365 Group Deletion Policy
Currently an Owner of a group can delete that group - I'm aware soft-deletion is coming, but ideally we want to be able to stop users from deleting groups entirely. An Azure policy to specify who can delete groups would put power back with the IT Dept. This will allow us to empower users, but without the risk of them deleting groups and the content getting past the retention period and being permanently lost.
Microsoft 365 Groups now supports soft deletion, integrates with retention policies applied to Exchange and SharePoint, includes verbose messages that deleting assets like a site or plan will delete ALL resources, and also provides access to deleted groups via the Groups Hub in Outlook. Group owners have the option to restore their deleted groups without having to escalate to the IT Admin. We think this will help address the majority of the feedback in this User Voice request! Thank you!
This does NOT address if your organization is using Teams Voice with auto attendants and call queues. We need a way to prevent a group from being deleted as everyone must be a owner in order to be able to delete voicemails from the group. Which is the way that microsoft recommends you do for setting up call queues and auto attendants
Maybe if we can have a way to have status of Sub-Owner that will have almost the same access as an Owner without the access to DELETE the Group?
P D commented
I would expect that as a minimum deleting a group would require Site Collection Administration rights, or should be a SCA Option or Feature that can decide if Owners are allowed to delete Groups.
Jonathan Herschel commented
We have too many instances where owners delete groups and their site gets deleted, can there be a BIG message that their Site will be deleted and or send an email to admins?
Being able to prevent owners from deleting a group would solve many unwanted situations where admins have to restore deleted Class groups.
Additionally, if this were also possible for security groups, it would be a solution to delegate temporary exclusion from Conditional Access / MFA by means of group membership, without the risk that a group owner of the group deletes it.
Mike Ramsay commented
At the very least, when a Group Owner who does not hold an Admin Role that has access to create Groups deletes their group, it should trigger a request process that must be approved by a user with the requisite admin role assigned.
This is a major issue that is causing real-world impact in an organization focused on Search and Rescue. This issue could have a legitimate impact on human life, as Teams tied to O365 Groups are used to coordinate real-world missions and run virtual Incident Command Posts.
Microsoft, please, address this immediately.
Yes. Either this or at a minimum don't let an owner delete a Team. In the Edu setup all teachers are team owners. The problem is that Teachers make mistakes. They should not be able to delete a class by a one click mistake. Deleting should be an administrative decision.
Omg, yes, I need this! I am looking at a weird issue where a user couldn't access her departments SharePoint site any longer. Turns out she deleted the entire O365 Group associated with her department! Likely when she was trying to set up Teams and deleted a Team that, I think, she thought she didn't need any more. I still don't understand how it is so easy for a user to just completely delete the role group for her department that way. Using RBAC becomes a nightmare if I can't secure certain groups from accidental deletion or limiting that 'power' to the IT department who actually know what the F they're doing!
Here is perhaps a slightly different way of doing this. As a global admin I would create a "permanent" 365 group. Then I assign group owners who can manage group but cant delete. Owners can invite guests and make changes. If owner needs a group deleted they would request such. In place of delete group possibly it would say request deletion or something.
In my context most all our groups are intended to be permanent with owners and guests changing annually.
Prevent accidental deletion on groups should be an option
I agree there is a gap here. It's great to be able to control who can create groups. It's also great that we can set an expiration policy. What's probably more critical than either of those is who can manually delete a group. Due to the potential consequences of deleting a group and the ease in which a group owner can do it...is pretty freighting! Let's say there is a group that has existed for a couple years and it is linked to Teams. One of the owners decides the team is no longer needed and just deletes it. Then a month later they decide to go to the SharePoint site to retrieve files...no mas. I don't think your average user understands all the relationships there so there should be the most control around deletion even more so than creation.
Since switching to Microsoft Teams our SP Teamsite owners are able to create teams based on their Sharepoint TeamSite. They decided they don't need the Team and delete it which allows them to delete the group which kills their access to their SharePoint teamsite. This needs to be fixed somehow.
Deletion of the group should be with the administrator not the with the site owner
Mergim Esati commented
I can't believe we're seriously discussing about whether or not this should be a feature in Office 365...
Come on, Microsoft, we're in 2019. We've seen plenty of incredible stories: Moon landing, we can cure many diseases and all that stuff, but we can't prohibit users from deleting their groups. Say what?
We just had an issue where one of our users deleted 3 of our groups after switching to a different department, thinking they were leaving the team. Either this, or separate locations for the delete option to prevent these accidents would've been greatly beneficial.
To complement this we would also like to be able to choose whether teachers (owners) are allowed or not allowed to manually add students (members) to Teams for Education when using Microsoft School Data Sync.
Obviously this should be a feature from the get go. If you allow any user to create groups - so that they have freedom to collaborate and create organic and innovative ways to do so - you cannot let them just create a group, work in it, and then destroy it's existance.
This is a MUST for any business implementation and not only should be able to be blocked at the tenant level, it should be configurable at the user level.
So that you can specify by group whether it can or cannot be deleted AND by user, who can or cannot delete his own groups.
We have been limiting our users to Exchange Online, Skype for Business, SharePoint, and OneDrive for almost 2 years while we wait for this important governance feature to be implemented. Even with the Retention policy capabilities for Groups and Teams, there is still important data that becomes unrecoverable when an Office 365 Group is deleted.
We can consider adopting Groups and Teams within our enterprise when either (A) Office 365 Groups can be fully recovered for up to 7 years or (B) deletion of Office 365 Groups can be restricted to administrators.
This is preventing our full adoption - from a business perspective, we need to manage the information life-cycle by controlling the 'archiving' and retention and final deletion. Without this control - we are unable to give users the Owner permissions which means the whole thing has to be mediated by IT and that defeats the purpose.
Surprised this isn't at the top of the list!
Daniel B commented
We may want to delegate managing the members of a department group without giving rights to delete the group. As a first step a tenant wide setting to control whether owners can delete groups, or just admins, would be a good start. In a second step this should be something that can be set per group. It makes sense in a agile environment where users can create groups for their initiatives or projects, but for some groups it needs to be managed more strictly.