Microsoft Planner: Setup, Policies, and Admin Configuration Guide 2026
Why Microsoft Planner Admin Setup Trips People Up
I've worked through more Microsoft Planner admin configuration tickets than I can count. And honestly? The number one reason admins struggle here isn't technical skill , it's that Microsoft has been quietly rebranding, merging, and reshuffling the entire Planner ecosystem over the past two years. If you set something up in 2023, the product you configured may literally have a different name now, sit in a different admin panel, and behave differently depending on which license tier your users are on.
Here's the core of what changed. In April 2024, Microsoft consolidated Microsoft To Do, the old Planner, and Microsoft Project for the web into a single product called the new Microsoft Planner. That unified app lives inside Microsoft Teams. At the same time, the old "Tasks by Planner and To Do" app in Teams was renamed to Planner. Then in September 2024, Project Plan 3 and Project Plan 5 were renamed again, they're now called Planner and Project Plan 3 and Planner and Project Plan 5. If any of those old names appear in your tenant's license assignments or admin documentation, you're looking at the same product under a different label.
What this means for you as an admin: your users might see the Planner app in Teams and have wildly different experiences from each other, purely based on what Microsoft 365 license they hold. Someone on a Microsoft 365 Business Basic plan sees basic plans with four views, Grid, Board, Schedule, and Charts. Someone next to them on Planner and Project Plan 3 gets Timeline (Gantt), Goals, dependencies, sprints, and custom fields. They're both inside "Planner." That gap in features generates a lot of confused help desk tickets that say some version of "Planner doesn't work for me."
Add to this the fact that Microsoft Planner admin controls aren't centralized in one obvious panel. Authentication runs through Microsoft Entra ID. License management lives in the Microsoft 365 admin center. Compliance hooks into Purview. Premium plan data sits in Dataverse. Each of those subsystems has its own admin interface, its own role requirements, and its own quirks. There's no single "Planner Admin Console" button you can click.
I know this is frustrating, especially when your organization is trying to roll out Planner as part of a broader Microsoft 365 modernization push and users are already asking questions before you've finished configuration. The good news is the setup is actually straightforward once you understand the moving parts. That's what this guide is for.
Whether you're troubleshooting Microsoft Planner license assignment problems, trying to figure out how to activate Planner for your organization, managing security containers for plans, or configuring access through Microsoft Entra ID, this guide covers it all. Browse all Microsoft fix guides →
The Quick Fix, Check Licensing First
Before you touch any admin settings, Group Policy, or Entra configurations, do this: confirm your users are actually on a subscription that includes Microsoft Planner. I can't tell you how many escalations turn out to be pure licensing gaps. Someone was moved to a different license tier, or a bulk license reassignment missed a group, and suddenly half the team can't see Planner at all.
Planner is included in these subscriptions out of the box:
- Microsoft 365 Business Basic
- Microsoft 365 Business Standard
- Office 365 E1
- Office 365 E3
- Office 365 E5
- Microsoft 365 A1
If your tenant is on one of those, Planner should already be active. If your subscription isn't on that list, there's no standalone toggle to flip, the only path forward is switching to a qualifying plan. Microsoft doesn't offer Planner as an add-on to non-qualifying subscriptions.
Here's how to verify licensing quickly. Go to the Microsoft 365 admin center at admin.microsoft.com. Navigate to Users > Active users. Select the affected user, click Licenses and apps, and expand the license to check whether Planner is toggled on under the assigned plan. If Planner is listed but toggled off for individual service plans, that's your culprit, toggle it on and save. Changes typically propagate within a few minutes, though in large tenants it can take up to 24 hours.
For a bulk check across many users, run this PowerShell command after connecting to Microsoft Graph or Exchange Online PowerShell:
Get-MgUser -All | Select-Object DisplayName, UserPrincipalName,
@{N="Licenses";E={$_.AssignedLicenses.SkuId -join ", "}} |
Where-Object {$_.Licenses -ne ""}
Then cross-reference the SKU IDs against your Planner-eligible plans. If you're not sure which SKU maps to which plan, the Microsoft 365 admin center shows friendly names when you view a specific user's license detail.
When you're checking licenses in bulk, filter specifically for users in the affected department or Teams channel first, not your entire tenant. In large organizations, running a full tenant scan can return thousands of rows and bury the actual pattern. Narrow your scope early.
Assuming you've confirmed you're on a qualifying subscription, the next step is verifying that the Planner service isn't administratively disabled for your tenant. Microsoft 365 gives admins the ability to turn individual services on or off at the tenant level, and Planner is one of those toggleable services.
To check and change this, go to admin.microsoft.com. In the left navigation, click Settings > Org settings. Scroll through the list until you find Planner. If you don't see it immediately, use the search box at the top of the Org settings page and type "Planner."
Inside the Planner settings panel, you'll see an option that reads something like Allow users to create plans in Microsoft Planner. Make sure this is enabled. If your organization had previously disabled Planner before the April 2024 unification, say, because you were exclusively using Project for the web, it may still be set to off for the new unified experience.
Once you save the setting, users should see the Planner app available in the Teams app bar and at planner.cloud.microsoft. If users still don't see it in Teams, they may need to manually add it: in Teams, click the Apps button in the left sidebar, search "Planner," and click Add. As an admin, you can also pin Planner to the Teams left rail for all users via a Teams app setup policy in the Teams admin center.
One thing to keep in mind: turning Planner on at the org level doesn't automatically pin it for every user. The toggle is more of a "allow access" gate. The pinning and visibility experience for the app in Teams is managed separately through Teams app policies, which I'll cover in Step 3.
If the setting was already on and users still can't access Planner, move on to the next step, this is almost always a license assignment issue rather than a tenant setting problem.
Once the tenant-level Planner service is active, you need the right licenses in place for each user tier you want to support. Here's where many admins hit their second wall: there are now effectively two tiers of Planner, and they require different licenses.
Basic Planner (included in standard Microsoft 365 plans): Users get four views, Grid, Board, Schedule, and Charts, plus My Tasks and My Day. This covers most task and team collaboration scenarios for everyday users.
Premium Planner (requires an additional license): Users get access to Timeline (Gantt) view, Goals, task dependencies, sprints, custom fields, team workload management, and report creation. This requires a Project Plan 1 license at minimum (now officially branded Planner Plan 1). For the full advanced feature set, you need Planner and Project Plan 3 or Planner and Project Plan 5.
To assign these licenses, go to admin.microsoft.com > Billing > Licenses. Find the appropriate plan, click it, then click Assign licenses. You can assign to individual users or to a group via group-based licensing, which is the better approach for anything over 10 users.
For group-based licensing, navigate to Microsoft Entra admin center > Groups, select your target group, click Licenses, and assign the plan there. Every member of the group inherits the license automatically, including new members you add later. This saves a lot of manual re-work as your org grows.
After assignment, verify via PowerShell:
Get-MgUserLicenseDetail -UserId user@contoso.com |
Select-Object -ExpandProperty ServicePlans |
Where-Object {$_.ServicePlanName -like "*PLANNER*" -or $_.ServicePlanName -like "*PROJECT*"}
You should see the relevant service plans listed with a ProvisioningStatus of Success. If you see PendingInput, the license is assigned but waiting on something, usually a location setting on the user object.
Microsoft Planner doesn't have its own authentication system. All sign-in flows go through Microsoft Entra ID (formerly Azure Active Directory). This means every Entra-level control you're already using, Conditional Access policies, token lifetime settings, MFA requirements, applies to Planner automatically.
If users are reporting sign-in loops, "you don't have access" errors when opening Planner, or getting bounced back to the login screen repeatedly, the first place to check is your Conditional Access policies in entra.microsoft.com > Protection > Conditional Access > Policies.
Look for any policies that target "All cloud apps" or explicitly list Microsoft Planner. A common misconfiguration is a policy that requires a compliant device or a specific IP range but doesn't have the Planner app excluded from its scope, meaning remote workers or BYOD users get blocked silently. The policy may not throw an obvious error; it just redirects users in a loop.
To troubleshoot a specific user's Entra sign-in experience, go to entra.microsoft.com > Monitoring & health > Sign-in logs. Filter by the user's UPN and look for failed sign-ins with the application name matching Planner or the Office 365 suite. Each entry tells you exactly which Conditional Access policy blocked or interrupted the session and why.
For token lifetime, Planner inherits whatever your Entra token lifetime policies define. If users are being asked to re-authenticate too frequently (a common complaint), check your token lifetime configurations at entra.microsoft.com > Applications > Token configuration or via PowerShell:
Get-AzureADPolicy | Where-Object {$_.Type -eq "TokenLifetimePolicy"}
Adjusting the access token lifetime to 60–90 minutes and the refresh token to 14 days resolves most "keeps logging me out" complaints for Planner users in standard enterprise environments, without meaningfully weakening your security posture.
This is the step most admins skip, and it causes the most downstream confusion. In Microsoft Planner, every plan lives inside a container, and the container controls who can see and edit that plan. Understanding containers is the key to understanding Planner's entire permission model.
Here's what that means in practice. When a user creates a plan inside a Microsoft 365 Group (which is what happens by default when you create a plan from the Planner app), the membership of that Group defines exactly who can view and edit tasks in that plan. Add someone to the Group, they get plan access. Remove them, they lose it. You don't need to manage plan permissions separately, the Group membership is the permission.
Plans can also live inside other container types: a Teams Channel (for channel-based collaboration), or a Meeting (for meeting-specific task tracking). Channel plans inherit their access from the channel membership. Meeting plans inherit from the meeting attendees.
For standard scenarios, the key admin task here is making sure your Microsoft 365 Group policies are properly configured. Navigate to entra.microsoft.com > Groups > General to review your group creation and management policies. If you've restricted Group creation to admins only (a common enterprise setting), users won't be able to create new Planner plans that require a Group. Make sure the right set of users or groups has Group creation rights, or create a designated security group that's allowed to create Groups and add your Planner power users to it.
One advanced customization worth knowing: you can further restrict task create/update/delete permissions within a plan, beyond what the Group membership grants, via the Business Scenarios API. This is mainly relevant if you're building automated workflows or need role-based restrictions inside a single plan (e.g., view-only access for certain members). This is not a standard admin center toggle; it requires Graph API calls, so it's something to hand off to your development team or a power admin.
When the container setup is correct, users in the Group or Channel should be able to open the plan, see all tasks, create new tasks, and edit existing ones without any additional setup. If they can't, re-check their Group membership and whether the plan is actually attached to the container you think it is.
Once access is working, take 20 minutes to lock down the security and compliance configuration. This step often gets deferred and then forgotten, which becomes a problem when your organization faces an audit or a data request.
Here's the data landscape for Microsoft Planner. Basic plan data, task titles, descriptions, metadata, is stored in Azure, encrypted both at rest and in transit. You don't need to configure this; it's on by default. However, it's worth knowing that Customer Managed Keys (CMK) are not supported for basic plan data in Planner as of the current documentation. If CMK is a compliance requirement for your org, this is a constraint you need to flag to your compliance team now, not during an audit.
File attachments in Planner are stored in SharePoint. Conversations associated with plans are stored in Exchange. Both of those are covered by your existing SharePoint and Exchange compliance configurations, eDiscovery, retention policies, DLP rules, so make sure those are in place and tested.
Premium plan data lives in Dataverse. Access to Dataverse for reporting or integration purposes is managed through standard Dataverse role controls, not through the Planner interface. If your organization uses premium Planner plans and you need to give a Power BI reporting team access to the underlying data, they need appropriate Dataverse roles assigned, check admin.powerplatform.microsoft.com > Environments > [Your environment] > Settings > Users + permissions.
For compliance coverage across the organization, Planner is governed under the Microsoft Product Terms and the Data Protection Agreement (DPA). The Microsoft Trust Center is the authoritative source for compliance certifications (SOC 2, ISO 27001, etc.), verify that Planner is listed under the certifications your organization requires.
One quick admin action: make sure your Microsoft Purview configuration covers Planner data. Secondary copies of Planner task data are stored in data management services for Purview integration, so Planner tasks can appear in eDiscovery and compliance search results. Verify this is working by running a test content search in purview.microsoft.com > Content search targeting a known user's Planner tasks.
Finally, there are no special Planner-specific administrative roles. If you ever need to take administrative action on a specific plan, say, to recover a deleted plan or investigate suspicious task changes, you do it by joining the container. For a Group-based plan, that means adding yourself to the Microsoft 365 Group via Entra ID, taking your admin action, then removing yourself. Document this process in your admin runbook so it's not improvised under pressure during an incident.
Advanced Microsoft Planner Admin Troubleshooting
Group Policy and Registry Considerations
Microsoft Planner is primarily a cloud service, so classic on-prem Group Policy Objects (GPOs) don't apply to the Planner web and Teams experiences directly. However, if your users access Planner through a browser on domain-joined machines, GPOs affecting your browser settings, specifically policies restricting third-party cookies, blocking *.microsoft.com or *.office.com domains, or enforcing proxy settings, can break Planner's authentication flow.
Check your GPO console (gpmc.msc) for any Computer or User policies targeting Internet Explorer or Edge settings. Specifically look for policies under Computer Configuration > Administrative Templates > Windows Components > Microsoft Edge or Internet Explorer that might block cookies or set restrictive zone settings. Planner requires session cookies and local storage access to work correctly in browser environments.
For the Teams desktop client specifically, Planner runs inside Teams' Chromium-based rendering engine. If users are getting white screens or loading errors in the Planner tab within Teams, clear the Teams cache. The Teams cache lives at:
%AppData%\Microsoft\Teams\Cache
%AppData%\Microsoft\Teams\blob_storage
%AppData%\Microsoft\Teams\databases
Have the user close Teams fully (right-click the system tray icon and choose Quit), delete the contents of those folders, then restart Teams. This resolves a surprising number of Planner rendering issues that have nothing to do with permissions or licensing.
Dataverse Environment Issues for Premium Plans
If your organization is rolling out premium Planner plans and users with the right licenses still can't access premium features like Timeline or Goals, the issue is often at the Dataverse environment level. Premium Planner capabilities require an active, properly provisioned Dataverse environment in your tenant's default region.
Check your Dataverse environment status at admin.powerplatform.microsoft.com > Environments. You should see a default environment. If it shows as "Preparing" or has a warning icon, that environment isn't ready and premium Planner features will fail to load for users.
If your tenant doesn't have a Dataverse environment provisioned at all, you may need to create one. Go to Power Platform admin center > Environments > New and create a default environment with Dataverse enabled. Note that this requires a Power Apps license or an appropriate Microsoft 365 plan that includes Power Platform entitlements.
Event Log Analysis for Authentication Errors
On Windows endpoints, authentication failures related to Planner (which flow through Entra ID and Microsoft account tokens) can show up in the Windows Event Viewer. Open eventvwr.msc and navigate to Windows Logs > Application. Look for Event ID 1000 or 1026 from source AAD Token Broker Plugin, these indicate token acquisition failures that would block Planner sign-in. Cross-reference these with the Sign-in logs in Entra admin center for the same timestamp.
Escalate to Microsoft Support when: your Dataverse environment is stuck in "Preparing" state for more than 48 hours; you're seeing tenant-level Planner service outages that don't appear on the Microsoft 365 service health dashboard; you need to restore deleted premium plans that aren't recoverable through standard Entra group restoration; or your compliance team requires a formal data residency report for Planner data that isn't available through the standard Purview tools. Don't try to resolve Dataverse provisioning failures or cross-tenant data access issues on your own, Microsoft support can access backend provisioning logs you can't see.
Prevention and Microsoft Planner Admin Best Practices
Once you've got Planner running correctly, the goal is keeping it that way, especially during Microsoft's ongoing product changes. Here's what I recommend based on what I've seen go wrong in enterprise deployments.
Use group-based licensing religiously. Manual license assignment at scale is where errors happen. When you assign Planner-eligible licenses through security groups in Entra ID, new users added to the group automatically get the right license. When someone leaves the group or the org, the license is reclaimed automatically. This also makes license auditing dead simple, you check group membership, not individual user records.
Document your container architecture before users start creating plans. One of the most common admin nightmares I see is 40 users who each created their own plans attached to ad-hoc Groups with no naming convention and no governance. Three months later, nobody knows which plan is the source of truth, ex-employees still technically own Groups, and there are licensing gaps everywhere. Define upfront which Teams channels or Groups your Planner plans should live in, create them with the right membership, and communicate that structure to users before launch.
Set up a Group expiration policy. In Entra ID, you can configure Microsoft 365 Groups to expire after a defined period of inactivity (typically 180 or 365 days). When a Group expires, its associated Planner plan is also removed. This is either a feature or a hazard depending on whether your users know about it. Go to entra.microsoft.com > Groups > Expiration to configure this, and make sure group owners know they'll receive email notifications before expiration so they can renew active plans.
Monitor the Microsoft 365 roadmap for Planner changes. Microsoft has been iterating on Planner faster than almost any other Microsoft 365 product in the past two years. Features that don't exist today may ship next quarter, and features your users rely on may change behavior. Bookmark the Microsoft 365 roadmap and filter by "Planner" to track upcoming changes before they surprise your users.
- Pin Planner to the Teams left rail for all users via a Teams app setup policy, it drives adoption and reduces "where do I find Planner?" tickets
- Create a Microsoft 365 Group naming policy in Entra ID so Planner-associated Groups are easy to identify in your directory
- Run a monthly license utilization report from the Microsoft 365 admin center to reclaim unused premium Planner licenses before the next billing cycle
- Test your eDiscovery configuration against Planner data at least once per quarter, many compliance teams assume it's working without having verified it end-to-end
Frequently Asked Questions About Microsoft Planner Admin Setup
How do I install or activate Planner for my organization?
Planner doesn't require a separate install, it's included automatically with Microsoft 365 Business Basic, Business Standard, Office 365 E1/E3/E5, and Microsoft 365 A1. Once your tenant is on one of those plans, go to admin.microsoft.com > Settings > Org settings and confirm Planner is enabled. If your subscription isn't on that list, there's no add-on option, you'd need to switch to a qualifying plan. After enabling it at the org level, users can find Planner inside Microsoft Teams or at planner.cloud.microsoft.
What do users get access to with a standard Microsoft 365 Planner license?
Users on standard Microsoft 365 plans get access to basic plans in Planner, that covers Grid, Board, Schedule, and Charts views, plus My Tasks and My Day for personal task management. They can create plans, assign tasks, set due dates, and collaborate with their team. What they don't get without an additional license is Timeline (Gantt) view, task dependencies, Goals, sprints, custom fields, or team workload reporting. Those features require at minimum a Planner Plan 1 (formerly Project Plan 1) license, and the full suite requires Planner and Project Plan 3 or Plan 5.
What changed for current users of Planner for the web and Project for the web?
In April 2024, Microsoft merged the old Planner app in Teams (previously "Tasks by Planner and To Do") into a unified new Planner experience. Planner for the web began rolling out its new aligned experience in Fall 2024 to match the Teams app. Project for the web has remained functionally unchanged, it still exists as its own tool, but Project for the web tasks are now also visible inside the new Planner in Teams. The Project Power App was also renamed to Planner in 2024, though its existing functionality stayed intact. So if you're a Project for the web admin, your users get an expanded surface area without losing anything.
What are the new plan names after the September 2024 rebrand?
Microsoft renamed Project Plan 3 and Project Plan 5 to Planner and Project Plan 3 and Planner and Project Plan 5 as of September 18, 2024. Project Plan 1 had already been renamed Planner Plan 1 back in April 2024 alongside the main rebrand. If you see the old "Project Plan" names in your billing portal or license assignments, they refer to the same SKUs, the capabilities haven't changed, just the names. One important caveat: premium Planner capabilities are not currently available for Government Cloud Community (GCC) High or Department of Defense (DoD) tenants, so if you're in those environments, the premium feature set is not yet accessible regardless of licensing.
Why can't some of my users see the Timeline view in Planner even though Planner is enabled?
Timeline view is a premium feature and requires a Planner Plan 1 license at minimum, it's not included in the base Microsoft 365 plans. If Planner is active for your tenant and the user can access basic plans but doesn't see Timeline as a view option, check their license in admin.microsoft.com > Users > Active users > Licenses and apps. If they don't have Planner Plan 1, Planner and Project Plan 3, or Planner and Project Plan 5 assigned, they physically won't see the premium views. Assign the appropriate license and the Timeline, Goals, and other premium views should appear for them within an hour.
How does Microsoft Planner handle security for plans inside Teams channels?
When a plan is created inside a Teams channel, the channel's membership defines who can access the plan, Planner doesn't maintain a separate access list. Anyone who is a member of that Teams channel can view and edit tasks in the associated plan. If you remove someone from the Teams channel, they immediately lose access to the plan. There are no Planner-specific permission overrides for standard channel plans; the container (the channel) is the permission boundary. For more granular access control inside a single plan, you'd need to use the Business Scenarios API, which is a developer-level customization rather than an admin console setting.