Forum Discussion

jarvis2020's avatar
jarvis2020
Copper Contributor
Jul 30, 2020
Solved

Deny access to Sharepoint for some O365 User

I want to forbid user access to sharepoint and to give him access to other Office365 applications.User has Office E3 licence.

I removed user from Sharepoint collection https://company.sharepoint.com/_layouts/15/people.aspx?MembershipGroupId=0

Removed from SPO site

Remove-SPOUser -Site "https://company.sharepoint.com/" -LoginName "user@company.com"
But user can still login to https://company.sharepoint.com/

Get-SPOUser -Site "https://company.sharepoint.com/" -LoginName "test@company.com"

Display Name Login Name                        Groups User Type
------------ ---------- ------                               ---------
test test test@company.com                           {} Member

SharePoint Online
  • Andrew Hodges's avatar
    Andrew Hodges
    Jul 31, 2020

    jarvis2020 

     

    That is right, but make sure everyone is in that AD group apart from that one user otherwise some of your users will loose access. 

6 Replies

Sort By
  • Steven Andrews's avatar
    Steven Andrews
    Iron Contributor
    Jul 30, 2020

    jarvis2020 

    It's possible that even if he's been removed from the Member group he's still got some item level permissions or access to a style gallery.  I'd try; -

    1. Use the site Cog --> Site Settings
    2. On this new page click on Site Permissions
    3. In the ribbon check the user's name in the Check Permissions tool.  This'll highlight where they need to be removed from.  Act on this and let us know what happens

     

    • jarvis2020's avatar
      jarvis2020
      Copper Contributor
      Jul 30, 2020

      Steven Andrews 

       

      Here are permissions:

      EditGiven through the "Members" group.

      Limited AccessGiven through the "SharePointHome OrgLinks Viewers" group.

      On site i want to remove access from,on site permissions, Site visitors are "Everyone except external users"

       

      I located above groups and both have only one  member "Everyone except external users"

      Is it safe to remove this group ?

      • Andrew Hodges's avatar
        Andrew Hodges
        Bronze Contributor
        Jul 30, 2020

        Hi jarvis2020 ,

         

        Its not safe to remove that group. Its everyone in your company. So if you remove it from any site all users that are not explicitly given access through another group will loose access to the site.

         

        If you do indeed need everyone in your company to access a site but 1 person not too then the only way to solve that is to create an AD Group for instance "All SharePoint users" and add everyone except that one user, then use that group. 

         

        You could maybe block them with conditional access too, may be worth a look.

Resources