Assign/Delegate Permissions To Help Desk To Restore O365 Groups?

Deleted
Not applicable

Hi all,

(cross-post from the O365 Groups community)

 

I searched but got no hits on this.  Having implemented the Groups Expiration Policy, the 'Restore' need has naturally arisen.  Despite the very clear and easy means to do so via the automated emails (Kudos to the product team on that one!), users still often need help.  

 

I'd like to be able to grant my Service Desk staff the necessary permission(s) in Exchange (or AAD, or whereever) to allow them to find and recover deleted O365 groups.  I checked in the EAC, hoping to find a Role specific to O365 Groups (akin to the 'Distribution Groups' role you can assign), but didn't find anything.  If there's any PS CMDLETS that will permit this (or any other way) I'd appreciate a pointer.

Thanks,

John

1 Reply

In general, you should be using the AAD cmdlets instead of Exchange Online ones, as Groups span more than just Exchange and AAD is the "source of authority". But given how bad RBAC is for AAD, you might as well consider sticking to good old Exchange...

 

The cmdlets you need are

Get-UnifiedGroup -IncludeSoftDeletedGroups

Undo-SoftDeletedUnifiedGroup

 

The "minimal" role that has those is the "Mail Recipient Creation" one, so you can just assign it to the help desk staff. As the role includes more than just those two cmdlets, you might as well consider creating a custom role.