Jul 30 2020 06:09 AM
I want to forbid user access to sharepoint and to give him access to other Office365 applications.User has Office E3 licence.
I removed user from Sharepoint collection https://company.sharepoint.com/_layouts/15/people.aspx?MembershipGroupId=0
Removed from SPO site
Remove-SPOUser -Site "https://company.sharepoint.com/" -LoginName "user@company.com"
But user can still login to https://company.sharepoint.com/
Get-SPOUser -Site "https://company.sharepoint.com/" -LoginName "test@company.com"
Display Name Login Name Groups User Type
------------ ---------- ------ ---------
test test test@company.com {} Member
Jul 30 2020 07:27 AM
It's possible that even if he's been removed from the Member group he's still got some item level permissions or access to a style gallery. I'd try; -
Jul 30 2020 07:31 AM - edited Jul 30 2020 07:50 AM
Here are permissions:
EditGiven through the "Members" group.
Limited AccessGiven through the "SharePointHome OrgLinks Viewers" group.
On site i want to remove access from,on site permissions, Site visitors are "Everyone except external users"
I located above groups and both have only one member "Everyone except external users"
Is it safe to remove this group ?
Jul 30 2020 07:56 AM
Depends on the use of your site. Your organisation has set ALL users access to these two groups. If you remove "Everyone except external users" from these groups you'll disable everyone that can access the site.
Might be worth discussing this internally with your IT colleagues?
Jul 30 2020 07:57 AM
Hi @jarvis2020 ,
Its not safe to remove that group. Its everyone in your company. So if you remove it from any site all users that are not explicitly given access through another group will loose access to the site.
If you do indeed need everyone in your company to access a site but 1 person not too then the only way to solve that is to create an AD Group for instance "All SharePoint users" and add everyone except that one user, then use that group.
You could maybe block them with conditional access too, may be worth a look.
Jul 30 2020 11:35 AM
@Andrew Hodges , so if i understood correctly, remove "Everyone except external users", and then add
Azure AD group ?
thanks
Jul 30 2020 09:05 PM
Solution
That is right, but make sure everyone is in that AD group apart from that one user otherwise some of your users will loose access.
Jul 30 2020 09:05 PM
Solution
That is right, but make sure everyone is in that AD group apart from that one user otherwise some of your users will loose access.