Forum Discussion
Solved
guest expiration
Hello,
we would like to use https://support.microsoft.com/en-us/office/manage-guest-expiration-for-a-site-25bee24f-42ad-4ee8-8402-4186eed74dea?ui=en-us&rs=en-us&ad=us
but that option is missing on our site.
Will it appear after we buy some azure ad premium licenses?
Does it work for folders, or whole site only? e.g. folder1 shared with user1 and user2; folder2 shared with user3 and user4
Thank you
Jan
Hi all,
The Expiring External Access feature mentioned in the documentation above hasn't been rolled out yet which is why it's not showing up in your UI 🙂 Looks like our documentation went live a little early. Keep an eye on Message Center for the latest details on this feature! Thanks!
Stephen Rice
Senior Program Manager, OneDrive
Hi guys,
One question. I still cannot find the "Guest access to a Site or OneDrive will expire automatically after this many days" settings in the SharePoint (Online) Admin Center.
Is the reason for this, that a.) our company has not the necessary license (we use M365 E3), b.) I haven't taken care of another setting (e.g. in Azure AD) to make this setting in the SharePoint Online Admin Center available or c.) is not yet rolled out in every tenant?
Looking forward to your answers.Thanks in advance
Chris
- StephenRice
Microsoft
Hi ChOl,
The feature has not yet rolled out which is why it hasn't shown up yet in your admin center. Thanks!
Stephen Rice
Senior Program Manager, OneDrive
StephenRice Do you know when this roll out will be completed? We have a test tenant with targeted release and its not yet reached there.
Hi StephenRice,
we're about to test the expiration policy and I was wondering...in the official support article is everywhere mentioned that Site Administrators will receive the expiration notifications and can extend the access. Now, what is meant by "Site admin"? Is it really site collection admins only or also site Owners (with Full Control permissions) will be able to manage this?
Because if it's only SC admins then it's pretty useless as we (and I guess it's best practice in general) do not give SC admin permissions to our users....only site owners permissions.
Additional question...any plans on having separate expiration settings for Sharepoint and OneDrive? We are using SP site guest access for long term sharing and OneDrive for short term ad hoc sharing with externals. Would be nice if we can set i.e. 30 days expiration for SP and only like 3 days for OneDrive.
- StephenRice
Hi Marek Halfar,
Quick heads up that the feature is still rolling out so you may not have it just yet 🙂
It is the site collection administrator who does the extension (noting that in OneDrive & Group-connected sites, the owners are also the site collection admins). Can you explain what you mean by "don't give SC admin permissions to our users"? The SC admin in this case is only extending the user's access on their site collection, not in the tenant as a whole.
Although there is no clean way to create separate policies for OneDrive vs. Sharepoint, you can customize the expiration length on a per-site collection basis.
Hope that helps!
Stephen Rice
Senior Program Manager, OneDrive
Hi StephenRice,
I meant that when we are providing SP sites to our users, we do not appoint them as site collection admins but instead we are granting them only Full control permissions via the Owners group.
So that means that in our case no user on our tenant will be able to extend the guest access for their sites.
And because there is no policy separation we cannot even use the per site setting to at least have the policy on users OneDrives but not on Sharepoint sites, right? Or what is the max expiration time? So that we can let's say have 30 days on OneDrive and 100 years on SP sites, defined on per site basis. that would kind of workaround the policy separation for OD/SP.
Marek
Its configured in Azure, so it will be missing from your site until configured there. I get access to the screen under "Identity Management" in Azure but I get a "No Access" message as I don't have Azure AD P2 which is needed by the user configuring the access review (as well as Global admin) and the user undertaking the access review.
Andy Hodges |ThinkShare | www.thinkshare.uk
JohnnySvob I had exactly the same question. I didn't find anything.
Not clear if it's related to that topic https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review (not yet implemetend for us so couldn't tel)
Vertebre85 i guess it is related?
But it only checks group membership and i don't really want to connect our SP site to O365 group - it'll be visible in MS Teams, adds group to permissions etc.
would have been so much easier if we had same option as when sharing anonymously: "These links must expire within this many days"
- StephenRice
Hi all,
The Expiring External Access feature mentioned in the documentation above hasn't been rolled out yet which is why it's not showing up in your UI 🙂 Looks like our documentation went live a little early. Keep an eye on Message Center for the latest details on this feature! Thanks!
Stephen Rice
Senior Program Manager, OneDrive
