Active Directory Groups

Utkarsh Sharma 21 Reputation points
2020-11-12T06:51:18.77+00:00

Hi,

I am trying to find a way to manage my Azure AD groups. There seem to exist a lot of unused groups, but no way to organize them properly.

Kindly help.

Microsoft Security | Microsoft Entra | Microsoft Entra ID
{count} votes

Accepted answer
  1. soumi-MSFT 11,831 Reputation points Microsoft Employee Moderator
    2020-11-12T12:56:00.207+00:00

    Hello @Utkarsh Sharma , you can set the auto-expiration and auto-renewals for Microsoft 365 groups in Azure AD using the expiration policies. You can read more on that here: https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-lifecycle

    But for other types of groups like the groups which are synced from On-Prem to Azure AD or Security Groups in Azure AD, there is no automated way to figure out when these groups were last used, as there is no such attribute in Azure AD that holds that information, unlike users where they have the lastLogonTime set.

    The other way that I can think of is churning the Azure AD Audit logs for the groups and figure filtering them with the specified time limit of your desire and then creating a list from that of the group names. Then you can create a PS script to delete those unwanted groups.

    You can try the following cmdlet to list down the groups from Azure AD Audit logs: Get-AzureADAuditDirectoryLogs -Filter "category eq 'GroupManagement' and activityDateTime lt 2020-11-10"

    Hope this helps.

    Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as an Answer; if the above response helped in answering your query.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.