Forum Discussion

Pieter Veenstra's avatar
Pieter Veenstra
MVP
Aug 02, 2017
Solved

SharePoint Online and contractors

One of my customers has many contractors who need to have a company email address but they shouldn't have access to any of the public team sites.   How should this be approached?   My first thogu...
SharePoint Online
  • Mikael Svenson's avatar
    Mikael Svenson
    Aug 02, 2017
    There is no event when a site is created. If you have control over AD groups you could have a job looping over sites, replacing Everyone with some other AD group which don't include the contractors. We do something similar at a customer where we regularly check that Everyone on pub groups have read only and not contrib, which is the default setting.

    We use azure web jobs for this running once a day.
C_the_S's avatar
C_the_S
Bronze Contributor
Aug 02, 2017

N/M

  • Mikael Svenson's avatar
    Mikael Svenson
    Iron Contributor
    Aug 02, 2017
    Everyone is not added to all sites by default. A regular site has no permissions until someone adds them. But for public Group sites, Everyone will indeed have access.
    • Pieter Veenstra's avatar
      Pieter Veenstra
      MVP
      Aug 02, 2017
      Hi Mikael,
      In this case I have indeed public group sites.
      Any clever ideas that I may have missed to remove a set of users by default. I was thinking maybe something with flow or function apps that are triggered by the creation of a site.
      • Dean_Gross's avatar
        Dean_Gross
        Silver Contributor
        Aug 02, 2017

        you could create 2 AAD groups, Employees and Contractors. Prohibit the use of the default Everyone group, (propably need to use PowerShell to enforce) and then put the custom Employees group into the Visitors group of the "public" sites. 

Resources