Group Expiry Policies, how to exclude certain groups

%3CLINGO-SUB%20id%3D%22lingo-sub-108715%22%20slang%3D%22en-US%22%3EGroup%20Expiry%20Policies%2C%20how%20to%20exclude%20certain%20groups%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-108715%22%20slang%3D%22en-US%22%3E%3CP%3EWhen%20creating%20an%20expiry%20policy%20for%20groups%20using%26nbsp%3BSet-AzureADMSGroupLifecyclePolicy%20you%20can%20specify%20if%20this%20policy%20should%20apply%20to%20'All'%2C%20'None'%2C%20or%20'Selected'%20groups%20using%20the%20-ManagedGroupType%20parameter.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20this%20is%20set%20to%20'All'%20how%20does%20this%20interact%20with%20using%26nbsp%3BRemove-AzureADMSLifecyclePolicyGroup%20to%20remove%20that%20policy%20from%20a%20specific%20group%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20options%20seem%20to%20all%20be%20set%20up%20the%20wrong%20way%20round%20to%20me%2C%20we%20would%20want%20a%20policy%2C%20we%20would%20want%20to%20that%20to%20apply%20automatically%20to%20self-service%20created%20groups%2C%20but%20as%20admins%20we%20would%20want%20to%20exclude%20certain%20groups%20from%20the%20policy.%20The%20commandlets%20and%20UI%20all%20seem%20to%20be%20about%20creating%20a%20policy%20and%20opting-in%20to%20that.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-108715%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdmin%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%20Groups%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-108791%22%20slang%3D%22en-US%22%3ERe%3A%20Group%20Expiry%20Policies%2C%20how%20to%20exclude%20certain%20groups%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-108791%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%20Thanks%20for%20the%20feedback.%20We%20are%20looking%20into%20both%20of%20these%20capabilities%20(exclusion%20of%20groups%20when%20'All'%20is%20selected%2C%20and%20multiple%20policies)%20for%20the%20next%20iteration%20of%20the%20product%2C%20but%20have%20no%20dates%20to%20share%20for%20the%20moment.%20Thanks%2C%20Kairaz%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-108755%22%20slang%3D%22en-US%22%3ERe%3A%20Group%20Expiry%20Policies%2C%20how%20to%20exclude%20certain%20groups%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-108755%22%20slang%3D%22en-US%22%3E%3CP%3EFor%20me%2C%20the%20fact%20that%20we%20have%20only%20one%20policy%20is%20limiting%2C%20as%20is%20the%20lack%20of%20exclusions.%20I%20hope%20they%20change%20it%20based%20on%20feedback%2C%20but%20for%20now%20the%20best%20we%20can%20do%20is%20to%20use%20PowerShell%20to%20assign%20the%20policy%20on%20demand%2C%20it%20seems.%3C%2FP%3E%3C%2FLINGO-BODY%3E
MVP

When creating an expiry policy for groups using Set-AzureADMSGroupLifecyclePolicy you can specify if this policy should apply to 'All', 'None', or 'Selected' groups using the -ManagedGroupType parameter.

 

If this is set to 'All' how does this interact with using Remove-AzureADMSLifecyclePolicyGroup to remove that policy from a specific group?

 

The options seem to all be set up the wrong way round to me, we would want a policy, we would want to that to apply automatically to self-service created groups, but as admins we would want to exclude certain groups from the policy. The commandlets and UI all seem to be about creating a policy and opting-in to that.

2 Replies

For me, the fact that we have only one policy is limiting, as is the lack of exclusions. I hope they change it based on feedback, but for now the best we can do is to use PowerShell to assign the policy on demand, it seems.

Hi, Thanks for the feedback. We are looking into both of these capabilities (exclusion of groups when 'All' is selected, and multiple policies) for the next iteration of the product, but have no dates to share for the moment. Thanks, Kairaz