Microsoft Ignite is right around the corner (3/2/2021 – 3/4/2021) and it is a virtual conference again this year. Head over to MyIgnite to get your sessions lined up ASAP as many of the sessions have limited “seating” available. As was the case last year there is no cost associated with attending so there is no reason to site this one out.
In this month’s post we are focusing a lot on the “big 3” of modern collaboration in Microsoft 365: Teams, SharePoint, and OneDrive. We do highlight a welcome update coming to Planner as well and a note about Outlook, but even that is related to SharePoint and OneDrive. What is really piquing our interest this month though is finding out what big news comes out of Ignite😉.
After skipping our January post, we are back in action…welcome to 2021 all. It is an exciting and busy holiday season for our team as Interactive Business Systems was acquired by The Planet Group and we are now part of the Planet Technology team. We are truly looking forward to growing with the Planet Technology team.
Back to the business at hand…In this edition of What’s New we cover a few Teams announcements, a huge SharePoint enhancement (at least in our opinion) and a PowerPoint feature worth checking out. That is right, we are covering a PowerPoint feature which is likely surprising to anyone that really knows our team as our disdain for PowerPoint is probably very visible. However, this PowerPoint feature makes a ton of sense as it relates to a topic near and dear to my heart, coaching😉.
Interactive Business Systems is now Planet Technology. Looking for a new job? We work with some of the biggest names in tech, and we’re hiring! Check out our open jobs and make your next career move with Planet.
Overview
Recently we were asked by a client to create a solution to automate the removal of Teams Groups in their environment that are inactive for longer than two years. Microsoft Admin Tools in conjunction with PowerShell cmdlets like Get-Team allow us to easily apply a Microsoft 365 Group Expiration Policy to each Team programmatically. This seemed to represent an ideal solution for our client, however its implementation was eventually canceled due to challenges caused by its limited viability and testability for several crucial business use cases.
This post covers our solution for the automated application of Group Expiration Policies to Teams Groups in a Microsoft 365 Environment, as well as the limitations of the current implementation and documentation of Group Expiration Policies for several crucial business use cases.
Solution
We will briefly outline our customizable solution as well as the solution requirements to explain the business use case limitations of the current Expiration Policy implementation.
To better relate its use case limitations, we will briefly outline the key features of the MS 365 Group Expiration Policy. The complete documentation for the configuration of Expiration Policies is found here.
What does the Expiration Policy do?
You can manage the lifecycle of Microsoft 365 groups with an Expiration Policy. According to Microsoft’s documentation (as of 1/13/2021):
‘Once you set a group to expire:
Groups with user activities are automatically renewed as the expiration nears.
Owners of the group are notified to renew the group, if the group is not auto-renewed.
Any group that is not renewed is deleted.
Any Microsoft 365 group that is deleted can be restored within 30 days by the group owners or the administrator.’
After some brief research and the discovery of some exceptionally helpful resources we were able to craft a solution which followed these basic steps:
Create a Group Expiration Policy in the Azure Active Directory Admin Center
Group Expiration Policies will automatically delete Microsoft 365 Groups which are inactive for longer than the set Group lifetime (in days). After navigating to the proper location in the Azure Active Directory Admin Center -> Groups tab, we created the Group Expiration Policy for this tenant.
To suit our requirements, we set Group Life to 730 days.
We set the ‘Enable expiration…’ toggle to Selected, as we only wanted to add Microsoft 365 Groups which are associated with Microsoft Teams. The initial ‘Selected’ list was empty. After we added our Teams Groups with PowerShell in the next step they appeared in this list and could the managed from this interface.
Apply Group Expiration Policy to Teams Groups using PowerShell
After retrieving a collection of Teams Groups with the Get-Team cmdlet, along with a reference to the Expiration Policy we just set, we were able to apply the Expiration Policy to whichever Teams we choose.
Using Get-Team to retrieve a collection of all Teams Groups:
Retrieving the Expiration Policy Id from the Azure AD:
Applying the expiration Policy:
Limitations of the Current Group Expiration Policy Implementation
We have shown that we could easily apply a Group Expiration Policy to whichever Microsoft 365 Groups we wished. The Microsoft 365 Admin tools also provided us with usage reports, which gave us an idea of which groups would be immediately be flagged by the Expiration Policy for deletion upon application. This solution would have been a great fit for our client if we did not run into serious limitations of the Expiration Policy implementation and documentation once we reached the testing phase of our project.
Renewal Notification Email Use Case
Once a group has neared it’s it’s expiration date due to inactivity, a renewal email is sent out to the group owner at 30, 15, and 1 day(s) priror to the expiration of the group, allowing them to manually renew the group.
If the owner, willfully or not, ignores the renewal emails, the group reaches its expiration date and is deleted.
A rightfully curious owner receiving the renewal email, who, by our explicit definition, has not been active in the group for nearly two years, may decide to view what content is associated with the group to evaluate whether it should be renewed. Regarding Teams Groups, according to the Expiration Policy documentation as of 1/13/2021, the act of investigating content in this way will automatically renew the group.
If an owner has investigated their group in this manner and has decided that the group should indeed be deleted due to inactivity, the ‘Group Lifecyle’ date has already been extended 730 days, meaning deletion of the inactive Microsoft 365 group will have to be done by other means. This did not suit the needs of our client.
It is possible that once a notification email is sent out for group inactivity, activity-based renewal is halted until receiving manual renewal confirmation. There is no reference to this use case in the official documentation or Microsoft 365 developer ecosphere, so it was impossible for our team to verify this assumption without explicitly testing the expiration of a group.
Uncertain of the usability of Group Expiration Policies, and with no clear path to test our assumptions about these use cases, progress on our implementation ceased.
Summary
The existing technology supporting a feature like Group Expiration Policies is extremely developer friendly and powerful. The interaction with the various Microsoft 365 groups and policies in PowerShell is seamless and intuitive. However, documentation of the Group Expiration Policy feature itself is somewhat wanting and the Group renewal activity triggers are perplexing to say the least.
