Forum Discussion
guest expiration
Hi all,
The Expiring External Access feature mentioned in the documentation above hasn't been rolled out yet which is why it's not showing up in your UI 🙂 Looks like our documentation went live a little early. Keep an eye on Message Center for the latest details on this feature! Thanks!
Stephen Rice
Senior Program Manager, OneDrive
Hi StephenRice,
we're about to test the expiration policy and I was wondering...in the official support article is everywhere mentioned that Site Administrators will receive the expiration notifications and can extend the access. Now, what is meant by "Site admin"? Is it really site collection admins only or also site Owners (with Full Control permissions) will be able to manage this?
Because if it's only SC admins then it's pretty useless as we (and I guess it's best practice in general) do not give SC admin permissions to our users....only site owners permissions.
Additional question...any plans on having separate expiration settings for Sharepoint and OneDrive? We are using SP site guest access for long term sharing and OneDrive for short term ad hoc sharing with externals. Would be nice if we can set i.e. 30 days expiration for SP and only like 3 days for OneDrive.
MicrosoftHi Marek Halfar,
Quick heads up that the feature is still rolling out so you may not have it just yet 🙂
It is the site collection administrator who does the extension (noting that in OneDrive & Group-connected sites, the owners are also the site collection admins). Can you explain what you mean by "don't give SC admin permissions to our users"? The SC admin in this case is only extending the user's access on their site collection, not in the tenant as a whole.
Although there is no clean way to create separate policies for OneDrive vs. Sharepoint, you can customize the expiration length on a per-site collection basis.
Hope that helps!
Stephen Rice
Senior Program Manager, OneDrive
Hi StephenRice,
I meant that when we are providing SP sites to our users, we do not appoint them as site collection admins but instead we are granting them only Full control permissions via the Owners group.
So that means that in our case no user on our tenant will be able to extend the guest access for their sites.
And because there is no policy separation we cannot even use the per site setting to at least have the policy on users OneDrives but not on Sharepoint sites, right? Or what is the max expiration time? So that we can let's say have 30 days on OneDrive and 100 years on SP sites, defined on per site basis. that would kind of workaround the policy separation for OD/SP.
Marek
- StephenRice
Hi Marek Halfar,
That is correct then.
And yes, the workaround would be to use PowerShell to customize the policies on OD vs. SP as needed. Hope that helps!
Stephen RiceSenior Program Manager, OneDrive
Hi StephenRice,
thanks, that helps. So basically to have expiration policy applied only for OneDrive we would enable it with 30days duration in tenant wide settings. And then for all our SP sites we configure these properties using PowerShell:
ExternalUserExpirationInDays : 0
OverrideTenantExternalUserExpirationPolicy : FalseSo if we just set the override to $true and keep expiration days at 0, that should basically disable the expiration, right? Is that supported combination? Otherwise we just set the expiration days to its maximum which is two years.
Marek