groups, and administrative roles.
Moreover, the AdminDroid Azure AD management tool offers lifetime free access to 120+ reports for both MS Entra auditing and reporting.
Why AdminDroid excels in Microsoft 365 reporting?
In addition to the above features, the AdminDroid Microsoft 365 reporting tool stands out for the following reasons:
✔ Rich reports with advanced AI graphics and extensive customization options.
✔ Reports covering all M365 services, including Teams, SharePoint, Outlook and more.
✔ An impressive collection of 1800+ reports and 30+ dashboards.
✔ Effortless Microsoft alerting, compliance auditing, and seamless delegation to reporting.
✔ Premium edition for free for 15 days.
What more could you ask for? Download AdminDroid today and effortlessly monitor your Microsoft 365 environment!
In conclusion, the Microsoft 365 group expiration policy is a valuable tool for organizations looking to streamline the M365 group management. By automating the process of deleting unused groups, you can optimize resources, and maintain a more efficient digital workspace. Don’t hesitate to leave your valuable thoughts and queries in the comments section, we are always happy to help you.