← Back
Microsoft Entra: Soft deletion and restoration for cloud security groups
MC1183299 · build prod-20251231-200323
Category
stayInformed
Severity
normal
Major change
False
Last modified
2025-11-06 00:20:24
Summary source
Azure OpenAI (gpt-4.1)
Action by (Graph)
Action by (AI)
2026-02-25 00:00:00
Services
Microsoft Entra
Tags
New feature, User impact, Admin impact
Master tags
Security
Roadmap IDs

One-line summary

Microsoft Entra adds soft deletion for cloud security groups, allowing restoration within 30 days to recover settings, ownership, and membership, reducing rebuild needs after accidental or malicious deletion.

Similar updates

More like this
MC1187848 Microsoft 365 Apps admin center: Enhanced rollback capabilities in Cloud Update (public preview)
Microsoft 365 Apps admin center: Enhanced rollback capabilities in Cloud Update (public preview) Enhanced rollback in Cloud Update lets admins roll back Microsoft 365 Apps updates by device, group, or all devices via the Apps admin center, improving flexibility and control. Introduction We’re excited to announce new enhancements to the rollback.
MC1083986 Announcing Windows Backup for Organizations
Announcing Windows Backup for Organizations Windows Backup for Organizations is now in limited public preview, enabling backup and restore of Windows 10/11 settings to ease migration before Windows 10 support ends on October 14, 2025. ...Check your eligibility to back up settings:  Microsoft Entra hybrid joined or Microsoft Entra joined devices .
MC1181769 Microsoft Purview: Integration with Entra GSA Internet Access to enable sensitive file filtering at the network layer
Microsoft Purview: Integration with Entra GSA Internet Access to enable sensitive file filtering at the network layer Public preview of Purview DLP integration with Entra Global Secure Access enables network-layer inspection and enforcement to protect sensitive files from being shared with unmanaged cloud apps. ...e files in transit, we're.
MC1187672 Get ready for security agents: Microsoft Security Copilot will be included in Microsoft 365 E5
Get ready for security agents: Microsoft Security Copilot will be included in Microsoft 365 E5 Security Copilot with new AI agents is now included at no extra cost for Microso... Introduction: Microsoft Security Copilot agents are directly built into the flow of work for security teams in Microsoft Defender, Microsoft Entra, Microsoft Intune and.
MC1156361 Update: Rollout of the Microsoft Entra ID Free subscription
...ee subscription Microsoft Entra ID Free, a no-cost subscription for tenant ownership tracking, will appear in billing sections starting rollout in early to mid-October; noWe’re pleased to announce the rollout of the Microsoft Entra ID Free subscription, an initiative designed to enhance Microsoft’s service offerings and improve your experience.
MC1198077 Microsoft Entra: Cross-tenant security group synchronization
Microsoft Entra: Cross-tenant security group synchronization Microsoft Entra introduces cross-tenant security group synchronization, enabling centralized management and shared access across tenants. Public Preview starts late January 2026; general availability in late April 2026. We’re introducing cross-tenant group synchronization , a new.

Details

Summary
Microsoft Entra introduces soft deletion and restoration for cloud security groups, allowing recovery within 30 days while preserving settings, ownership, and membership. Rollout begins in late October 2025 (preview) and February 2026 (general availability). Deleted groups remove access until restored; audit logs track actions.

Body (from Message Center)

To help organizations recover from accidental or malicious deletions, Microsoft Entra is introducing soft deletion and restoration for cloud security groups. This feature allows deleted groups to be restored within 30 days, preserving their settings, ownership, and membership—reducing the need to rebuild access models from scratch.

[When this will happen:]

  • Public preview: Rollout began in late in October 2025 and is expected to complete by early November 2025.
  • General availability (Worldwide): Rollout begins in late February 2026 and is expected to complete by early March 2026.

[How this affects your organization:]

Who is affected:

  • Admins managing Microsoft Entra cloud security groups.
  • Users whose access is governed by security groups.

What will happen:

  • Deleted cloud security groups will enter a soft deleted state and appear in the Deleted groups blade.
  • During soft deletion:
    • Access granted via the group is removed.
    • The group is restorable for up to 30 days.
  • After 30 days, the group is permanently deleted.
  • Restoration recovers:
    • Group properties (name, description, type)
    • Settings (roles, policies)
    • Ownership and membership (assigned and dynamic)
  • Admin tools supported:
    • Microsoft Entra admin center
    • Microsoft Graph
    • PowerShell
  • Audit logs will capture deletion, restoration, and hard delete actions.
  • Users lose access via the group during soft deletion; restoring the group reapplies access based on the group’s previous configuration.
  • If a resource (for example, a SharePoint site, app, or policy scope) is protected by a soft deleted group, affected users immediately lose access via that group. If users had direct or alternate access paths, those remain unchanged.

[What you can do to prepare:]

  • Identify critical groups:
    • Inventory and tag critical security groups that gate access to sensitive resources.
  • Update admin runbooks:
    • Add steps to restore a deleted group before attempting to rebuild it.
  • Test in a pilot (after preview reaches your tenant):
    • Create a test security group, grant it access to a nonproduction resource, soft delete, validate access removal, then restore and confirm access returns as expected
    • If you automate group management, validate your automation handles soft deleted objects and does not immediately hard delete them.
  • Communicate to helpdesk and resource owners:
    • Create guidelines on how to check deleted groups, how to restore, and when to escalate before recreating a group.

Learn more:

MS Graph documentation:

[Compliance considerations:]

No compliance considerations identified, review as appropriate for your organization.

Raw JSON (for debugging)

Expand/collapse the full payload below.
Show/hide raw 
{
  "snapshot_item": {
    "action_required_by": null,
    "ai_action_required_by": "2026-02-25T00:00:00Z",
    "ai_actions": [
      "Inventory and tag critical security groups",
      "Update admin runbooks for group restoration",
      "Test soft deletion and restoration in pilot",
      "Validate automation handles soft deleted groups",
      "Communicate restoration guidelines to helpdesk"
    ],
    "ai_master_tags": [
      "Security"
    ],
    "ai_model": "gpt-4.1",
    "ai_summary": "Microsoft Entra adds soft deletion for cloud security groups, allowing restoration within 30 days to recover settings, ownership, and membership, reducing rebuild needs after accidental or malicious deletion.",
    "ai_topics": [
      "Entra"
    ],
    "category": "stayInformed",
    "details_map": {
      "Summary": "Microsoft Entra introduces soft deletion and restoration for cloud security groups, allowing recovery within 30 days while preserving settings, ownership, and membership. Rollout begins in late October 2025 (preview) and February 2026 (general availability). Deleted groups remove access until restored; audit logs track actions."
    },
    "id": "MC1183299",
    "importance": 3,
    "is_major_change": false,
    "last_modified": "2025-11-06T00:20:24Z",
    "ms_products": [
      "Entra"
    ],
    "platforms": null,
    "roadmap_ids": [],
    "services": [
      "Microsoft Entra"
    ],
    "severity": "normal",
    "tags": [
      "New feature",
      "User impact",
      "Admin impact"
    ],
    "title": "Microsoft Entra: Soft deletion and restoration for cloud security groups"
  }
}