Configuring Microsoft 365 Group Expiration Policy using Graph PowerShell

Managing the lifecycle of Microsoft 365 Groups is essential for maintaining an organized and efficient collaboration environment. One critical aspect of this management is configuring expiration policies to ensure that inactive groups are periodically reviewed and renewed or deleted as needed. In this article we will cover how to configure Microsoft 365 Group expiration policies using Microsoft Graph PowerShell including a detailed script explanation, enhancements and conclusions.


Prerequisites

  • Install the Microsoft Graph PowerShell module by running Install-Module -Name Microsoft.Graph -Scope CurrentUser.
  • Connect to Microsoft Graph with the necessary permissions:
    Connect-MgGraph -Scopes "Group.ReadWrite.All"

Script to Retrieve and Manage Microsoft 365 Groups Expiration Policies

# Connect to Microsoft Graph
Connect-MgGraph -Scopes "Group.ReadWrite.All"

# Function to retrieve the current group expiration policy
function Get-GroupExpirationPolicy {
    try {
        $policy = Get-MgGroupLifecyclePolicy -All
        if ($policy) {
            Write-Host "Current Group Expiration Policy:"
            $policy | Format-Table -Property Id GroupLifetimeInDays ManagedGroupTypes AlternateNotificationEmails
        } else {
            Write-Host "No group expiration policy found."
        }
    } catch {
        Write-Error "Failed to retrieve the group expiration policy. Error: $_"
    }
}

# Function to create or update group expiration policy
function Set-GroupExpirationPolicy {
    param (
        [int]$GroupLifetimeInDays = 180
        [string]$ManagedGroupTypes = "All"
        [string]$AlternateNotificationEmails = ""
    )

    try {
        $policy = Get-MgGroupLifecyclePolicy -All
        if ($policy) {
            # Update the existing policy
            $policyId = $policy.Id
            $params = @{
                GroupLifetimeInDays = $GroupLifetimeInDays
                ManagedGroupTypes = $ManagedGroupTypes
                AlternateNotificationEmails = $AlternateNotificationEmails
            }
            Update-MgGroupLifecyclePolicy -GroupLifecyclePolicyId $policyId -BodyParameter $params
            Write-Host "Group expiration policy updated successfully."
        } else {
            # Create a new policy
            New-MgGroupLifecyclePolicy -GroupLifetimeInDays $GroupLifetimeInDays -ManagedGroupTypes $ManagedGroupTypes -AlternateNotificationEmails $AlternateNotificationEmails
            Write-Host "Group expiration policy created successfully."
        }
    } catch {
        Write-Error "Failed to set the group expiration policy. Error: $_"
    }
}

# Retrieve the current group expiration policy
Get-GroupExpirationPolicy

# Set or update the group expiration policy
Set-GroupExpirationPolicy -GroupLifetimeInDays 365 -ManagedGroupTypes "All" -AlternateNotificationEmails "admin@yourdomain.com"

# Retrieve the updated group expiration policy
Get-GroupExpirationPolicy

# Disconnect from Microsoft Graph
Disconnect-MgGraph

Script Explanation

Connect to Microsoft Graph: Establish a connection to Microsoft Graph with the required permissions using Connect-MgGraph -Scopes "Group.ReadWrite.All".

Get-GroupExpirationPolicy Function:

  • This function retrieves and displays the current group expiration policy.
  • It uses Get-MgGroupLifecyclePolicy -All to fetch all policies and formats the output to show the policy details.

Set-GroupExpirationPolicy Function:

  • This function either updates an existing group expiration policy or creates a new one.
  • It accepts parameters for the group lifetime in days managed group types and alternate notification emails.
  • It checks if a policy exists. If it does it updates the policy using Update-MgGroupLifecyclePolicy. If not it creates a new policy using New-MgGroupLifecyclePolicy.

Retrieve and Set Policies:

  • The script demonstrates retrieving the current policy setting a new policy with specified parameters and retrieving the updated policy to verify changes.

Disconnect from Microsoft Graph: Ends the session with Microsoft Graph using Disconnect-MgGraph.


Measures for Further Enhancing the Script

  • Error Handling Enhancements: Implement more granular error handling to provide specific error messages for different failure scenarios.
  • Logging: Add logging capabilities to track changes and actions performed by the script for auditing purposes.
  • Parameter Validation: Add validation for input parameters to ensure they meet the required formats and constraints.
  • Interactive Mode: Allow the script to run in interactive mode prompting users for input values for the expiration policy parameters.
  • Email Notifications: Enhance the script to send email notifications to administrators or group owners when policies are updated or created.

Conclusion

Configuring Microsoft 365 Group expiration policies using Microsoft Graph PowerShell is a powerful way to automate the management of group lifecycles. By implementing and customizing the provided script administrators can ensure that inactive groups are periodically reviewed helping to maintain an organized and efficient collaboration environment.

For more detailed information refer to the official documentation:

By leveraging these resources and enhancing the script as needed you can streamline the management of Microsoft 365 Groups within your organization.


Related Articles:

Using Get-MgDirectoryRole in Graph PowerShell
Using Get-MgUserLicenseDetail in Graph PowerShell
Using Find-GraphMgCommand in Graph PowerShell
Connect to Microsoft 365 Using PowerShell
How to Create Bulk Users in Office 365 Using Graph PowerShell?
Create Microsoft 365 Group Using Microsoft Graph PowerShell
Block Microsoft 365 User Using Microsoft Graph PowerShell
Assign Microsoft 365 License Using Graph PowerShell
Microsoft 365 User Management Using Graph PowerShell
Checking Group Membership in Microsoft 365
Bulk Assign Microsoft 365 License
Find Inactive Users in Microsoft 365
Using Powershell Graph Search Query
Using Powershell Graph Filter Query
Using Where-Object In Graph PowerShell
Using Expand Property In Graph PowerShell
Using Select Object In Graph PowerShell
Using -Contains Operator In Graph PowerShell
Add User to Multiple Microsoft 365 Groups Using Graph PowerShell
Get Microsoft 365 User Location Using Graph PowerShell
Import Microsoft 365 Groups from CSV File Using Graph PowerShell
Microsoft 365 Group User Import Using Graph PowerShell

© m365corner.com. All Rights Reserved. Design by HTML Codex