External File Sharing from O365 Groups allows user full access to site

Giovan Gervasi · ‎Jun 19 2017

Interesting find that is could cause major problems.

Sharing is turn on at the tenant level as prescribed by Microsoft
Also turned on sharing for each O365 Group via Set-SPOSite Command as stated by many blogs:
Set-SPOSite -Identity <Tenant + Group name> -SharingCapability ExternalUserSharingOnly
In a O365 Group > Document Library chose a file or folder to share externally (gmail Account)
Email goes out to gmail recipient
Gmail recipient goes thru process to access file by loggin in with MS associated Gmail account
Gmail recipient gets a return email that he has no access to the file/folder and does he want to Request Access
Gmail Recipient request access
O365 Owner received request fro Gmail Recepient and grants access
Gmail Recepient now has access to the whole site.

Interesting enough if the O365 Owner does nothing with the request for access the Gmail Recipient will be able to access the file or folder at the next attempt.

My question: Is there a way to turn off External users from Requesting Access or what could be the solution to avoid this possibly bad situation.

Thanks,

Giovan

Juan Carlos González Martín · ‎Jun 19 2017

A Group site is just a SPO Site so I can only think on accessing to the "old" permissions page in SPO and disable access request there...you might need to grab the permissions url for a classic site if you don't have it in the site settings page

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

External File Sharing from O365 Groups allows user full access to site

External File Sharing from O365 Groups allows user full access to site

Re: External File Sharing from O365 Groups allows user full access to site