Forum Discussion

JohnnySvob's avatar
JohnnySvob
Copper Contributor
Jul 02, 2020
Solved

guest expiration

Hello,   we would like to use https://support.microsoft.com/en-us/office/manage-guest-expiration-for-a-site-25bee24f-42ad-4ee8-8402-4186eed74dea?ui=en-us&rs=en-us&ad=us  but that option is missing...
Permissions
SharePoint Online
  • StephenRice's avatar
    StephenRice
    Jul 07, 2020

    Hi all,

     

    The Expiring External Access feature mentioned in the documentation above hasn't been rolled out yet which is why it's not showing up in your UI 🙂 Looks like our documentation went live a little early. Keep an eye on Message Center for the latest details on this feature! Thanks!

     

    Stephen Rice

    Senior Program Manager, OneDrive

StephenRice's avatar
StephenRice
Icon for Microsoft rankMicrosoft
Jul 19, 2021
Hi Roniy,

If the user is just a member of the SharePoint Group (e.g. not a member of the modern group), then they will expire.

And yes, even after a user has expired, they can still be shared to; it will just be like starting fresh.

Thanks!

Stephen Rice
roniy's avatar
roniy
Brass Contributor
Jul 20, 2021

Thank you StephenRice 

 

To clarify, "modern group" is an Azure AD group?

 

For example:

 

MySite Members (SPO)

    MySite Members (AAD)

         Guest1

    Guest2

 

In this example Guest2 will lose access while Guest1 will maintain it? 

  • Gurdev Singh's avatar
    Gurdev Singh
    Iron Contributor
    Aug 02, 2021
    Hi @Stephen...In my testing, it appears tenant level setting does not need to be On to enable expiration at per-site level.

    Steps for a pilot:
    1. Do not enable the guest expiration at SPO tenant level,
    2. Use PowerShell as below to set the properties for selected pilot sites.

    -OverrideTenantExternalUserExpirationPolicy $true -ExternalUserExpirationInDays 30

    Have I got it right? Or is there any background process that indeed checks that tenant setting is On for site level settings to be effective.

  • StephenRice's avatar
    StephenRice
    Icon for Microsoft rankMicrosoft
    Jul 20, 2021
    Yes, any AAD backed group will not have users expire out.

    So yes, in your example, only Guest2 would be covered by this expiration policy. For expiring users out of AAD groups, you can check out the Azure Access Reviews feature.

    Thanks!

    Stephen

Resources