Expiring Teams Now Available in Office 365
Office 365 Groups Gently Age, Then Disappear
The Azure Active Directory expiration policy for Office 365 Groups (to give it its full name) is now generally available. The idea is simple. Tenants decide on how long they are happy for a new group to be active before needing to be renewed (the lifecycle period – say, two years). They then figure out whether all or selected groups should come within the scope of the policy.
With an expiration policy in place, once a group within its scope ages to 30 days before their lifecycle period lapses, their owners receive notifications via email to tell them to renew the group. If an owner renews the group, its lifecycle is extended by a further period. If not, Office 365 soft-deletes the group when it expires. Owners can still rescue a soft-deleted group at any time during the next 30 days, but after that deletion is permanent.
Some Extra Cost
Before you all get excited at the prospect of using the expiration policy to impose order on a swelling number of groups, you should remember that this is a premium Azure Active Directory feature. Unlike some other features in this category (for instance, the groups naming policy), I think Microsoft can reasonably charge extra for the expiration policy because it helps tenants by automating an aspect of management.
Passwords Haven’t Disappeared Yet
123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?
BTW, I liked the way that the Teams release notes say that “this feature is for AAD premium members only.” I have always considered myself to be a premium AAD member!
Teams Joins the Renewal Party
Because Teams is based on Office 365 Groups, it is influenced by an expiration policy (by comparison, Yammer groups based on Office 365 Groups are not). For instance, if a team owner fails to check their inbox, they might overlook the emailed notifications that the group used by a team is about to expire and only realize that a problem exists when Office 365 soft-deletes the group.
To avoid this possibility, Teams now surfaces the expiry information in team settings. Open a team that you own and select Manage team and then Settings. At the bottom, you will see a new section called Team Expiry (only visible if the tenant uses an expiration policy and the team comes within scope of the policy). As Figure 1 shows, you can see when the team expires and can easily renew the team.
In addition, when a team is within a month of expiring, Teams displays a warning triangle alongside the team name in the navigation pane (the warning only appears to team owners). If you hover over the triangle, you see a warning about the date when the team will expire (Figure 2), and a new “Renew team” choice appears in the ellipsis menu.
Teams is unique in that OWA and Outlook do not reveal details of when a group is going to expire. Of course, if you use OWA and Outlook, you’ll read those notifications as they arrive into your inbox and can renew groups that way.
Warning – Invisible Renewals
Apart from the potential problem resulting from team owners not reading and actioning renewal notifications, I have also pointed to the fact that tenant administrators don’t have any visibility over expiring teams. That can be an issue if a team owner is away on vacation when an important team expires and no one notices until Office 365 soft-deletes the team and removes it from user view.
Have a look at the article describing how to use some PowerShell to find groups/teams that are coming up for renewal. It’s one way to solve the problem, and an approach that I think can be developed in different ways to meet specific requirements in organizations.
Lots More is Possible
Like any PowerShell script, you can take this code and do your own thing to suit working habits and needs within your organization. For example, you could create a report for each department and send reminders to department managers when their groups come up for renewal.
If you have a busy tenant that uses Teams and Office 365 Groups heavily, you probably have a few groups that need to be cleared out. An expiration policy allows you to automate the process. Or, if you don’t want to pay for premium Azure Active Directory licenses, you can find obsolete groups with PowerShell and either remove or archive the groups. The world’s your oyster.
Follow Tony on Twitter @12Knocksinna.
Want to know more about how to manage Office 365? Find what you need to know in “Office 365 for IT Pros”, the most comprehensive eBook covering all aspects of Office 365. Available in PDF and EPUB formats (suitable for iBooks) or for Amazon Kindle