News

Microsoft Adds More Group and Browser Controls to Azure AD

Microsoft recently rolled out several Azure Active Directory (AD) improvements, including the ability for administrators to set expiration policies for Office 365 groups.

After being in preview since last August, the new group expiration policy feature is now generally available. Policies specifying how long groups should exist can be set in days from the Azure AD Portal or by using Azure AD PowerShell. It's possible to set policies for some groups or for all groups.

There's one catch: Organizations need to have Azure AD Premium subscriptions in place to use this feature. That's true for "all members of the groups to which the expiration policy is applied," according to Microsoft's documentation.

Under the group expiration policies scheme, end users who are group owners get sent a series of notifications automatically before a group is set to expire expire. The notifications arrive "30 days, 15 days and 1 day" before the group's end date, giving owners the option to keep or delete the group. The group gets deleted automatically if there's no response, but group owners will receive another notification letting them know it was deleted. Group owners and Office 365 account administrators have 30 days from the group's termination date to restore a group.

There's an exception for groups where there's a legal hold in place, as those groups don't get deleted. The content of groups will still be accessible via e-discovery if retention policies were set using the Security and Compliance Center.

Office 365 end users can create groups unless they've been restricted beforehand by IT pros, typically through the creation of "security groups," as described in this documentation. The creation of an Office 365 group will automatically provision a SharePoint site, a Yammer group, an Outlook mailbox, OneNote and a chat space in Microsoft Teams, which are all managed via Azure AD. Deleting a group should get rid of all of those services that get automatically created with a group, according to a FAQ published by AvePoint, a Microsoft partner that offers Office 365 governance support.

Managed Browser Support
In other Azure AD news, the "managed browser" that's used with Microsoft Intune, Microsoft's mobile management service, can now use single sign-on and conditional access Azure AD capabilities, Microsoft announced last week. The Intune managed browser is a downloadable application for devices that follows policies set by Intune.

The single sign-on access feature for the managed browser app permits easier access by end users to all Azure AD-managed applications, both online and on-premises. It works with Android and iOS devices.

The conditional access capability for the Intune managed browser adds the ability to restrict access to organizational information, based on browser use. For instance, it's possible to block access to resources "from any other unprotected browsers like Safari or Chrome," Microsoft's announcement explained. When end users try to use those browsers, they'll get directed to use the Intune managed browser instead. The conditional access capability works across Office 365 services, as well as for "on-premises sites that you have exposed via the Azure AD Application Proxy" service, the announcement added.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • IBM Giving Orgs a Governance Lifeline in Agentic AI Era

    Nearly overnight, organizations are facing brand-new challenges caused by self-directed AI systems (a.k.a. agentic AI). Big Blue is extending them some help.

  • Microsoft Launches Integrated E-mail Security Ecosystem for Defender for Office 365

    Microsoft is expanding its e-mail security capabilities with the launch of a new Integrated Cloud Email Security (ICES) ecosystem for Microsoft Defender for Office 365.

  • Microsoft Joins Workday's AI Agent Partner Network

    Microsoft has become a key partner in Workday's newly launched AI Agent Partner Network, aligning with other industry leaders to integrate AI agents into enterprise workforce systems.

  • LinkedIn CEO Ryan Roslansky To Lead Microsoft's Productivity Initiatives

    In a strategic leadership realignment, Microsoft has appointed LinkedIn CEO Ryan Roslansky to oversee its consumer and small business productivity software division, encompassing Microsoft 365, Teams and AI-driven tools like Copilot.