Cloud security groups in Microsoft Entra help manage user access to apps, resources, and permissions across organizations. Accidentally or maliciously deleting a critical group can disrupt access for multiple users and applications, creating potential security and productivity issues.

Previously, soft deletion and restore functionality in Entra only applied to Microsoft 365 Groups and didn’t cover security groups—leaving critical security groups unrecoverable if accidentally deleted.

Microsoft Entra now introduces soft deletion & restoration for cloud security groups, giving admins a flexible option to recover deleted groups.

Rollout Timeline

  • Public Preview: Late October 2025 → Early November 2025
  • General Availability: Late February 2026 → Early March 2026

How Soft Deletion Works for Cloud Security Groups

When a cloud security group is deleted:

  • It moves to the Deleted groups blade instead of being permanently removed. To access it, navigate to Microsoft Entra Admin Center → Groups → Deleted groups
Microsoft Entra Soft deletion & restoration of cloud security groups
  • Group members lose access to the group immediately.
  • The deleted group remains in a recoverable state for 30 days.

Note: After 30 days, the group is permanently deleted. All deletion, restoration, and hard delete actions are tracked in audit logs, giving admins full visibility.

How to Restore Cloud Security Groups

To restore a deleted cloud security group,

  1. Go to Microsoft Entra Admin Center → Groups → Deleted groups.
  2. Locate and select the deleted security group you want to recover.
  3. Click Restore group.

Restoring a cloud security group recovers:

  • Group properties (name, description, type)
  • Settings (roles, policies)
  • Ownership and membership (assigned and dynamic members)

Key Admin Considerations

When a Cloud Security Group Is Deleted

  • Users lose access to linked resources like Teams, SharePoint sites, and apps.
  • Alternate access paths remain intact, ensuring minimal disruption if users have other permissions.
  • Any automation, scripts, or workflows that manage groups should be reviewed and updated to handle soft-deleted objects, rather than hard-deleting them automatically.
  • Admins can manage deleted groups using Microsoft Entra admin center, Microsoft Graph, and PowerShell.

When a Cloud Security Group Is Restored

  • Restoring the group reapplies access to resources based on its previous configuration.
  • It also restores permissions for all assigned users and applications, bringing access back to its original state.

Therefore, soft deletion in Microsoft Entra gives admins a safety net. It reduces downtime, prevents accidental access loss, and saves time rebuilding critical security groups. If a security group is accidentally deleted, you can now restore it quickly and confidently.