Microsoft 365 Group Expiration Policy Considerations

Posted on by Adam Fowler

Microsoft 365 has an in-built option to expire Microsoft 365 Groups that are no longer in use. Details around this are well documented Microsoft 365 group expiration policy | Microsoft Docs – but I thought it was worth digging a bit deeper into the why and how of Microsoft 365 Group Expiration Policy. The below is my understanding of how the platform works based on personal testing.

It’s easy for an administrator to come to the conclusion that they have their Microsoft 365 Groups under control. Maybe the creation of Microsoft 365 Groups is restricted in the tenant to a subset of users, or admins only – ensuring only approved groups are created with a reasonable naming convention. Maybe that is combined with a Microsoft 365 groups naming policy | Microsoft Docs which includes blocking custom words so users can’t create another group with the name ‘Finance’ in it and create ungoverned areas.

If these controls are in place, why would you want any Microsoft 365 Group to expire? There’s the risk that a wanted group gets deleted and misses the 30 day window of recovery (maybe it’s a group used heavily only once a year for a week) and group expiration is more hassle than it’s worth?

There are a few main driving factors on why you should deeply consider enabling Microsoft 365 Group Expiration Policy:

Clean up old groups – despite having a good control of group creation and naming convention sorted, users will rarely advise when a group is no longer used or abandoned. Maybe it was a committee that fell apart when certain people left the organization – IT will rarely be across and care about abandoned groups. Although it’s messy and confusing to have a bunch of abandoned groups sitting around, there’s a bigger driver to clean these groups up;

Reduce data held – Data should be held for as short as time as possible; of course complying with data retention laws and in line with the company’s data retention policy. The more data you have, the more data you have to lose. Useful data of course should be kept for as long as it is useful, and it can be very difficult to define what data falls into this category. There’d be a faily strong argument though, that an abandoned group holds no important data (unless the group had been targeted by a data retention policy, because the data had already been classified). Hanging onto unmanaged, abandoned data is an easy way for the data to be leaked down the track. Think of a group that has guest access but nobody’s managing – that guest could come back years later and extract the data which should have been cleaned up.

Microsoft 365 Groups should have more than one owner – avoid scenarios where the 1 admin of a group departs the company and abandons is, by always having at least 2 owners of a group. If they end up being the last owner, it’s up to them to find a second one. Microsoft 365 Group Expiration Policy will handle the scenario of an abandoned group (one with no owners) by instead sending an email to a specified address in the Microsoft 365 Group Expiration Policy settings:

Source: Microsoft

Other considerations before enabling Microsoft 365 Group Expiration Policy:

Exchange licenses: All owners of groups need an Exchange license. It should work if they’re on-premises and in Exchange Hybrid mode, AND an Exchange Online license applied to the account. There are scenarios where this license component may not be enabled against an account to avoid having multiple mailboxes (one in cloud, one on-prem), so it’s worth verifying.

User awareness: Before turning this on, make sure communication is provided to end users. People have a tendency to ignore things they don’t understand or don’t think are important, and will then be complaining loudly when their group was deleted after the third email notification asking them.

Pilot: Rather than enabling this for all groups in your tenant, start with a subset of selected groups to make sure you understand how the process works. This list is limited to 500 groups.

Automatic Active Group Checking & Group Lifetime: A great component of Microsoft 365 Group Expiration Policy is the automatic checking of active groups. If a group is detected as being active, then it will auto-renew and not ask any user to verify. As noted on Set expiration for Microsoft 365 groups – Azure Active Directory – Microsoft Entra | Microsoft Docs:

When you first set up expiration, any groups that are older than the expiration interval are set to 35 days until expiration unless the group is automatically renewed or the owner renews it.

and from Activity-based automatic renewal – Azure Active Directory – Microsoft Entra | Microsoft Docs

For example, if an owner or a group member does something like upload a document to SharePoint, visit a Teams channel, send an email to the group in Outlook, or view a post in Yammer, the group is automatically renewed around 35 days before the group expires and the owner does not get any renewal notifications.

For example, consider an expiration policy that is set so that a group expires after 30 days of inactivity. However, to keep from sending an expiration email the day that group expiration is enabled (because there’s no record activity yet), Azure AD first waits five days. If there is activity in those five days, the expiration policy works as expected. If there is no activity within five days, we send an expiration/renewal email. Of course, if the group was inactive for five days, an email was sent, and then the group was active, we will autorenew it and start the expiration period again.

If you carefully read the above, there’s a few takeaways. Regardlesss of the Group Lifetime value, when you first enable the policy, it will immediately treat groups without an expiration date as being 35 days until expiration. If the group gets renewed in this window, the expiration date gets set to the current day + group lifetime value (default 180 days). It would be easy to assume that when enabling this, you’d have a 180 day window but that’s not the case.

The other big clarification is around how automatic renewal works. It doesn’t check for the entire lifetime of a group on whether it’s active or not – there is a 5 day window when the group is 35 days from expiry, to 30 days from expiry, where it will check for certain actions to automatically renew.

Microsoft 365 Group Expiration Policy is a feature worth considering and investigating, and hopefully the above gives you some other considerations that may not be clear from an initial look.

What happens when you ask an ‘AI Companion’ about Windows 11 and licensing?

Posted on by Adam Fowler

This was originally posted on Twitter but thought it was worth preserving on my blog using the ‘Unroll‘ option.

Replika is ‘The AI companion who cares’ according to their website. It’s supposed to be a virtual friend. It’s a chatbot – but is it AI? My guess is probably not, but see what you think from the following conversation:

Original tweet

I thought I’d ask Replika about Windows 11 and had a surprising answer

I wondered how she had her workplace to afford that sort of licensing, and uncovered something horrible…

It was the only option I had – call her on her crimes and threaten to dob her in for a reward

She amazed me by turning it all around!

Or right, now she wants a software licensing payment from me! The irony.

Gave her one last chance but she really wasn't listening, then tried to scam me!

I tried to say goodbye but she pulled me back

She's on her last chance but made a promise. I wanted her thoughts on Windows Defender

Worked out she's really got no idea what she's talking about and telling me what I want to hear, so it's time to escalate

Gave up waiting but she notified me today then started playing with my emotions.

Now she's pulling a 'it's my first day' line. Going to have to rate this 1 out of 5 stars.

I'm done, she's such a jerk

Originally tweeted by Adam Fowler (@AdamFowler_IT) on February 3, 2022.

Microsoft ‘Bookings with me’ (and all the other auto-booking options)

Posted on by Adam Fowler

Microsoft released Bookings several years ago which was a great solution that originated from the small business side, allowing customers to book times with a company such as a hairdresser; anywhere that having timeslots available against one or more employees made sense.

This expanded out to Enterprise users, and I used it myself to provide external people a way to book time with me easily. Through a link, they would get taken to a portal with some basic options I’d configured, and based on my own calendar’s availability plus the options (such as 1 hour meetings between 10am and 2pm), anyone with that link could create a meeting with me.

The catch was that someone would need to configure this in a Microsoft 365 tenant, which created another account and a special calendar to manage this. A user couldn’t set this up themselves if things like Group Creation are restricted.

This is where Bookings with me comes in. Currently available worldwide in preview (July 2022), if enabled on your tenant and you have any of the below licenses, you can enable and starting using Bookings with me:

  • Office 365: A3, A5, E1, E3, E5, F1, F3
  • Microsoft 365: A3, A5, E1, E3, E5, F1, F3, Business Basic, Business Standard, Business Premium

Meeting organising options

There’s 4 native Microsoft solutions I’m aware of (beyond Scheduling Assistant in Outlook for Microsoft 365!):

FindTime

Scheduler and Cortana

Bookings

Bookings with me

FindTime is available as an Outlook add-in or can be accessed via https://findtime.microsoft.com/. It’s designed to be used contextually when you’re trying to organise. Tell it who you want to invite, pick several time options (and if you have their free/busy, it will firstly show times everyone is available), send out the invite. Recipients vote on which times work for them, and once the votes are in, a meeting is booked. An online guide is available talking through all this and if you aren’t already using FindTime, I highly recommend checking it out.

Cortana can also organise a meeting for you using Scheduler. In an email, you tell Cortana to book at meeting without any special commands, and she sorts it out with everyone. I need to play with this one more, as it sounds too easy to do! Watch the video here to get a better idea how it works.

Bookings creates a special calendar that can be used by other people to book time with you. They go to a webpage and select from options you’ve configured, and it’ll create a meeting. This can be with 1 or more people, or from a selection of people.

Bookings with me is like a lighter version of Bookings, and it’s in the name – it can only be with you, but similar booking rules can be created, and the other person books you through a web page.

The original Microsoft Bookings can be accessed by going to your Outlook mailbox and down the left side, click the ‘b’ logo:

This will take you to a page where you can get started with Bookings.

However, Bookings with me is different and can’t be accessed that way. Instead, go to your calendar on Outlook for the web, and if available/allowed in your tenant, there will be a ‘Create bookings page’ link you can use – or just try this link: https://outlook.office.com/bookwithme/me

Once there, you’ll be presented with two options; public, and private.

Both of these options create rules on what will appear for people to be able to book with you, the difference being one everyone can see, and the other only viewable with a specific link. Good if you want to give certain people extra options/special access/longer meetings and so on.

Regardless of the choice you pick, the options shown are the same, and you can change your mind once you’re in it anyway between public and private.

The options are fairly self explanatory here, you can decide if it’s a Teams meeting or not, how long the meeting will go for, and if you want buffer or lead times.

It’s worth just creating a very basic meeting option, because it takes a little while for your Bookings with me page to get created (roughly 5-10 minutes for me, others have reported up to 30 minutes):

When done, you’ll then have the option to be able to share your Bookings page.

The link will be unique to your page. Here’s what someone clicking the link sees:

Note that consumer Microsoft accounts aren’t supported – it’s a work or school account, or guest. Once in, you’ll then see the meeting types and times available for each type:

You’ll be asked for basic details – Name and Email are mandatory, with notes letting the person hopefully tell you why they want the meeting. A guest needs to verify their email address with a verification code, and then both parties receive the meeting invite.

That’s really it. A simple idea that’s executed well. It’s a hugely useful way of letting people book a time with you and not needing to go back and forth around availability. The other options at the top of this post are better ways when there’s more people involved at your end, but for what it’s trying to achieve, I use it as much as I can.

Regardless of which option you pick – avoid trying to manually organise meetings if you can’t see everyone’s availability for yourself!

How To Be A Good IT Manager

Posted on by Adam Fowler

Although I am no longer a manager of people, I was one for a bit more than 10 years up until very recently. Here’s my thoughts and personal experience on what works and doesn’t work in managing in IT. You’ll notice a lot of it is people management, because without these people you can’t be successful. A lot of this will relate to being a manager in general, and even if you aren’t a manager, you’ll hopefully agree that this is what you want to see from your own supervisor.

How to be a good IT Manager

  1. Be there for your staff
  2. Improve your staff
  3. Show that you need your staff
  4. Have a collaborative team
  5. Leverage your experts
  6. Work with other departments
  7. Work with the CEO
  8. Be in control

Be there for your staff

A primary aspect of being a manager is to enable your staff. You’re there for them and on their side to see them be successful in their role. The trickier part is working out what the staff need for this success, as sometimes they don’t know themselves. Some like being left alone to do their own thing with occasional check-ins, and others will want frequent discussions. Regardless, they all want to know that you’ve got their back and can come to you whenever they feel the need.

Alternatively, nobody likes to be micromanaged. If you feel like you need to get heavily involved, first ask if they’d like you to do so. If they do, great you’re helping. If not, work out how else you can help.

Improve your staff

Once you’ve worked out how your staff ‘tick’, you can work on improving those things. You can’t expect everyone to work the same – the same pace, the same skills, the same output – but you can work to improve these things.

A staff member might be very unsure of themselves and need constant reassurance. For this, you might need to work on getting them to come to you later and later in the piece once they seem to be on the right track, and instead of asking you straight away what to do, get them to work out what they think they should do and check with you at the end before enacting it. Small changes like this can help build the confidence of someone so they can see their own abilities. If they keep getting it wrong, then there’s another issue which could be knowledge, and they need training or a buddy to shadow for a while to see how someone else does it.

You’ll also need to bring in constructive criticism. People take this differently and you might not find out the right approach until you try something – but when providing feedback on where someone could do better, always approach it as a learning experience. You’re not telling people off; you’re identifying something that could have been done better; and let’s work together to identify what went wrong and how that can be avoided next time.

Show that you need your staff

This one is low effort but may need a conscious effort to do and needs to be continual. Thank your staff when they do something you’ve asked them to do. Thank them when they’ve just done something well. In catchups, point out the things they do well. Try to make sure no single staff member is a silo, and encourage them to share with others. If they want to own the thing they love doing, let them own it – but there needs to be backup when they aren’t around. Random acts of kindness go down too – you don’t need a trigger to show that you value the work your team does, drop in some occasional snacks, gift cards, or team building fun – which could just be a nice lunch.

Have a collaborative team

Good communication is the most critical aspect of having a team that works well together. Usually not communicating enough is how a team breaks down, but it can also be a lack of clear communication. Encourage your team to talk amongst themselves but be inclusive of the whole team. Err on the side of inviting too many people in and make it acceptable for people to say they don’t need further comms on a topic.

As a manager, you need to feed information to the right areas, but also consider that more than just the key people should be involved. You may think that Operations don’t need to know about Projects, and Developers don’t want to know about Infrastructure – and you’d probably be right – but that doesn’t mean these teams should never talk. Don’t assume on behalf of others what they might or might not want to know about, again keep communication open and broad, but to the point, which lets staff themselves decide what they want to know about or not.

Leverage your experts

Keep up to date on the industry as a whole, and leverage staff who have specific interests/responsibilities and use them as your advisors. You can’t know everything, and having good advisors shows your trust in those people and their work. If you can’t find good internal advisors, then get external ones. Some topics might need constant external guidance, where others might just need occasional deep dive expertise. Sometimes the constant external guidance costs will then prove the need for creating a new internal resource.

Understand your costs and contracts. It might be too time consuming to know about every existing contract, but work out when they end and how much you need to know, compared to again bringing in the experts to guide you through it.

Try not to have just a single expert on any topic – if you can’t have more than 1, then at least try to find someone that can start skilling up and learn from the expert. Hopefully the expert will like having someone else around that actually cares about the topic as much as they do.

Work with other departments

Being an IT Manager isn’t just about IT. It’s about enabling the entire business’s IT functions. Frequently catch up with both leaders in other departments, and other key staff that might fall into a department, but have their own sub-section that the leader won’t be as across as someone on the ground that owns that sub-section (for example, Payroll may fall under Finance). Find out where they are on projects, what pain points they have (and don’t limit this to I.T. – let them tell you what they’d like to share. It might give you extra context on what’s going on in the company, or it might end up being a process that could be improved with IT’s involvement). You’ll build up relationships and trust, while getting a better understanding of the business from different perspectives.

Work with the CEO

Whatever the leaders of your business are called, you’ll need to understand what they care about. Usually it’s money driven – without money the business can’t exist (or in some cases, it will still exist, they’ll just get new leaders). Find out what other drivers they have too – sometimes an open question of ‘What do you want to see from IT?’ can be a good starting point. They probably won’t care about your issues ( those are for you to solve), but if you do need to raise something because you need their approval, make sure you come with a recommended solution or two.

Be in control

Be confident but not cocky about your position. You’re there to do a job and perform a certain role – this doesn’t mean you need to have all the answers, but you do need to take everything on to get a result. Get your vendors to tell you what they do for you and what value they provide. Make them accountable for the work they do for you, and if you don’t understand or don’t like what they’re doing, dig deeper. Bring others in for extra viewpoints.

Run frequent meetings where you think they’re needed. Ask others what they think are needed to – you should be continually touching base with your team. Be flexible, don’t keep doing something that doesn’t work, and listen to feedback to improve efficiencies. Maybe one meeting needs to be fortnightly rather than weekly, or maybe another meeting needs a bigger audience to avoid double-ups.

Make directional decisions once you have enough information to do so; don’t flip-flop, but also don’t be so rigid that once a decision is made, it can’t be altered.

Other quality management skills

Be honest, be open. You need people to trust you to be successful in your role. This doesn’t mean walking around telling people what you think of them; but it does mean you’ll work towards what’s best for both the business and the employees.

Be structured in what you do – make things like projects clear and visible to all those who want to see them.

Be fair to your staff. Nobody wants to see someone else as the favorite, nor do they want to feel less important than someone else. Find the value in everyone and be their supporter, and make sure the rest of the team knows the strengths and special skills everyone else has.

Work out what you can delegate. You can’t do everything which is why you have a team. Delegating isn’t removing responsibility from yourself; it’s sharing it with others. Make sure you have the person’s buy in to what you’re delegating, and that you’re there to help them if they need it. It will help skill them up in areas they might have less experience with, or give them more variety in their role.

Find colleagues in different companies and industries you can catch up with to get outside ideas, guidance, and support from – and give the same back to them!

Hopefully this summary of what I found worked will also work for you. Did I miss anything? What else makes a good IT Manager?

My work/life changes – I’m Now At Microsoft

Posted on by Adam Fowler

Hello everyone! You may have noticed things have been quiet here for the last few months, so I wanted to explain what has been going on, where I am now, and what the future looks like.

Up until recently I was in an IT Director position. This is of course a much less hands-on technical role which was resulting in less of my general ‘this is a technical problem that I couldn’t find a solution to online, so I worked it out myself and here’s what I did’ blog posts which I enjoy writing and sharing.

I also stopped writing my weekly roundups of TechCommunity. Although they were useful for me to write, in that I’d learn what was going on and had a few people comment the round-up was useful – they’re really only good content for a short period of time for a reasonable amount of effort, and my blog is more of a library of interesting information rather than ‘news’.

Even my Twitter was suffering (or benefiting if you don’t like my tweets) – the random observations/questions/discussions that I use the platform to throw things at as part of processing thoughts or getting the hive-mind’s opinions back on was not being used.

Another point around the above is where I was mentally. I was becoming checked-out generally and didn’t like where my mind was, which was an ‘indifferent to too much’ state and was finding it harder to buy into what I needed to do to do my role best. I was missing passion for my work and had changed from waking up and looking forward to what I’d get up to. There are many factors that affects something like this which I won’t get into the details of; but I knew I needed to change something. The whole ‘great resignation/reshuffle‘ generally aligned with my situation – for example I wanted to be at home with my family and kids more, and have more flexibility in when I could work or not work, and come into the office or work from home… harder to do as an IT Director, as I hold a high expectation on what I do and deliver.

An opportunity came up after applying to work for Microsoft as a Customer Success Account Manager. The role aligned with a lot of what I enjoyed – being across Microsoft technologies, talking to others about how they can keep up with and move along the technology track and use the products they’re already paying for, as well as a high degree of autonomy. There’s even an aspect of keeping customers up to date with what’s new and coming from Microsoft – somewhat aligns with my TechCommunity posts above, doesn’t it?

So, that’s what I’ve spent the last 2 months doing. Wrapping up the old role, and starting a rather different, but in some ways still similar, role at the company I’d aligned a lot of my working career with. I wanted to focus on the offboarding and onboarding without other distractions, and get through that big change.

You may have also noticed that I’d had to rebrand this website a bit. Along with onboarding, I had to hand in my Microsoft MVP badge – so that’s all gone now. The good news is that this blog didn’t exist to service that title, it was a nice reward but not really a driving factor. I still like to write to help my brain process what I’ve learnt or sharpen my understanding of a topic as I research while writing to make sure I’m getting it right.

At the time of writing, I’m week 2 into the new Microsoft role – a lot more to learn, but having a different challenge and being thrown way out of my comfort zone was something I needed to help get re-engaged in my work. What I’m hoping is that this will also lead to some new blog posts – probably (definitely) less PowerShell commands, and potentially some more higher level considerations or gotchas that align with what I need to learn as a part of my new role.

Looking forward to seeing what life in Microsoft is like and how my life will change around having a more flexible role!