Azure AD Group expiration should allow exclude groups rather than include groups
Currently the Azure AD group expiration is set to All/Include some/None. So if I dont want to include all, I have to constantly go and add new groups to the include list.
Having the ability to exclude would be much more admin friendly.
The product team is aware of this feature request. Though it's not planned in the short-term, it is being tracked in our backlog as a priority item.
Eric VanDerEems commented
This is absolutely nessesary if we are supposed to manage the expiration of new groups without having to extend old groups every time the expiration period is up
Absolutely. I want to enumerate the IT controlled groups/non-expiring groups and give the business the ability to create groups that expire ad hoc. This seems to me to be intuitive.
Kevin Pedersen commented
The current model for managing group expiration is flawed.
Current expiration policy only allows for either:
* All groups expire (no exceptions).
* Specified groups expire.
The "All" policy needs to allow for exceptions. In other words, we need to be able to set all groups to expire, except a specified list of permanent groups.
The current model is flawed because user-created, ad-hoc groups are those that would be more likely to expire, but those group owners would never have admin capability to set expiration. Conversely, administrator-created groups are more likely to be permanent, but there is no way to keep them from expiring without disabling expiration altogether.
Landon Beard commented
Agreed - would prefer the ability to statically exclude certain groups from expiration, and then let all other Office 365 groups be affected by policy.
can't believe this isn't already part of the features.