Forum Discussion

JohnnySvob's avatar
JohnnySvob
Copper Contributor
Jul 02, 2020
Solved

guest expiration

Hello,   we would like to use https://support.microsoft.com/en-us/office/manage-guest-expiration-for-a-site-25bee24f-42ad-4ee8-8402-4186eed74dea?ui=en-us&rs=en-us&ad=us  but that option is missing...
Permissions
SharePoint Online
  • StephenRice's avatar
    StephenRice
    Jul 07, 2020

    Hi all,

     

    The Expiring External Access feature mentioned in the documentation above hasn't been rolled out yet which is why it's not showing up in your UI 🙂 Looks like our documentation went live a little early. Keep an eye on Message Center for the latest details on this feature! Thanks!

     

    Stephen Rice

    Senior Program Manager, OneDrive

StephenRice's avatar
StephenRice
Icon for Microsoft rankMicrosoft
Jul 12, 2021
Sorry for the slow response here!

So the user is not removed from the link itself but they do expire from the site as a whole (e.g. they can no longer access any content that they previously could in the entire site collection). Hope that clears things up! Thanks!

Stephen Rice
Senior Program Manager, OneDrive
roniy's avatar
roniy
Brass Contributor
Jul 19, 2021

StephenRice  and another question 🙂

 

The notification we got from the msg center on Sep. 2020 mentioned that:

"After a guest loses access to a site, any user with the ability to share content externally can re-invite the guest to each document or item as needed."

 

Is this still true?

 

Thank you!

  • Gurdev Singh's avatar
    Gurdev Singh
    Iron Contributor
    Aug 02, 2021
    Hi @Stephen...In my testing, it appears tenant level setting does not need to be On to enable expiration at per-site level.

    Steps for a pilot:
    1. Do not enable the guest expiration at SPO tenant level,
    2. Use PowerShell as below to set the properties for selected pilot sites.

    -OverrideTenantExternalUserExpirationPolicy $true -ExternalUserExpirationInDays 30

    Have I got it right? Or is there any background process that indeed checks that tenant setting is On for site level settings to be effective.

  • StephenRice's avatar
    StephenRice
    Icon for Microsoft rankMicrosoft
    Jul 20, 2021
    Yes, any AAD backed group will not have users expire out.

    So yes, in your example, only Guest2 would be covered by this expiration policy. For expiring users out of AAD groups, you can check out the Azure Access Reviews feature.

    Thanks!

    Stephen
  • roniy's avatar
    roniy
    Brass Contributor
    Jul 20, 2021

    Thank you StephenRice 

     

    To clarify, "modern group" is an Azure AD group?

     

    For example:

     

    MySite Members (SPO)

        MySite Members (AAD)

             Guest1

        Guest2

     

    In this example Guest2 will lose access while Guest1 will maintain it? 

  • StephenRice's avatar
    StephenRice
    Icon for Microsoft rankMicrosoft
    Jul 19, 2021
    Hi Roniy,

    If the user is just a member of the SharePoint Group (e.g. not a member of the modern group), then they will expire.

    And yes, even after a user has expired, they can still be shared to; it will just be like starting fresh.

    Thanks!

    Stephen Rice

Resources