What the policy governs
Expiration applies only to Microsoft 365 groups. The tenant can have one expiration policy, with a lifetime of at least 30 days, targeting all groups, selected groups, or none.
Microsoft 365 collaboration lifecycle operations
Control inactive Microsoft 365 groups without casually deleting the connected Teams workspace, SharePoint site, group mailbox, calendar, Planner plan, membership, and business evidence that each group can carry.

Executive purpose
Self-service collaboration can leave a tenant with abandoned project groups, duplicate workspaces, stale external members, unused email addresses, and sites that nobody can explain. Microsoft Entra can apply an expiration policy to Microsoft 365 groups, automatically renew groups with supported activity, and ask owners to renew inactive groups. This is valuable hygiene—but it is not a substitute for information governance, access review, records retention, or a tested recovery process.
Expiration applies only to Microsoft 365 groups. The tenant can have one expiration policy, with a lifetime of at least 30 days, targeting all groups, selected groups, or none.
Supported user activity in SharePoint, Outlook, Teams, or Viva Engage can flag a group for automatic renewal. Renewal occurs near expiration, not immediately after every interaction.
The group object connects multiple workloads. An expiration decision can remove the user-visible group, mailbox, site, plan, team, conversations, files, permissions, and collaborative context.
Connected workload map
Do not review a group as an isolated directory object. Inventory its connected services and business role before placing it inside an expiration scope. A quiet mailbox does not prove an unused SharePoint site, and a quiet Team does not prove that files lack legal or operational value.
| Connected component | Activity or evidence to review | Expiration impact | Validation after restoration |
|---|---|---|---|
| Microsoft Entra group | Owners, members, guests, dynamic rule, classification, sensitivity, assigned resources | Identity object, membership, addresses, and resource authorization enter soft deletion | Object ID context, owners, membership, dynamic population, addresses, and assignments |
| Microsoft Teams | Channel visits, posts, meetings, tabs, apps, private/shared channel dependencies | The connected team becomes unavailable when the group is deleted | Team availability, channels, membership, apps, tabs, files, and meeting context |
| SharePoint Online | File views, edits, downloads, moves, shares, uploads, sharing links, site ownership | The connected site and files leave normal user access; retention may preserve copies | Site access, libraries, permissions, sharing, storage, pages, and file integrity |
| Exchange Online | Group conversations, calendar, address use, transport dependencies, hold status | Shared inbox, calendar, and group addresses are removed from active use | Mailbox, calendar, aliases, mail flow, membership delivery, and legal hold behavior |
| Planner, OneNote, Viva Engage | Plans, tasks, notebook content, community activity, owners, business records | Connected service data can be deleted with the group after recovery windows expire | Plans, assignments, notebooks, community content, links, and permissions |
Expiration and Teams archiving solve different problems. Archiving can preserve a Team in read-only form for continued reference; expiration deletes the underlying Microsoft 365 group and connected resources. Use a documented decision tree instead of treating those outcomes as interchangeable.
Policy design
Map owners, age, membership, guests, workloads, classification, holds, and business purpose.
Separate standard collaboration, critical operations, regulated records, and temporary projects.
Assign accountable owners and a monitored alternate notification address for ownerless groups.
Validate supported activity, email notices, Teams owner feed notices, and exceptions.
Track auto-renewal, manual renewal, impending expiration, deletion, and restoration.
Restore a safe pilot group and verify every connected workload within the recovery window.
Automatic and manual renewal
Microsoft Entra uses supported activity to determine whether a Microsoft 365 group remains in use. Near expiration, an activity flag can cause renewal within approximately 24 hours. Microsoft’s current examples include viewing, editing, downloading, moving, sharing, or uploading SharePoint files; joining or interacting with group messages in Outlook; visiting a Teams channel; and viewing a Viva Engage post or interactive email. This signal is useful, but it is not a business-value assessment.
Recent supported activity flags the group. Around 35 days before expiration, the group can renew automatically and owners do not receive renewal notices.
If automatic renewal does not occur, owners receive reminders 30, 15, and 1 day before expiration. The renewal link exposes group details and connected resources for review.
Renewal and expiration notices route to the configured alternate email address. That address must be a monitored operational queue, not a person’s transient mailbox.
Top operational risks
Expiration is safe only when the surrounding ownership, retention, exception, notification, and recovery controls are measurable.
Ownerless groups cannot make a business decision. Route notices to a monitored queue, assign a steward, and escalate before deletion.
Supported interaction can auto-renew obsolete groups. Review purpose, classification, external membership, and resource dependencies periodically.
Emergency, executive, application, regulated, or operational groups may need explicit exclusion and a separate recertification process.
Purview retention can preserve content for compliance and eDiscovery, but does not necessarily restore the group’s collaborative experience or permissions.
The 30-day soft-delete period is not customizable. Monitor deleted groups daily and escalate restorations with enough time for workload recovery.
A successful restore command is not proof of service recovery. Teams, SharePoint, Planner, mailbox, membership, and dynamic rules may need up to 24 hours and explicit testing.
Retention and recovery
When a group expires, Microsoft deletes it one day after the expiration date after the final owner notification. The group then remains soft-deleted for 30 days. During that window, an eligible owner or administrator can restore it. Microsoft documents restoration of the group object, properties, members, email addresses, shared inbox and calendar, SharePoint site and files, OneNote notebook, Planner, Teams, eligible Viva Engage content, and Power BI classic workspace. Full recovery can take up to 24 hours.
Purview retention works at the content layer. If a retention policy applies to Microsoft 365 group mailboxes and sites, conversations and files can remain preserved in retention locations even after users can no longer see the group. A legal hold can preserve a group mailbox. These controls support compliance and eDiscovery; they should not be presented as a substitute for restoring the group, its permissions, or the working collaboration environment.
| Recovery phase | Required action | Evidence to capture | Escalation or failback |
|---|---|---|---|
| Before expiration | Confirm owner decision, workload inventory, classification, holds, dependencies, and exception status | Attestation, activity record, owner, members, site URL, team, aliases, plans, labels | Renew manually or remove from scope if facts are incomplete |
| Expiration and deletion | Record deletion timestamp and calculate the immutable 30-day restoration deadline | Audit event, notification trail, deleted-group inventory, service desk case | Escalate immediately for critical, ownerless, disputed, or regulated groups |
| Restore initiated | Restore through Microsoft 365 admin center, Outlook where eligible, or supported PowerShell/Graph process | Responder, command or portal evidence, timestamps, group identifier | Avoid recreating the same group unless Microsoft support and the recovery plan require it |
| Workload validation | Allow propagation and test each connected service, membership, address, permission, and content path | Teams, SharePoint, Exchange, Planner, OneNote, dynamic membership, guest access test results | Open workload-specific support cases; retain the incident timeline and evidence |
| Post-recovery | Renew, correct ownership, document root cause, and adjust scope or exception rules | Closure approval, new expiration date, owner confirmation, lessons learned | Rehearse again with a nonproduction pilot and update the runbook |
Operational evidence
Related architecture
Created by Ali Hassani, CISO — 25+ years of IT, cybersecurity, compliance, and infrastructure experience.
Authoritative resources
Frequently asked questions
No. Microsoft states that the expiration policy applies only to Microsoft 365 groups in Microsoft Entra ID. Security groups require a separate lifecycle and access-review design.
Microsoft currently supports one expiration policy for Microsoft 365 groups in a tenant. It can target all Microsoft 365 groups, selected groups, or none, with a group lifetime of at least 30 days.
Supported signals include SharePoint file interaction, Outlook group participation, visiting a Teams channel, and viewing Viva Engage content. Activity flags renewal near expiration; it should not be treated as proof of ongoing business justification.
If the group is not automatically renewed, owners receive renewal notices 30, 15, and 1 day before expiration. Ownerless-group notices go to the configured alternate notification address, which should be actively monitored.
Yes, within Microsoft’s non-customizable 30-day soft-delete window. Restoration can take up to 24 hours, and administrators should validate the group object, membership, Teams, SharePoint, Exchange, Planner, OneNote, aliases, and other connected services.
Not necessarily. Retention can preserve mailbox conversations and site files in protected locations for compliance and eDiscovery even when users can no longer see the group. It does not replace operational group restoration or workload validation.
Operationalize the lifecycle
IT Perfection can help inventory connected workloads, correct ownership, define protected exceptions, align retention, pilot renewal behavior, document recovery, and establish evidence-driven operations for businesses in Orange County and Southern California.
This guide is for initial guidance only and does not replace a professional cybersecurity audit, compliance assessment, penetration test, legal/compliance review, Microsoft licensing review, or tenant-specific change-control process.
We use necessary cookies and limited analytics and advertising-measurement cookies. Select Accept to allow optional cookies or Deny to continue with necessary cookies only. No name or email is required. You may close this website at any time.