Restore Deleted Groups from Intune!
We all have been there, the situation where an Entra ID group was accidentally removed. Not an ideal situation, Intune is based upon group assignment and those assignments won't work when there isn't a group attached. But there is something new out there, Soft Deleted Groups. This now supports cloud based security groups. Read on to find out more.
Deleted Groups from the Intune Portal
In the November release update of last year (Service release 2511) Microsoft has announced the feature that Soft-deleted Microsoft Entra groups are now visible in Intune portal.. You can find these groups in the Intune console in the groups node, from there you can find the deleted groups
From the Intune Console headover to:
1. Groups ==> 2. Deleted Groups
Restore Deleted Group
When there is a group deleted we can restore this groups from the same node by selecting the group. We can now select the option to restore or permanently delete the group. When we restore the group it will also restore the assignments and the membership belonging to this group. When a group is deleted is will remain in the soft deleted group section for 30 days. After these 30 days the groups is permanently deleted. It's like a recycle bin 😁.
Find out that a group was deleted - Console
The steps above assume that you are aware that a group was deleted, you accidentally removed the group or you where informed about it. But how can you found out if a group was deleted? You can see when a group was deleted by the status collum in the Intune console, see the images below. The groups status was changed from active to soft deleted.
Find out that a group was deleted - MS Graph
Great to see that we can see from the console if a group was deleted, it still requires a awareness , you must see the status change, these are easily looked over. The easily find out if there a soft deleted groups we can also make use of Microsoft Graph. To find the correct command we can make use of the Graph X-Ray extension. If you don't know this extension, be sure to check it out, see documentation below for more information about this extension.
The extension shows we need to use the Get-MgBetaDirectoryDeletedItemAsGroup command.
From Powershell import the module Microsoft.Graph.Beta.Identity.DirectoryManagement and connect to Graph. We can see the deleted group.
We can also use the Get-BetaDirectoryDeletedItemAsGroup as command, it makes no difference.
We can make us of the command Restore-MgDirectoryDeletedItem to restore the group.
Recap
This feature now allows us to restore soft-deleted security Entra ID groups. This is a handy backup if a group is accidentally deleted. It's great that the group assignments are also restored. If you're not aware of the current assignments, you can use the available community tools to view them.