Microsoft Adds More Group and Browser Controls to Azure AD

Microsoft recently rolled out several Azure Active Directory (AD) improvements, including the ability for administrators to set expiration policies for Office 365 groups.

After being in preview since last August, the new group expiration policy feature is now generally available. Policies specifying how long groups should exist can be set in days from the Azure AD Portal or by using Azure AD PowerShell. It's possible to set policies for some groups or for all groups.

There's one catch: Organizations need to have Azure AD Premium subscriptions in place to use this feature. That's true for "all members of the groups to which the expiration policy is applied," according to Microsoft's documentation.

Under the group expiration policies scheme, end users who are group owners get sent a series of notifications automatically before a group is set to expire expire. The notifications arrive "30 days, 15 days and 1 day" before the group's end date, giving owners the option to keep or delete the group. The group gets deleted automatically if there's no response, but group owners will receive another notification letting them know it was deleted. Group owners and Office 365 account administrators have 30 days from the group's termination date to restore a group.

There's an exception for groups where there's a legal hold in place, as those groups don't get deleted. The content of groups will still be accessible via e-discovery if retention policies were set using the Security and Compliance Center.

Office 365 end users can create groups unless they've been restricted beforehand by IT pros, typically through the creation of "security groups," as described in this documentation. The creation of an Office 365 group will automatically provision a SharePoint site, a Yammer group, an Outlook mailbox, OneNote and a chat space in Microsoft Teams, which are all managed via Azure AD. Deleting a group should get rid of all of those services that get automatically created with a group, according to a FAQ published by AvePoint, a Microsoft partner that offers Office 365 governance support.

Managed Browser Support
In other Azure AD news, the "managed browser" that's used with Microsoft Intune, Microsoft's mobile management service, can now use single sign-on and conditional access Azure AD capabilities, Microsoft announced last week. The Intune managed browser is a downloadable application for devices that follows policies set by Intune.

The single sign-on access feature for the managed browser app permits easier access by end users to all Azure AD-managed applications, both online and on-premises. It works with Android and iOS devices.

The conditional access capability for the Intune managed browser adds the ability to restrict access to organizational information, based on browser use. For instance, it's possible to block access to resources "from any other unprotected browsers like Safari or Chrome," Microsoft's announcement explained. When end users try to use those browsers, they'll get directed to use the Intune managed browser instead. The conditional access capability works across Office 365 services, as well as for "on-premises sites that you have exposed via the Azure AD Application Proxy" service, the announcement added.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.


  • 2019 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss this year.

  • Microsoft Partners with NIST To Improve Enterprise Security 'Hygiene'

    Microsoft will "soon" kick off an effort to help organizations better patch their software, with help from the National Institute of Standards and Technology.

  • Microsoft, Pivotal Collaborate on Azure Spring Cloud

    Azure Spring Cloud, a developer service jointly built and operated by Pivotal Software and Microsoft, debuted as a private preview this week.

  • The 2019 Microsoft Product Roadmap

    From the next major update to Windows 10 to the next generation of HoloLens, here's what's on tap from Microsoft this year.

RCP Update

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.