SOLVED

Deny access to Sharepoint for some O365 User

Brass Contributor

I want to forbid user access to sharepoint and to give him access to other Office365 applications.User has Office E3 licence.

I removed user from Sharepoint collection https://company.sharepoint.com/_layouts/15/people.aspx?MembershipGroupId=0

Removed from SPO site

Remove-SPOUser -Site "https://company.sharepoint.com/" -LoginName "user@company.com"
But user can still login to https://company.sharepoint.com/

Get-SPOUser -Site "https://company.sharepoint.com/" -LoginName "test@company.com"

Display Name Login Name                        Groups User Type
------------ ---------- ------                               ---------
test test test@company.com                           {} Member

6 Replies

@jarvis2020 

It's possible that even if he's been removed from the Member group he's still got some item level permissions or access to a style gallery.  I'd try; -

  1. Use the site Cog --> Site Settings
  2. On this new page click on Site Permissions
  3. In the ribbon check the user's name in the Check Permissions tool.  This'll highlight where they need to be removed from.  Act on this and let us know what happens

 

@Steven Andrews 

 

Here are permissions:

EditGiven through the "Members" group.

Limited AccessGiven through the "SharePointHome OrgLinks Viewers" group.

On site i want to remove access from,on site permissions, Site visitors are "Everyone except external users"

 

I located above groups and both have only one  member "Everyone except external users"

Is it safe to remove this group ?

@jarvis2020 

 

Depends on the use of your site.  Your organisation has set ALL users access to these two groups.  If you remove "Everyone except external users" from these groups you'll disable everyone that can access the site.

Might be worth discussing this internally with your IT colleagues?

Hi @jarvis2020 ,

 

Its not safe to remove that group. Its everyone in your company. So if you remove it from any site all users that are not explicitly given access through another group will loose access to the site.

 

If you do indeed need everyone in your company to access a site but 1 person not too then the only way to solve that is to create an AD Group for instance "All SharePoint users" and add everyone except that one user, then use that group. 

 

You could maybe block them with conditional access too, may be worth a look.

@Andrew Hodges , so if i understood correctly, remove "Everyone except external users", and then add

Azure AD group ?

 

thanks

best response confirmed by jarvis2020 (Brass Contributor)
Solution

@jarvis2020 

 

That is right, but make sure everyone is in that AD group apart from that one user otherwise some of your users will loose access. 

1 best response

Accepted Solutions
best response confirmed by jarvis2020 (Brass Contributor)
Solution

@jarvis2020 

 

That is right, but make sure everyone is in that AD group apart from that one user otherwise some of your users will loose access. 

View solution in original post