Forum Discussion
Best approach to prevent external users from accessing sharepoint online
Hi john john - you can go to your Office 365 admin center, click on Users in the left nav, then Guest Users. You can remove them all from there regardless of what SPO site has been shared.
Kelly_Edinger wrote:Hi john john - you can go to your Office 365 admin center, click on Users in the left nav, then Guest Users. You can remove them all from there regardless of what SPO site has been shared.
Kelly_Edingerthanks for your reply. i saw this option, but i am not sure if we can disable the user account instead of removing it?
second question, now let say i remove the user account from the Office 365 admin center >> Guest users.. then i think the user account will still exists inside the sharepoint groups which have been shared with the user? if this is the case, then let say in the future we re-share a new/exsisting site with the deleted user account, then will the user get access to the old sites which have been shared with her/him , as at the end the external user email will be the same?
oh wow john john, I just tested this. Added a personal email to a SPO site, then removed it from the admin center. 2 things are now scary - I'm no longer listed in the admin center as a guest, and the site itself shows 2 members (neither of which are my personal email) - if I was doing a quick check, I would think my personal account is gone. But if I go into Advanced Permissions on the site, my personal account is still there, and I can still log in with my personal account.
So, it's clear I don't have any good answers for you but I do thank you for raising this issue. I thought this was pretty cut and dry.
Would love to hear from a MVP or a Product Manager on this issue.
Kelly_Edinger wrote:oh wow john john, I just tested this. Added a personal email to a SPO site, then removed it from the admin center. 2 things are now scary - I'm no longer listed in the admin center as a guest, and the site itself shows 2 members (neither of which are my personal email) - if I was doing a quick check, I would think my personal account is gone. But if I go into Advanced Permissions on the site, my personal account is still there, and I can still log in with my personal account.
So, it's clear I don't have any good answers for you but I do thank you for raising this issue. I thought this was pretty cut and dry.
Would love to hear from a MVP or a Product Manager on this issue.
Kelly_Edinger now i did a test on a classic sharepoint team site. where i shared a site with my Hotmail account >> i got an invitation link >> click on the link >> i access the site as guest >> my Hotmail account where added to the Office 365 guest accounts list.
Then using the office 365 global admin >> i deleted my Hotmail account from the list of Guest accounts >> but i can still access the site using my hotmil account. but i were sure that office 365 will not allow any internal or external to access a site if his/her user is disabled or deleted, so i logout from sharepoint using my Hotmail account>> try to login again using my Hotmail where i got access denied, although my Hotmail account is still listed inside the sharepoint members group (i think this account will be orphan).. so maybe the issue we are facing is a timing issue, but sooner or later you will not be allowed to access sharepoint or office 365 using a deleted guest account.. but i am not sure if i did not logout from sharepoint, then for how long i can access a site using a delete guest account.. i am sure will not be more than 30 minutes..but can not verify this.