User Activity based Expiration Policy for Office 365 groups is now generally available!
We are happy to announce the general availability of User Activity based Expiration Policy for Office 365 groups. This means any active groups covered by the expiration policy will be automatically renewed. We would like to draw your attention to a few resources available to you: Documentation will be updated shortly: https://docs.microsoft.com/en-us/office365/admin/create-groups/office-365-groups-expiration-policy https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-lifecycle THANK YOU to all private preview participants for the feedback and comments you shared in this community. Please continue share your thoughts here. Also, please feel free to reach out to us on: User Voice: Office 365 groupsNew security hardening policies for Trusted Documents
We're changing the behavior of Office applications to enforce policies that block active content (macros, ActiveX, DDE, etc.) on Trusted Documents. Previously, active content was allowed to run in Trusted Documents even when an IT administrator had set a policy to block it. As part of ongoing Office security hardening, the IT administrator’s choice to block active content will now always take precedence over end-user set trusted documents. This change is released to Insiders in build 2110 and is planned to roll out to Current Channel in early February 2022. It is not planned to be backported to down-level versions. As you can see from the chart, the change in the evaluation flow allows admin-configured policies to always take precedence over user settings, which can help reduce the impact of attacks that use active content. This is important in the current threat landscape as active content attacks become more common. End user experience The expected impact is when a user opens a previously trusted document with active content that’s enabled. If there’s a policy set by their IT administrator or a Trust Center setting blocking the active content, the content will remain blocked. When this happens, we will display a business bar: The Trusted document settings have changed KB article explaining the change in behavior, and links to Commercial guidance for IT Administrators: Manage active content in Office documents. In addition, we’ve added a backstage slab for all documents containing active content displaying the trust scenario of the document: This backstage notification particularly helps when the IT administrator has blocked all Trust bar notifications with the policy: Disable all Trust Bar notifications for security issues For these impacted users with no business bar notification, they can select File/Info and see the backstage Security Information describing the trust scenario for the file. IT administrator options: It’s important for IT administrators and users to have tools to manage Office applications to balance security and productivity needs. Options available for this new trust workflow include: The Microsoft 365 Apps for enterprise Security Baselines are our recommendations for policy settings. Use these to guide your evaluation of active content settings. If your users don't need specific types of active content, your most secure option is to use policies to turn off user access to that active content, and allow exceptions as needed. Determine the appropriate trust behaviors for your end users, the following policies are available: Turn off Trusted Locations: Exceptions for security groups available. Turn off Trusted Documents: Exceptions for security groups available. Some policies controlling active content have settings that allow for user override. If you trust your users to make security decisions on their own, you can select these options, learn more. Thank you, Office Product Group – SecurityUser Activity based Expiration Policy for Office 365 groups is now in Private Preview!
Update: This feature has new updates. Please see the blog for details. -- O365 Groups power collaboration across Office 365 Collaboration is a key ingredient for the success of any organization. Office 365 groups, of the most used collaboration features in Microsoft 365 today, power the collaboration features across apps, including Outlook, Teams, Yammer, and SharePoint. Employees can create groups quickly and start collaborating with co-workers by sharing group documents, emails, and calendars. The twin problems of Groups Life cycle Management As the number of Office 365 groups increases, an organization needs to strike a balance between cleaning up unused groups and ensuring any valuable groups do not get deleted unintentionally, causing data loss. Many of you have shared feedback about these challenges in groups lifecycle management. You say, we listen and act We heard your feedback, and we've made some changes! We are excited to announce the new version of expiration policy which ensures any group being actively used continues to be available, circumventing expiration. This feature makes life easier for users, including admins, group owners and members, by automating the expiration and renewal process by tracking groups for user activity across different apps, like Teams, SharePoint, Outlook, tied to the group. The new expiration policy puts group life cycle management on autopilot The current Expiration policy allows you to set an expiration time frame for selected or all Office 365 groups . After the defined group lifetime, owners are asked to renew them if they are still needed. With this newly added intelligence, groups which are being actively used will be automagically renewed. This preempts the need for any manual action on the part of the group owners. This is based on user activity in groups across Office 365 apps like Outlook, SharePoint and Teams. Example: At Contoso, the administrator has configured the Group lifetime to be 180 days. Megan is the owner of the Contoso Marketing O365 Group, with Enrico and Alex as its members. Her group is set to expire the following month. If an owner or a member performs actions like uploading a document in SharePoint, visiting Teams channel or sending an email to the group in Outlook, the group is automatically renewed for another 180 days, and she does not get any expiry notifications. Manual Controls: Group owners will continue to have the manual “delete”, “renew” option for granular control. Soft Delete: Like before, groups which aren't renewed (either automatically based on activity or manually) will be soft deleted. Groups in “Soft-delete” state can still be restored within 30 days, after which the content is deleted permanently. User actions for group auto-renewal: The following user actions will lead to automatic renewal of groups SharePoint – View, Edit, Download, Move, Share, Upload Files Outlook – Join group, Read/write group message from group space, Like a message (OWA) Teams – Visit a Teams channels We will continue to update this list to fine tune group auto-renewal experience. Auditing and reporting: Administrators can get a list of auto-renewed groups from audit logs on the azure portal. Here are some quick steps to get you started. Getting started Office 365 groups expiration policy can be configured from the Azure Active Directory portal, as well as programmatically via Azure Active Directory PowerShell. Please note you need an Azure AD Premium license. Below is a quick tutorial on how to get started with the functionality in the new Azure portal experience. 1. Create Expiration Policy: Sign into the Azure portal, select Azure Active Directory, go to the Groups tab and select Expiration under Settings. (More details here) . 2. Set Group Life cycle: Specify the group lifetime in days and select which groups you want the expiration settings to apply to. Group owners will receive a renewal notification 30 days before the expiration date, and from that notification they can renew their group with a single click! If there is no user activity in the group (and the owners don't manually renew their group) within the required time frame, their group will expire. Upon expiry it will stay in a “soft deleted” state for 30 days. Owners of deleted groups will receive a notification letting them know their group has been deleted and giving them the opportunity to restore their group within 30 days after its deletion date. The Group will be permanently deleted after 30 days. 3. Auto-renewal based on user activity: No explicit action is required to enable activity-based auto-renewal. If an the expiration policy is set for Office 365 groups, auto-renewal will be enabled by default. Learn more about how you can restore you group to recover all its content, including SharePoint, Planner, and Outlook - how to restore deleted Office 365 groups. Note: The new version of Office 365 groups expiration feature is available in private preview today for select Azure AD Premium customers. Please reach out to your TAMs/CSMs regarding enrollment in private preview. Let us know what you think! We would love to hear your feedback! If you have any suggestions for us, questions, or issues to report, please leave a comment below. We're always looking for ways to improve. User Voice: Add security groups to Office 365 groups Best regards, Salil Kakkar Yuan Karppanen Program Manager Program Manager Office 365 Groups Azure Active Directory @salil_kakkarNew Yammer groups usage report and updated Office 365 groups report
We're adding a new Yammer groups activity report that will help you understand how your users leverage Yammer groups to communicate and collaborate in your organization. We are also enhancing the existing Office 365 groups report to include file activities performed by users in the group's SharePoint site as well as any message activity users perform in the Yammer group associated with the Office 365 group.Loop governance, lifecycle, manageability for IT Admins – Nov 2024
Dive into our latest update on Loop governance, lifecycle, and manageability tailored just IT admins! Discover how Loop's seamless integration with Microsoft 365 can transform your team's productivity with real-time co-authoring, versatile components, and enhanced security features. From Copilot Pages to comprehensive manageability roadmap items, this blog has everything you need to confidently pilot and fully enable Loop in your organization.
Office 365 Groups at Microsoft Ignite 2017
Last month at Microsoft Ignite in Orlando, we spent five action-packed days with customers, hearing about their Office 365 Groups journey and answering their questions. In-case you missed it, here's some essential viewing to help you catch-up on everything we shared.
