Forum Discussion
Solved
SharePoint Online and contractors
One of my customers has many contractors who need to have a company email address but they shouldn't have access to any of the public team sites. How should this be approached? My first thogu...
- There is no event when a site is created. If you have control over AD groups you could have a job looping over sites, replacing Everyone with some other AD group which don't include the contractors. We do something similar at a customer where we regularly check that Everyone on pub groups have read only and not contrib, which is the default setting.
We use azure web jobs for this running once a day.
N/M
Everyone is not added to all sites by default. A regular site has no permissions until someone adds them. But for public Group sites, Everyone will indeed have access.
- Hi Mikael,
In this case I have indeed public group sites.
Any clever ideas that I may have missed to remove a set of users by default. I was thinking maybe something with flow or function apps that are triggered by the creation of a site.you could create 2 AAD groups, Employees and Contractors. Prohibit the use of the default Everyone group, (propably need to use PowerShell to enforce) and then put the custom Employees group into the Visitors group of the "public" sites.
- There is no event when a site is created. If you have control over AD groups you could have a job looping over sites, replacing Everyone with some other AD group which don't include the contractors. We do something similar at a customer where we regularly check that Everyone on pub groups have read only and not contrib, which is the default setting.
We use azure web jobs for this running once a day.- I was thinking about an azure function app that runs on a timer schedule. I would expect Microsoft to create a proper site trigger at some point.
I am glad that we are thinking along the same line.
Thanks for your help.
