Forum Discussion
Stephen Tyson
Apr 12, 2019Copper Contributor
Blocking Everyone and Everyone Except External Users group
In SharePoint online there is an "Everyone" and "Everyone except External Users" group. I am curious how other higher ed institutions are dealing with these 2 groups? Should both of these groups be c...
Apr 12, 2019
I suppose it depends on what your definition of security risk is. For the external issue, you can block external access at the tenant or site level, among other external access configuration options. Blocking external access effectively makes the 'Everyone' group act like the 'Everyone except external users' group.
An 'everyone' group in general can certainly be useful and there is technically nothing preventing a user from adding literally everyone to a specific site; it'd be painful, but do-able.
I would just suggest creating IT policies around the usage of the everyone groups and inform your userbase of when it is and is not appropriate to use these groups, and what the scope of access is when you add those groups.
An 'everyone' group in general can certainly be useful and there is technically nothing preventing a user from adding literally everyone to a specific site; it'd be painful, but do-able.
I would just suggest creating IT policies around the usage of the everyone groups and inform your userbase of when it is and is not appropriate to use these groups, and what the scope of access is when you add those groups.