Home
PowerShell
New-MgGroupLifecyclePolicy

How to create Microsoft Entra ID group life cycle policies using New-MgGroupLifecyclePolicy

Creating new Microsoft Entra ID group life cycle policies

Microsoft Entra ID group life cycle policies are crucial for automating group expiration, renewal, and cleanup, helping organizations maintain an organized and secure directory. IT administrators often need to create these policies to enforce governance and prevent inactive groups from cluttering the system. While the New-MgGroupLifecyclePolicy PowerShell command in Microsoft Graph allows admins to create life cycle policies, it requires complicated scripts and manual efforts.

Create Microsoft Entra ID group life cycle policy using Microsoft Graph PowerShell

Prerequisites

Before running the New-MgGroupLifecyclePolicy cmdlet, ensure the following requirements are met:

The Microsoft Graph PowerShell module is installed. If it’s not installed, use the following command:
Install-Module Microsoft.Graph -Scope CurrentUser
Connect to Microsoft Graph PowerShell with the necessary permissions to read group details:
Connect-MgGraph -Scopes "Group.Read.All"

Using the New-MgGroupLifecyclePolicy cmdlet to create Microsoft Entra ID group life cycle policy

Use the New-MgGroupLifecyclePolicy cmdlet in Microsoft Graph PowerShell to create new life cycle policies for Microsoft Entra ID groups. The syntax is as follows:


                                    New-MgGroupLifecyclePolicy 

                                    [-ResponseHeadersVariable <String>] 

                                    [-AdditionalProperties <Hashtable>] 

                                    [-AlternateNotificationEmails <String>] 

                                    [-GroupLifetimeInDays <Int32>] 

                                    [- Id <String>] 

                                    [-ManagedGroupTypes <String>] 

                                    [-Headers <IDictionary>] 

                                    [-ProgressAction <ActionPreference>] 

                                    [-WhatIf] 

                                    [-Confirm] 

                                    ;CommonParameters>]

Example use case and script using the New-MgGroupLifecyclePolicy cmdlet

Example: Create a life cycle policy for a Microsoft Entra ID group


                                    $params = @{ 

                                        groupLifetimeInDays = 100 

                                        managedGroupTypes = "Selected" 

                                        alternateNotificationEmails = "admin@contoso.com" 

                                    } 

                                    

                                    New-MgGroupLifecyclePolicy -BodyParameter $params

Supported parameters

The table below lists key parameters that can be used with the New-MgGroupLifecyclePolicy cmdlet to create Microsoft Entra ID group life cycle policies.

Parameters	Description
-AdditionalProperties	This specifies the additional parameters.
-AlternateNotificationEmails	This lists the email addresses for notifying groups without owners.
-GroupId	This is the unique identifier of the group.
-GroupLifetimeInDays	This shows the number of days before a group expires and needs to be renewed.
-Confirm	This prompts you to confirm before running the cmdlet.

Challenges of using Graph PowerShell scripts to create Microsoft Entra ID group life cycle policies

If Microsoft Graph experiences downtime or service issues, scripts relying on real-time API calls may fail.
Microsoft limits API requests, which can disrupt bulk operations and will require retries.
The Microsoft Graph API frequently changes, which can break existing scripts and require ongoing maintenance.
IT admins must switch from Azure AD PowerShell to Microsoft Graph PowerShell, which requires PowerShell scripting skills.

Why use ADManager Plus for management and reporting

ADManager Plus provides an intuitive GUI to manage Microsoft Entra ID, removing the need for PowerShell scripting.
Assign specific administrative tasks to help desk staff without giving full admin rights.
Use scheduled tasks and approval-based workflows to streamline user provisioning and modifications.
Manage group memberships, licenses, and permissions without dealing with PowerShell complexities.
Handle multiple organizational objects at once using CSV imports and customizable templates.

Discover how ADManager Plus simplifies Microsoft Entra ID group management.

Try it now for free

Creating new Microsoft Entra ID group life cycle policies
Create Microsoft Entra ID group life cycle policy using Microsoft Graph PowerShell
Challenges of using Graph PowerShell scripts to create Microsoft Entra ID life cycle policies
Why use ADManager Plus for management and reporting

Related features:

Related Powershell Guides: