How to Block Planner Users from Removing Tasks Created by Others

Posted on by Tony Redmond

Apply a Block Policy to User Accounts

Planner uses the Microsoft 365 Groups membership model, which means that all members of a group share equal access to group resources, like the plans owned by the group. The default is therefore to allow anyone in the group to delete any task in a plan. The lack of a recycle bin, wastebasket, or other recovery mechanism to allow Planner to recover tasks deleted in error is one reason why you might want some control over task deletion, especially in large and complex plans.

Until recently, I never noticed that it is possible to block people who don’t create tasks from deleting tasks. But administrators can by running the Set-PlannerUserPolicy cmdlet to assign a block policy to an account. For example:

Set-PlannerUserPolicy -UserAadIdOrPrincipalName Kim.Akers@Office365itpros.com -BlockDeleteTasksNotCreatedBySelf $True

Planner applies the block policy on the server, so it is effective immediately. Blocked users can still update tasks, including marking tasks as complete.

The block applies to tasks in all plans. There’s no way to allow someone to remove tasks in all plans except a couple of selected plans.

To check the block status of a user, use the Get-PlannerUserPolicy cmdlet:

Get-PlannerUserPolicy -UserAadIdOrPrincipalName Kim.Akers@office365itpros.com | fl

@odata.context                   : https://tasks.office.com:444/taskApi/tenantAdminSettings/$metadata#UserPolicy/$entity
id                               : Kim.Akers@office365itpros.com
blockDeleteTasksNotCreatedBySelf : True

You need to download the Planner PowerShell module from Microsoft to use the Set-PlannerUserPolicy and Get-PlannerUserPolicy cmdlets. Because it’s really only a wrapper around some Graph API code, the module works oddly, explained in this post.

Applying the Block to Multiple Accounts

If you want to set a block policy for a bunch of accounts, a simple loop does the trick. This code uses the Get-ExoMailbox cmdlet to find all user mailboxes and sets the block for their accounts:

[array]$Users = Get-ExoMailbox -RecipientTypeDetails UserMailbox -ResultSize Unlimited
ForEach ($User in $Users) {
    Write-Host "Disabling delete access to non-owned tasks for" $User.DisplayName
    Set-PlannerUserPolicy -UserAadIdOrPrincipalName $User.UserPrincipalName -BlockDeleteTasksNotCreatedBySelf $True
}

What Happens When a Blocked User Tries to Delete a Task

When a user is blocked from deleting tasks they didn’t create, any attempt to remove a task they didn’t create fails. The user experience differs slightly from client to client.

A deletion from the Planner browser UI first seems to work at first (the Delete option is still available). However, after a short delay, the task comes back when Planner realizes that it shouldn’t have allowed the delete to happen. The reappearance of a deleted task is kind of funky until you understand what’s happening.

The same happens in the board view of the Tasks by Planner and To Do app in Teams. However, if you use the list view, the app flags an error and fails to delete the task (Figure 1).

The Planner app in Teams refuses to delete a task
Figure 1: The Planner app in Teams refuses to delete a task

The longest delay between an attempt to delete a task being made and the task coming back is in a To-Do mobile client. This is likely because of some synchronization lag. At first, the task deletion works, but after a delay of several minutes, the task reappears.

Reversing the User Block Policy

To reverse the block policy for a user, revert the setting to False (the default):

Set-PlannerUserPolicy -UserAadIdOrPrincipalName Kim.Akers@office365itpros.com -BlockDeleteTasksNotCreatedBySelf $False

Poor Implementation of Task Deletion Block

Overall, blocking task deletion works, but the user experience is confusing and could result in help desk calls. On the upside, at least the help desk can explain what happens. They can do nothing when an unblocked user deletes a task in error. The lack of client support in the implementation has the hallmark of a quick job, perhaps one done to assuage the complaints of an important customer. It’s a pity if that’s the case. Controls like the block policy are important and should appear as an application matures (and Planner is very much a mature application at this point). Perhaps now Microsoft has this block in place, maybe they can concentrate on creating a recycle bin for tasks?

Make sure that you’re not surprised about changes which appear inside Office 365 applications by subscribing to the Office 365 for IT Pros eBook. Our monthly updates make sure that our subscribers stay informed.

6 Replies to “How to Block Planner Users from Removing Tasks Created by Others”

  1. Wow. Lots of folks were asking for this. Hopefully they will expose it as a GUI somewhere and based on groups.

    Reply
  2. Pingback: Verhindern das Benutzer zugeordnete Aufgaben in Planner löschen | IM-consult.net
  3. Pingback: How to Block Planner Users from Removing Tasks Created by Others – blog by @12Knocksinna – 365forall
  4. Pingback: [m365weekly] #66 - M365 Weekly Newsletter

  5. How can all new plans in planner be globally set to private by default also blocking the option for users to change to public?

    Reply

    1. Plans receive their privacy setting from the group that they belong to, so if you change the group privacy to private, the plans will be private. Only group owners can set the privacy of a group.

      Reply

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.