Expiration Policy
Configure automatic expiration for Microsoft 365 Groups to reduce sprawl. Group owners receive renewal notifications before expiration. Expired groups are soft-deleted and can be restored for 30 days.
Note: Microsoft 365 Groups are the foundation for collaboration across Microsoft services. When you create a Team, SharePoint site, or Outlook group, an underlying Microsoft 365 Group is created. Group settings affect all connected services. Managing groups requires
Group.ReadWrite.AllandDirectory.ReadWrite.Allpermissions in Microsoft Graph.
Expiration Settings
| Setting | Options | Description |
|---|---|---|
| Group Lifetime | 180 days / 365 days / Custom | How long before a group expires if not renewed |
| Apply To | All groups / Selected groups / None | Which groups are subject to expiration |
| Notification Email | Admin email address | Fallback contact when group has no owners |
Renewal Notifications
Group owners receive email notifications at three intervals before expiration:
| Notification | Timing | Description |
|---|---|---|
| First Notification | 30 days before expiration | Initial reminder to owners to renew the group |
| Second Notification | 15 days before expiration | Follow-up reminder with increased urgency |
| Final Notification | 1 day before expiration | Last chance to renew before the group expires |
Automatic Renewal
Groups are automatically renewed when any of these activities occur:
- SharePoint file viewed, edited, shared, or downloaded
- Outlook message viewed in the group mailbox
- Teams channel visited or message posted
- Yammer message posted or read in the connected community
- Planner tasks updated
Expiration Workflow
- Group Created — Expiration timer starts based on the configured lifetime
- Notifications — Owners receive renewal notifications at 30, 15, and 1 day before expiration
- Renewal or Expiry — Owner takes action to renew, or the group auto-expires
- Soft Delete — Expired group enters 30-day recovery window
- Permanent Delete — Group and all associated data are permanently removed
Cross-Tenant Configuration
OpsPilot365 enables bulk configuration of expiration policies across multiple managed tenants:
Deployment Workflow
- Define Policy — Create group settings template with expiration rules
- Select Tenants — Choose target tenants by tag or manual selection
- Preview — Review changes and conflicts before applying
- Deploy — Apply with rollback option if issues arise
Best Practices
Governance
- Set appropriate expiration periods (365 days recommended for most organizations)
- Restrict group creation to trained users to reduce sprawl
- Require classifications for all groups
- Document owner responsibilities clearly
- Monitor orphaned groups (groups with no owners) regularly
Security
- Review expiration policy compliance quarterly
- Use sensitivity labels for groups containing sensitive data
- Audit group membership changes
- Implement conditional access for groups
- Ensure all groups have at least two owners to prevent orphaned expiration notices
Warning: When a group expires, all associated resources are deleted including the Teams team, SharePoint site, mailbox, Planner plans, and OneNote notebook. Ensure owners understand the impact of not renewing.
API Reference
# Get group settings (directory settings)
GET /groupSettings# Update group expiration settings
PATCH /groupSettings/{setting-id}
{
"values": [
{ "name": "EnableGroupCreation", "value": "false" },
{ "name": "GroupCreationAllowedGroupId", "value": "group-guid" }
]
}# OpsPilot365 API - Bulk group settings deployment
POST /api/groups/settings/deploy
{
"tenantIds": ["tenant-1", "tenant-2"],
"settings": {
"enableGroupCreation": false,
"groupCreationAllowedGroupId": "creators-group-guid",
"guestAccessEnabled": true,
"expirationDays": 365
}
}GET /api/m365-groups/expiration— Get expiration policyPUT /api/m365-groups/expiration— Update expiration policy