Forum Discussion

Copper Contributor

Jul 02, 2020

Solved

guest expiration

Hello, we would like to use https://support.microsoft.com/en-us/office/manage-guest-expiration-for-a-site-25bee24f-42ad-4ee8-8402-4186eed74dea?ui=en-us&rs=en-us&ad=us but that option is missing...

Permissions

SharePoint Online

StephenRice
Jul 07, 2020
Hi all,

The Expiring External Access feature mentioned in the documentation above hasn't been rolled out yet which is why it's not showing up in your UI 🙂 Looks like our documentation went live a little early. Keep an eye on Message Center for the latest details on this feature! Thanks!

Stephen Rice

Senior Program Manager, OneDrive

StephenRice

Microsoft

Oct 02, 2020

Hi Marek Halfar,

Quick heads up that the feature is still rolling out so you may not have it just yet 🙂

It is the site collection administrator who does the extension (noting that in OneDrive & Group-connected sites, the owners are also the site collection admins). Can you explain what you mean by "don't give SC admin permissions to our users"? The SC admin in this case is only extending the user's access on their site collection, not in the tenant as a whole.

Although there is no clean way to create separate policies for OneDrive vs. Sharepoint, you can customize the expiration length on a per-site collection basis.

Hope that helps!

Stephen Rice

Senior Program Manager, OneDrive

Marek Halfar

Copper Contributor

Oct 05, 2020

Hi StephenRice,

I meant that when we are providing SP sites to our users, we do not appoint them as site collection admins but instead we are granting them only Full control permissions via the Owners group.

So that means that in our case no user on our tenant will be able to extend the guest access for their sites.

And because there is no policy separation we cannot even use the per site setting to at least have the policy on users OneDrives but not on Sharepoint sites, right? Or what is the max expiration time? So that we can let's say have 30 days on OneDrive and 100 years on SP sites, defined on per site basis. that would kind of workaround the policy separation for OD/SP.

Marek

StephenRice
Microsoft
Oct 05, 2020
Hi Marek Halfar,

That is correct then.

And yes, the workaround would be to use PowerShell to customize the policies on OD vs. SP as needed. Hope that helps!

Stephen Rice

Senior Program Manager, OneDrive
- Marek Halfar
  Copper Contributor
  Oct 06, 2020
  Hi StephenRice,
  
  thanks, that helps. So basically to have expiration policy applied only for OneDrive we would enable it with 30days duration in tenant wide settings. And then for all our SP sites we configure these properties using PowerShell:
  ExternalUserExpirationInDays : 0
  OverrideTenantExternalUserExpirationPolicy : False
  
  So if we just set the override to $true and keep expiration days at 0, that should basically disable the expiration, right? Is that supported combination? Otherwise we just set the expiration days to its maximum which is two years.
  
  Marek
  - StephenRice
    Microsoft
    Oct 06, 2020
    Hi Marek Halfar,
    
    Almost! I think you want to set the Override value on each site to True. This would then override the tenant policy on this site and set it to 0 (which is equivalent I believe to no expiration policy). Thanks!
    
    Stephen Rice
    
    Senior Program Manager, OneDrive