🎉 Our Office 365 Reporting Tool is now available in Azure Marketplace 🚀
This website uses cookies to improve your experience. We'll assume you're ok with this. Know more.
Azure AD

How to Get Microsoft 365 Expiring Groups Report

Effective management of Microsoft 365 groups requires periodic removal of inactive ones. While an M365 group expiration policy helps clear the clutter, it can also lead to the deletion of essential groups which disrupts the workflow and causes data loss. Without proper oversight, important groups might expire unnoticed with these expiration policies. This guide helps you identify expiring Microsoft 365 groups to manage their lifecycles, prevent accidental deletions, and maintain an organized workspace.

Solution 1
Solution 2
Solution 3
Important Tips
Errors and Resolution Steps
FAQs

Using Microsoft Entra Admin Center

Microsoft 365 Permission Required
Groups Admin Least Privilege
Global Admin Most Privilege
  • Log in to the Microsoft Entra admin center.
  • In the left-hand menu, select Identity»Groups»All groups.
  • Under the Settings section, click Expiration option.
  • Here, you can see the list of groups under current expiration policy, which includes the group lifetime, object Id, membership type, and email.
Using Microsoft Entra Admin Center
  • Note: When all Microsoft 365 groups are added to the expiration policy, the toggle will be set to All. If the toggle is set to Selected, only specific groups are included in the expiration policy.

Using Windows PowerShell

Microsoft 365 Permission Required
Groups Admin Least Privilege
Global Admin Most Privilege
  • Connect to the Microsoft Graph PowerShell module using the cmdlet below.
  • Windows PowerShell Windows PowerShell 
     Connect-MgGraph -Scopes "Group.Read.All"
  • Run the below cmdlet to retrieve all Microsoft 365 expiring groups in your organization.
  • Windows PowerShell Windows PowerShell 
     Get-MgGroup | Where-object { $_.ExpirationDateTime -ne $null } | Select-Object CreatedDateTime, ExpirationDateTime, DisplayName, Mail, RenewedDateTime, Id | Format-Table
Using Windows PowerShell
  • This execution will list all the Microsoft 365 groups under expiration policy along with their group Id, name, group created date, expiration date, and renewed date.
AdminDroid Microsoft 365 Group Reporting Tool

Never miss a renewal and stay ahead with Microsoft 365 group expiration policy tracking!

Beyond tracking expiring groups, AdminDroid's Microsoft 365 group reporting tool helps to track inactive groups, group creation, group owner changes, and more. By analyzing group activity trends, admins can proactively clean up unused groups, which reduces clutter and ensures better governance. This mitigates security risks from orphaned groups and ensures alignment with compliance policies.

Get a Comprehensive View of Microsoft 365 Groups Using Specialized Dashboards

Monitor total, empty, and deleted groups with the Microsoft 365 group dashboard to plan expiration policies effectively while excluding deleted ones.

Identify Active Microsoft 365 Groups Using Activity Trends

Gain insights into Microsoft 365 group activity with AdminDroid's group usage trend report, which helps admins to track inactive groups, optimize resource management, and ensure efficient collaboration.

Track Last Activity Time to Identify Unused M365 Groups

Identify inactive Microsoft 365 groups, assess group vitality, and determine which groups need review or expiration using the latest activity data of groups.

Schedule Expiring Teams Report in M365 for Activity-Based Renewal Decisions

Regularly monitor the expiring Teams to stay informed on those with group expiration policies and decide whether to renew or remove them before deletion.

Track Accidental Deletions of Groups in Microsoft 365

Regularly audit deleted groups to prevent accidental deletions, avoid the loss of critical groups, minimize disruptions, and ensure business continuity.

Get Immediate Alerts on Microsoft 365 Group Owner Changes

Get instant alerts for M365 group owner changes using AdminDroid's default alert template to quickly detect unauthorized changes and ensure timely renewal actions.

AdminDroid offers robust features to efficiently manage and track expiring Microsoft 365 groups. With its advanced reporting and monitoring tools, admins can prevent accidental deletions, ensure timely restorations, and maintain collaboration within the organization.

Explore a full range of reporting options
Download Live Demo

Important Tips

Assign group ownership and enable self-service group management for users to handle renewals, maintenance, and membership requests without admin intervention.

Configure retention policies and legal holds for Microsoft 365 groups to ensure critical data is retained and accessible even after group expiration.

Regularly track group usage and review upcoming expiration alerts so you can verify that groups still in use are renewed, and inactive ones are decommissioned to reduce clutter.

Common Errors and Resolution Steps

Having trouble exporting the list of expiring Microsoft 365 groups? Here are the most common errors and their solutions!

Error The value must not be empty.

This error occurs when you leave the Email contact for groups with no owners field empty while configuring or managing group expiration policy.

Fix Ensure that the Email contact for groups with no owners field is filled with a valid email address. This ensures that there is a contact available to receive expiration related notifications for groups without owners.

Error Group lifetime value should be greater than or equal to 30.

This error occurs when you try to set the expiration policy for a Microsoft 365 group with a lifetime value of less than 30 days.

Fix The minimum expiration policy limit is 30 days. Provide 30 days or more for the expiration policy to be valid and apply successfully.

Error Restore-MgDirectoryDeletedItem : Invalid object identifier '3a025bce-e09b-4a28-8808-510ed85c8d1'. Status: 400 (BadRequest).

This error occurs when you provide an incorrect group ID during the restore operation.

Fix Verify the group ID you're using is correct. Use the command ‘Get-MgDirectoryDeletedItem –All’ to list deleted groups and confirm the correct ID.

Error Get-MgGroup: Insufficient privileges to complete the operation. Status: 403 (Forbidden).

This error occurs when the 'Connect-MgGraph' cmdlet is executed without specifying the required permissions.

Fix Define the necessary scopes when connecting to the Microsoft Graph PowerShell module as shown below. 
Connect-MgGraph -Scopes "Group.Read.All"
Azure AD
Frequently Asked Questions

Proactively Monitor Expiring Groups within Microsoft 365 to Elevate Group Governance

How to configure an expiration policy for Microsoft 365 groups?
How to renew an expiring Microsoft 365 group?
How to remove the group expiration policy in Microsoft 365?
How to restore a deleted Microsoft 365 group?
What are the limitations of Microsoft 365 group expiration policy?

1. How to configure an expiration policy for Microsoft 365 groups?

The Microsoft 365 group expiration policy is a feature designed to help organizations manage their groups effectively. It automates the process of deleting Microsoft 365 groups that are no longer in use and ensures that groups remain relevant to the organization’s evolving needs. This policy is crucial for smooth group lifecycle management, as it streamlines the removal of inactive groups, reduces administrative effort, and helps maintain a clutter-free environment.

Set up Microsoft 365 groups expiration policy using Entra ID

  • Sign in to the Microsoft Entra admin center and navigate to Expiration page under Identity»Groups»All groups.
  • Set the default expiration period for groups by selecting a predefined value (180 or 365 days) from the Group lifetime (in days) dropdown. Alternatively, you can also choose Custom to set a duration of '30 days' or more.
  • If a group lacks an owner, enter an alternate email address in the Email contact for groups with no owners field to receive renewal and expiration alerts. You can add multiple email addresses separated by semicolons.
  • Under the Enable expiration for these Microsoft 365 groups toggle, you can choose any one of the following options.
    • The All switch applies the expiration policy to all Microsoft 365 groups.
    • The Selected option allows you to target up to 500 specific Microsoft 365 groups. Use the Add button and add the groups you want to include in the policy.
    • The None option disables the expiration policy by preventing it from being applied to any Microsoft groups.
  • Click on the Save button to save the configured group expiration policy.
configure-group-expiration-entra

Note: Group owners must have Exchange Online licenses to receive notification emails.

Set expiration policy for Microsoft 365 groups using PowerShell

  • Connect to the Microsoft Graph PowerShell module with the required permission using the cmdlet below. 
    Connect-MgGraph -Scopes "Directory.ReadWrite.All"
  • To add a specific group to the expiration policy, run the below cmdlet with the appropriate expiration policy ID and the group ID.
    Add-MgGroupToLifecyclePolicy -GroupLifecyclePolicyId <GroupExpirationPolicyID> -GroupId <GroupID>
  • To create the group expiration policy for selected groups, execute the following cmdlet.
    New-MgGroupLifecyclePolicy -ManagedGroupTypes Selected -GroupLifetimeInDays 180 -AlternateNotificationEmails <admin@contoso.com>
  • Run the following cmdlet to create a group expiration policy for all Microsoft 365 groups. 
    New-MgGroupLifecyclePolicy -ManagedGroupTypes All -GroupLifetimeInDays 180 –AlternateNotificationEmails <admin@contoso.com>

  • Here, replace the <admin@contoso.com> with the appropriate email address to which the renewal notifications must be sent for the orphaned groups. Also, replace the “180” with the required total lifetime for the group.

Setting up an expiration policy automates group lifecycle management. It ensures inactive groups are removed systematically and reduces administrative overhead.

2. How to renew an expiring Microsoft 365 group?

When you set a group expiration policy in Microsoft 365, groups under this policy will expire after the specified lifetime (from the date of creation) if the group remains inactive. Upon expiration, a M365 group used for project collaboration may lose access to shared resources like Teams conversations and SharePoint files. Renewing the group ensures uninterrupted access for ongoing projects, preventing disruptions in communication and document collaboration.

Here are possible methods to restore an expiring Microsoft 365 group:

Activity-based automatic renewal of Microsoft 365 groups

Microsoft Entra intelligence streamlines group management by automatically renewing groups based on recent usage, which eliminates the need for manual action by group owners. This feature leverages user activity across Microsoft 365 services like Outlook, SharePoint, Teams, and Viva Engage. Groups with an expiration policy are renewed 35 days before their expiration if the following activities are detected:

  • SharePoint Online file manipulation: Actions like editing, downloading, uploading, or sharing SPO files will halt the group's expiration.

    Note: Viewing a SharePoint page doesn’t count as an activity for group's automatic renewal.

  • Group mail activities in Outlook: Drafting to group mail, reading, or responding to group emails in Outlook renews the group.
  • Microsoft Teams activity: Visiting a Teams channel associated with the expiring Microsoft 365 group triggers automatic renewal.
  • Viva Engage interaction: Engaging with posts in a Viva Engage community ensures the group remains active.

Microsoft 365 group renewal using email and Teams notification

  • Email reminders: Group owners receive email notifications 30 days, 15 days, and 1 day before expiration. For orphaned groups, notifications are sent to the email contact provided while creating the policy.
  • Teams notifications: Expiration alerts for Teams-enabled Microsoft 365 groups are visible in the Teams Owners feed.

Renew Microsoft 365 groups nearing their expiry date through email notification

  • Click the Renew Group option in the notification email.
  • Confirm renewal by selecting Yes.
  • After renewal, the group’s expiration skips to the next interval.
microsoft-365-group-renewal-mail-notification

3. How to remove the group expiration policy in Microsoft 365?

The group expiration policy in Microsoft 365 helps reduce clutter in your tenant by automatically removing inactive groups after a set period. However, unforeseen project changes may require extending the group's lifecycle, which necessitates the removal of the policy to prevent expiration. Since only one expiration policy exists, to retain even a single group, the entire expiration policy must be disabled.

You can delete a Microsoft 365 group expiration policy using the Microsoft Entra admin center or by using PowerShell commands.

Remove Microsoft 365 group expiration policy via Entra admin center

  • Log in to the Microsoft Entra admin center with at least User Admin privileges.
  • Navigate to Identity»Groups»All groups.
  • In the Enable expiration for these Microsoft 365 groups section, select None.
  • Click Save to apply the changes.
entra-admin-center-delete-expiring-groups-policy

This action will disable the expiration policy for all Microsoft 365 groups.

Disable M365 group expiration policy using PowerShell

Connect to the Microsoft Graph PowerShell module with the required permission using the cmdlet below.

Connect-MgGraph -Scopes "Directory.ReadWrite.All"

Use the Get-MgGroupLifecyclePolicy cmdlet to retrieve the expiration policy ID and replace with the corresponding value.

To remove a Microsoft 365 group expiration policy, run the following cmdlet with the policy ID.

Remove-MgGroupLifecyclePolicy -GroupLifecyclePolicyId <GroupExpirationPolicyID>

4. How to restore a deleted Microsoft 365 group?

When a Microsoft 365 group is deleted under the group expiration policy, it enters a "soft-deleted" state for 30 days, which allows for restoration if needed. Restoring a deleted M365 group ensures that all associated resources, such as emails, files, and SharePoint sites, are recovered.

Restore an expired Microsoft 365 group in Entra admin center

  • Sign in to the Microsoft Entra admin center and navigate to Identity»Groups»Deleted groups.
  • Select the expired groups and click Restore group.
entra-admin-restore-deleted-group

Restore a deleted Microsoft 365 group using the notification email

  • Locate the restoration email sent to the group owner.
  • Click the Restore Group button within the email.
  • Confirm the restoration to reinstate the group along with its associated resources.

Restore an expired Microsoft 365 group via PowerShell

Connect to the Microsoft Graph PowerShell module with the "Group.ReadWrite.All" permission. Run the below cmdlet to retrieve the list of all deleted groups in Microsoft 365.

Get-MgDirectoryDeletedItem –All

Execute the following cmdlet to restore an M365 group deleted due to the group expiration policy.

Restore-MgDirectoryDeletedItem -DirectoryObjectId <GroupID>

Replace the <GroupID> with the appropriate Microsoft 365 group ID.

5. What are the limitations of Microsoft 365 group expiration policy?

While the group expiration policy is a powerful tool, it has some limitations to consider:

  • Uniform Policy Application: Group expiration policies apply uniformly to all groups or a specific set for a fixed period. However, different policies for different groups are not supported. All selected groups must follow the same settings, thus limiting the organizations from tailoring expiration periods based on group purpose, usage, or department needs.
  • Licensing Requirements: To configure the expiration policy for Microsoft 365 groups, your organization must own Microsoft Entra ID P1 or P2 licenses. However, these licenses do not need to be directly assigned to each user.
  • Restoration Window: Once a group expires, it enters a soft-deleted state and can be restored within 30 days. After this period, the group and its associated resources are permanently deleted, which may not align with all organizational retention requirements.
  • No Policy Enforcement for Licensed Groups: Groups assigned specific Microsoft 365 licenses (such as those created via licensing assignments) do not expire under the policy, which may lead to inconsistencies in policy enforcement.

Kickstart Your Journey With
AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities

Download Now
Browse All Guides
User Help Manuals Compliance Docs
All Guides 99+
Azure AD
How to Get Microsoft 365 Expiring Groups Report
Azure AD Guides 56 Guides
1Get the Group Membership of a Microsoft 365 User2Find Guest Membership in Microsoft 365 Groups3Get the Storage used by Microsoft 365 Groups4Check if MFA is Enabled in Microsoft 365 5Check Microsoft 365 License Expiry Date6Check Licenses Assigned to Microsoft 365 Users7Export Users Without MFA in Microsoft 3658Optimize Microsoft 365 Group Management in M3659Check Microsoft 365 License Usage10Find Inactive Users in Microsoft 36511Monitor Risky Sign-ins in Microsoft Entra ID12Get User Password Expiration Date in Microsoft 36513Manage Users with Admin Roles in M36514Manage Contact Information in M36515Get Last Logon Time of Users in Microsoft 36516Audit Groups in Microsoft 36517Export a List of All Disabled Users in M36518Get Microsoft 365 Users with Weak Passwords19Get a List of Users from Azure AD20Get All Managers & Direct Reports in M36521List All the Group Owners in Microsoft 36522Track All the External User Activities in M36523Track All the User Activities in M36524Audit License Changes to Microsoft 365 Users25Check Users Last Password change date time in M36526Audit Deleted Users in Microsoft Entra ID27Get Azure Sign-in Logs in Microsoft 36528M365 License Management & Usage Insights29Track Microsoft 365 Groups with External Users30Export Conditional Access Policies Report31Audit Failed Sign-in Attempts in M36532Audit Admin Activity in Microsoft 36533Analyze Conditional Access Sign-ins Report in M36534Export Microsoft 365 Security Groups Report35Get MS Office Activations Report36Track Your Microsoft 365 Secure Score37Audit Entra ID Applications in M36538Audit Password Changes in M365 39Audit All the Policy Operations in M36540Get Entra ID App Usage Report in M36541Audit Power BI Activity Log in Microsoft 36542Monitor Forced Password Changes in M36543Audit Administrative Units in M36544Track Users Without Groups in M36545List All Deleted Groups in Microsoft 36546List All Nested Groups in Microsoft Entra ID47Find all Unlicensed Users in Microsoft 36548Track Groups with Disabled Users in M36549List All Role-assignable Groups in Microsoft 36550Monitor Empty Groups in Microsoft 36551Monitor Guest User Sign-ins in Microsoft 36552Audit User Creations in Microsoft 36553Get Guest Users List in Microsoft 36554Find Microsoft 365 Groups with Expiration Policies55Export a List of Expired M365 Subscriptions56List All Microsoft 365 Users with No Manager
x
Delivering Reports on Time
Delivering Reports on Time
Want a desired Microsoft 365 reports every Monday morning? Ensure automated report distribution and timely delivery with AdminDroid's Scheduling to your email anytime you need.
Delivering Reports on Time
Schedule tailored reports to execute automatically at the time you set and deliver straight to the emails you choose. In addition, you can customize report columns and add inteligent filtering to the activities just from the previous day to suit your Microsoft 365 report requirements.
Set It, Schedule It, See Results- Your Reports, Your Way, On Your Time!
Time Saving
Automation
Customization
Intelligent Filtering
Give Just the Right Access to the Right People
Give Just the Right Access to the Right People
Grant fine-tuned access to any Microsoft 365 user with AdminDroid’s Granular Delegation and meet your organization’s security and compliance requirements.
Give Just the Right Access to the Right People
Create custom roles loaded with just the right permissions and give access to admins or normal users within AdminDroid. The result? A streamlined Microsoft 365 management experience that aligns your organization's security protocols and saves your invaluable time and effort.
Align, Define, Simplify: AdminDroid's Granular Delegation
Smart Organizational Control
Effortless M365 Management
Simplified Access
Advanced Alerts at a Glance
Advanced Alerts at a Glance
Receive quick notifications for malicious Microsoft 365 activities. Engage with the AdminDroid’s real-time alert policies crafted to streamline your security investigations.
Advanced Alerts at a Glance
Stay informed of critical activities like suspicious emails and high-risk logins, bulk file sharing, etc. Through creating and validating ideal alert policies, AdminDroid provides a comprehensive approach to real-time monitoring and management of potential threats within your organization.
AdminDroid Keeps You Always Vigilant, Never Vulnerable!
Proactive Protection
Real-time Monitoring
Security Intelligence
Threat Detection
Merge the Required Data to One Place
Merge the Required Data to One Place
Combine multiple required columns into one comprehensive report and prioritize the information that matters most to you with AdminDroid’s Advanced Column Customization.
Merge the Required Data to One Place
This column merging capability offers a flexible way to add different columns from various reports and collate all the essential data in one place. Want to revisit the customized report? Save it as a 'View’, and your unique report is ready whenever you need it.
Merge with Ease and Save as Views!
Custom Reporting
Unique View
Desired Columns
Easy Data Interpretation
Insightful Charts and Exclusive Dashboards
Insightful Charts and Exclusive Dashboards
Get a quick and easy overview of your tenant's activity, identify potential problems, and take action to protect your data with AdminDroid’s Charts and Dashboards.
Insightful Charts and Exclusive Dashboards
With AdminDroid charts and dashboards, visualize your Microsoft 365 tenant in ways you've never thought possible. It's not just about viewing; it's about understanding, controlling, and transforming your Microsoft 365 environment.
Explore Your Microsoft 365 Tenant in a Whole New Way!
Executive overviews
Interactive insights
Decision-making
Data Visualization
Efficient Report Exporting for Microsoft 365
Efficient Report Exporting for Microsoft 365
Downloading your reports in the right file format shouldn’t be a hassle with AdminDroid’s Report Export. Experience seamless report exporting in various formats that cater to your needs.
Efficient Report Exporting for Microsoft 365
Navigate through diverse options and export Microsoft 365 reports flawlessly in your desired file format. Tailor your reports precisely as you need them and save them directly to your computer.
Take Control, Customize and Deliver- Your Office 365 Data, Exported in Your Way!
Easy Export
Seamless Downloading
Data Control
Manage Microsoft 365

Get AdminDroid Office 365 Reporter Now!

Free Download Live Demo