Master Microsoft Entra ID Groups - Manage Deletion, Settings, Expiration, Naming Policy & Audit Logs. Learn how to effectively manage and secure your Microsoft Entra ID Groups (formerly Azure AD Groups). This complete guide covers group deletion, general settings configuration, group expiration and naming policies, and how to monitor group activities using audit logs. Perfect for IT admins and cloud security professionals managing Entra ID environments. Chapter 1: Introduction to Microsoft Entra ID Groups Overview of Entra ID Groups and their types (Security, Microsoft 365) Role of groups in access management and resource allocation Importance of governance and automation Chapter 2: Understanding Group General Settings Location: Microsoft Entra Admin Center → Groups → General Settings Configure: Group creation permissions Guest user permissions Group join/leave settings Self-service group management PowerShell / Graph API examples for modifying general settings Best practices for governance Chapter 3: Group Expiration Policy What is a Group Expiration Policy Configuring expiration policies in Entra ID Default expiration duration (180, 365, or custom days) Renewal notifications to group owners Action when group expires (soft delete → permanent delete) PowerShell & Graph API examples: Set-AzureADMSGroupLifecyclePolicy New-MgGroupLifecyclePolicy How to restore expired groups before permanent deletion Integration with Access Reviews and Lifecycle management Chapter 4: Group Naming Policy Purpose of naming policies for consistency & compliance Enforcing prefix/suffix in group names Blocking restricted words in group names Example: Dept-GroupName-IND How to create and apply naming policies using: Entra admin portal PowerShell (Set-AzureADDirectorySetting) Real-world use case: Preventing duplicates and misidentification Chapter 5: Deleting Microsoft Entra ID Groups Types of deletion: Manual deletion Automatic deletion (via expiration) Step-by-step deletion process in Entra Portal How to restore soft-deleted groups (within 30 days) Permanent deletion (Graph API / PowerShell) Remove-MgGroup Governance recommendation: Enable group lifecycle policy and audit alerts Chapter 6: Monitoring and Logging View Audit Logs for group activities in: Microsoft Entra Admin Center → Monitoring → Audit Logs Log Analytics / Sentinel Integration Log types: Group Created / Deleted Group Updated (policy, membership changes) Expiration / Renewal events How to filter logs: By Activity: “Delete group”, “Update group settings”, “Add member to group” By Initiated By: User / System / API Exporting logs: To CSV To Sentinel (for SIEM correlation) PowerShell Example: Get-MgAuditLogDirectoryAudit -Filter "activityDisplayName eq 'Delete group'" Setting alerts for group-related changes via Microsoft Defender for Cloud Apps (MCAS) or Log Analytics Chapter 7: Best Practices & Recommendations Use dynamic groups to automate membership Always assign ownership for governance Implement naming and expiration policies together Enable audit log retention (90–365 days or more via Log Analytics) Regularly review group memberships and access Chapter 8: Summary and Next Steps Recap of key settings and policies Suggested automation via Graph API / PowerShell Link to related guides: Master Azure Entra ID Dynamic Groups Troubleshooting SSO in Entra ID Entra Conditional Access Policy Deep Dive #azureentraid #microsoftentraid #azuread #identitymanagement #ssprotiva #azuretutorialforbeginners #CloudIdentity #azureadmin #microsoft365 #itadmin #azurelearning #BulkUserUpload #AzurePasswordReset #cloudknowledge #azuread #aws #cloudsecurity #IAM #CloudComputing #DevOps #AzureAD #cloudtutorials