Forum Discussion
guest expiration
Hi all,
The Expiring External Access feature mentioned in the documentation above hasn't been rolled out yet which is why it's not showing up in your UI π Looks like our documentation went live a little early. Keep an eye on Message Center for the latest details on this feature! Thanks!
Stephen Rice
Senior Program Manager, OneDrive
MicrosoftHi Vertebre85, glad you were able to join the webinar!
Hi roniy, you can check out a demo of the feature from our Ignite talk late last year: https://myignite.techcommunity.microsoft.com/sessions/81495?source=sessions
It's near the end of the session though I think the entire talk is worthwhile (I may be a bit biased ;))
Thanks!
Stephen Rice
Senior Program Manager, OneDrive
StephenRice
Hi, thank you for the information and the video.
I need some more information about this.
I am concerned about how this affects guests in MS Teams.....
I invite a guest to a MS Team, they of course have access to the "files" tab and all the Sharepoint content.
If this policy is enforced, will the guest lose access to the "files" tab after the set timeframe? But still remain in the Team?
That seems problematic, I think.
Alex
- StephenRice
Hi alexrademeyer,
Expiration will only be applied to guests who are accessing via sharing links, direct permissions or SP Groups. If the user is accessing via an O365 group or security group, they will not expire.
If you want users to expire from those constructs, check out the Azure AD Access Reviews feature. These features are designed to work in concert with each other π Thanks!
Stephen Rice
Senior Program Manager, OneDrive
StephenRice
Almost 3 years later π
This feature has been launched and running relatively smoothly, congratulations.
I have found a bug and i believe it is (loosely) related to my original concenrs about the interactions between this feature and Teams/Groups:
typically, the expiration warning emails go to group OWNERS (because they are by default site collection owners), this makes sense, any (typically) works like a charm.
BUT, if the setting for "send copies of team emails and events to team membersβ inboxes" is ticket, the expiration email actually goes to all members of the O365 group- not only the owners.
This is not expected, the documentation claims that the mail should only go to "owners" (and typically it does). something about this setting makes it send to all members of the group.
I have been trying to explain this to support, and now PG, for months...... but you know how that goes. I am talking to myself π maybe you can understand this better than they can.StephenRice we recently enabled guest access expiration in the SPO admin console but its also expiring access to MS Teams SPO sites (I am not quite sure why its picking "random" guest accounts to expire). Can you clarify how this works? I am able to override this at the site collection layer for each team, but that is not very practical. It would also be great if I could see what content will be expired.
- StephenRice
Hi walter-wodzien,
Expiration will apply to any guest that is accessing content through sharing links or direct access in a OneDrive or SP site. So if a user on an MS Teams SPO Site was shared to via a sharing link, they would expire. But if they are accessing through membership in the Team or an AAD group, then they will not expire.
Unfortunately there isn't an easy way for us to surface which access is expiring (the expiration actually occurs on the user object in that site) but you can use features like the Site Sharing Report or auditing to help.
Hope that helps!
Stephen Rice
Principal Product Manager, OneDrive
Hi Stephen, that's great- thank you for confirming, and for replying so quickly.
I had been wondering about this for a few days after the announcement in the message center, which did not mention if/how Teams users would be affected. to make things more confusing, MS Support confirmed to me that the guests would remain Team members, but lost access to the "files" tab......I am going to believe you instead of them.
Thank you for helping clear it up!
Alex- StephenRice
Hi alexrademeyer,
No problem! We are working on updating the MC post so it's more clear as well π I'll also drop an e-mail to our support folks to make sure they're on the same page! Thanks!
Stephen RiceSenior Program Manager, OneDrive
