Detection of invalid group and application owners enables tenant admins to identify unmonitored or improperly administered resources within Microsoft 365. CoreView provides detection of invalid owners through reporting features and automated Playbook policy actions.
Detecting invalid owners in reports
CoreView classifies resource owners as “invalid” if their accounts meet at least one of the following criteria:
- Blocked credentials
- Shared mailboxes
- Insufficient Microsoft 365 licenses
The “Has a valid owner” field within CoreView reports is set to “false” if a resource does not have at least one valid owner. Administrators should review these resources and assign a valid owner.
The “Has a valid owner” field is available in reports for the following resources:
- Microsoft 365 groups
- SharePoint sites
- OneDrive
- App registrations
Detecting invalid owners with Playbook policies
CoreView Playbook policies identify Teams groups, Microsoft 365 groups, and Enterprise applications where all assigned owners meet the criteria for invalidity (e.g., blocked accounts, shared mailboxes, or unlicensed users).
Invalid owner policy remediation
- For groups without valid owners, CoreView policies automatically trigger an email notification prompting the assignment of at least two licensed and unblocked owners.
- For Enterprise apps with invalid owners, CoreView policies generate a report listing affected resources, available as a download for administrative review and assignment.
