Create Groups for User1, User2, and User3
Question
You have a Microsoft 365 tenant and an Azure Active Directory (Azure AD) tenant named contoso.com.
You plan to grant three users named User1, User2, and User3 access to a temporary Microsoft SharePoint document library named Library1.
You need to create groups for the users. The solution must ensure that the groups are deleted automatically after 180 days.
Which two groups should you create? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D. E.AC
You can set expiration policy only for Office 365 groups in Azure Active Directory (Azure AD).
Note: With the increase in usage of Office 365 Groups, administrators and users need a way to clean up unused groups. Expiration policies can help remove inactive groups from the system and make things cleaner.
When a group expires, all of its associated services (the mailbox, Planner, SharePoint site, etc.) are also deleted.
You can set up a rule for dynamic membership on security groups or Office 365 groups.
Incorrect Answers:
B, D, E: You can set expiration policy only for Office 365 groups in Azure Active Directory (Azure AD).
https://docs.microsoft.com/en-us/office365/admin/create-groups/office-365-groups-expiration-policy?view=o365-worldwideTo grant access to the temporary SharePoint document library, we need to create groups for the users. Since we need to delete these groups automatically after 180 days, we can use dynamic groups. Dynamic groups are created based on a defined set of rules and are automatically updated as users or devices meet the defined criteria.
In this scenario, we need to create two groups for the three users, User1, User2, and User3. The groups should be deleted automatically after 180 days.
The two groups we should create are:
C. a Microsoft 365 group that uses the Dynamic User membership type D. a Security group that uses the Dynamic User membership type
Here's why:
Option A is incorrect because a Microsoft 365 group that uses the Assigned membership type is not dynamic. This means that we would need to manually add and remove users from the group, which is not ideal if we want the group to be automatically deleted after 180 days.
Option B is also incorrect because a security group that uses the Assigned membership type is not dynamic. Again, this means that we would need to manually add and remove users from the group, which is not ideal if we want the group to be automatically deleted after 180 days.
Option E is incorrect because a security group that uses the Dynamic Device membership type is not applicable in this scenario. We need to grant access to users, not devices.
Option C is correct because a Microsoft 365 group that uses the Dynamic User membership type is dynamic and automatically updates based on a set of defined rules. We can define a rule that includes the three users, User1, User2, and User3, and any user who meets this criteria will be automatically added to the group. This group will be automatically deleted after 180 days, which meets our requirements.
Option D is also correct because a security group that uses the Dynamic User membership type is dynamic and automatically updates based on a set of defined rules. We can define a rule that includes the three users, User1, User2, and User3, and any user who meets this criteria will be automatically added to the group. This group will be automatically deleted after 180 days, which meets our requirements.
In summary, we should create a Microsoft 365 group that uses the Dynamic User membership type and a Security group that uses the Dynamic User membership type. These groups will automatically update based on a defined set of rules and will be deleted after 180 days.
