New version of the AzureAD PowerShell (Preview) module released, brings support for Groups lifecycle policies

Posted on Vasil Michev

In case you missed it, a new version of the AzureADPreview PowerShell module has been released yesterday, namely version 2.0.0.137. This new version brings support for controlling Office 365 Groups lifecycle policies, by means of the following cmdlets:

Add-AzureADMSLifecyclePolicyGroup
Get-AzureADMSGroupLifecyclePolicy
Get-AzureADMSLifecyclePolicyGroup
New-AzureADMSGroupLifecyclePolicy
Remove-AzureADMSGroupLifecyclePolicy
Remove-AzureADMSLifecyclePolicyGroup
Reset-AzureADMSLifeCycleGroup
Set-AzureADMSGroupLifecyclePolicy

The cmdlets help is still not available online, but you can use Get-Help to check the syntax and examples. Overall, the cmdlets are easy to use, though unfortunately they too suffer from the now all familiar ObjectID dependence.

In order to create a new policy, you can use the New-AzureADMSGroupLifecyclePolicy cmdlet. Only a single policy is supported in the tenant and when creating it you need to decide whether it applies to All Groups, or Selected ones. You also need to specify the lifetime duration for a Group, for example 10 years, as well as the contact that will be receiving the notifications in addition to any Group owners. Here’s an example:

New-AzureADMSGroupLifecyclePolicy -GroupLifetimeInDays 3650 -ManagedGroupTypes Selected -AlternateNotificationEmails: user@domain.com

Id                                   GroupLifetimeInDays ManagedGroupTypes AlternateNotificationEmails
--                                   ------------------- ----------------- ---------------------------
97763682-e547-4c4a-8d03-25d9d5f777a6                3650 Selected          user@domain.com

Once the policy is created, you can assign it to specific Groups via the Add-AzureADMSLifecyclePolicyGroup cmdlet:

Add-AzureADMSLifecyclePolicyGroup -GroupId (Get-AzureADMSGroup -SearchString default).Id -Id (Get-AzureADMSGroupLifecyclePolicy).ID
True

To check what policy, if any, is assigned to a Group, use the Get-AzureADMSLifecyclePolicyGroup cmdlet:

Get-AzureADMSLifecyclePolicyGroup -Id (Get-AzureADMSGroup -SearchString default).Id | fl

Id                          : 97763682-e547-4c4a-8d03-25d9d5f777a6
GroupLifetimeInDays         : 3650
ManagedGroupTypes           : Selected
AlternateNotificationEmails : user@domain.com

If you want to learn more about the Groups lifecycle policy, including how to set it up via the Azure portal, check out Tony’s article here: https://www.petri.com/group-expiration-policy-preview

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.