Apr 30 2018 10:04 AM
Apr 30 2018 10:04 AM
Hi all,
(cross-post from the O365 Groups community)
I searched but got no hits on this. Having implemented the Groups Expiration Policy, the 'Restore' need has naturally arisen. Despite the very clear and easy means to do so via the automated emails (Kudos to the product team on that one!), users still often need help.
I'd like to be able to grant my Service Desk staff the necessary permission(s) in Exchange (or AAD, or whereever) to allow them to find and recover deleted O365 groups. I checked in the EAC, hoping to find a Role specific to O365 Groups (akin to the 'Distribution Groups' role you can assign), but didn't find anything. If there's any PS CMDLETS that will permit this (or any other way) I'd appreciate a pointer.
Thanks,
John
May 01 2018 12:07 AM
In general, you should be using the AAD cmdlets instead of Exchange Online ones, as Groups span more than just Exchange and AAD is the "source of authority". But given how bad RBAC is for AAD, you might as well consider sticking to good old Exchange...
The cmdlets you need are
Get-UnifiedGroup -IncludeSoftDeletedGroups
Undo-SoftDeletedUnifiedGroup
The "minimal" role that has those is the "Mail Recipient Creation" one, so you can just assign it to the help desk staff. As the role includes more than just those two cmdlets, you might as well consider creating a custom role.