Forum Discussion
Blocking Everyone and Everyone Except External Users group
In SharePoint online there is an "Everyone" and "Everyone except External Users" group. I am curious how other higher ed institutions are dealing with these 2 groups? Should both of these groups be considered a security risk? We have had a user share out some data that should have not been shard out with "Everyone" and I have been instructed to block these 2 groups from being used in SharePoint online and OneDrive for Business. I have no problem with turning access off to these two groups through PS on the O365 tenant but I was wondering if there is a down side to blocking these 2 groups?
Thanks
Steve
1 Reply
- I suppose it depends on what your definition of security risk is. For the external issue, you can block external access at the tenant or site level, among other external access configuration options. Blocking external access effectively makes the 'Everyone' group act like the 'Everyone except external users' group.
An 'everyone' group in general can certainly be useful and there is technically nothing preventing a user from adding literally everyone to a specific site; it'd be painful, but do-able.
I would just suggest creating IT policies around the usage of the everyone groups and inform your userbase of when it is and is not appropriate to use these groups, and what the scope of access is when you add those groups.
