In case you missed it, a new version of the AzureADPreview PowerShell module has been released yesterday, namely version 2.0.0.137. This new version brings support for controlling Office 365 Groups lifecycle policies, by means of the following cmdlets:
Add-AzureADMSLifecyclePolicyGroup
Get-AzureADMSGroupLifecyclePolicy
Get-AzureADMSLifecyclePolicyGroup
New-AzureADMSGroupLifecyclePolicy
Remove-AzureADMSGroupLifecyclePolicy
Remove-AzureADMSLifecyclePolicyGroup
Reset-AzureADMSLifeCycleGroup
Set-AzureADMSGroupLifecyclePolicy
The cmdlets help is still not available online, but you can use Get-Help to check the syntax and examples. Overall, the cmdlets are easy to use, though unfortunately they too suffer from the now all familiar ObjectID dependence.
In order to create a new policy, you can use the New-AzureADMSGroupLifecyclePolicy cmdlet. Only a single policy is supported in the tenant and when creating it you need to decide whether it applies to All Groups, or Selected ones. You also need to specify the lifetime duration for a Group, for example 10 years, as well as the contact that will be receiving the notifications in addition to any Group owners. Here’s an example:
New-AzureADMSGroupLifecyclePolicy -GroupLifetimeInDays 3650 -ManagedGroupTypes Selected -AlternateNotificationEmails: user@domain.com Id GroupLifetimeInDays ManagedGroupTypes AlternateNotificationEmails -- ------------------- ----------------- --------------------------- 97763682-e547-4c4a-8d03-25d9d5f777a6 3650 Selected user@domain.com
Once the policy is created, you can assign it to specific Groups via the Add-AzureADMSLifecyclePolicyGroup cmdlet:
Add-AzureADMSLifecyclePolicyGroup -GroupId (Get-AzureADMSGroup -SearchString default).Id -Id (Get-AzureADMSGroupLifecyclePolicy).ID True
To check what policy, if any, is assigned to a Group, use the Get-AzureADMSLifecyclePolicyGroup cmdlet:
Get-AzureADMSLifecyclePolicyGroup -Id (Get-AzureADMSGroup -SearchString default).Id | fl Id : 97763682-e547-4c4a-8d03-25d9d5f777a6 GroupLifetimeInDays : 3650 ManagedGroupTypes : Selected AlternateNotificationEmails : user@domain.com
If you want to learn more about the Groups lifecycle policy, including how to set it up via the Azure portal, check out Tony’s article here: https://www.petri.com/group-expiration-policy-preview