02-04-2019 01:06 AM
02-04-2019 01:06 AM
For the group site when we add "Everyone except external users" to the "Site visitors" to grant people R/O access, it disappears in a while from the Site visitors and people lost access. Adding "Everyone except external users" as domain group in parallel with Site visitors/members/owners groups works.
Is that default behaviour or something is wrong in our configuration?
02-06-2019 02:54 AM
@Sergei Baklan I asked exactly the same question here: https://techcommunity.microsoft.com/t5/Microsoft-SharePoint-Blog/Modernize-your-SharePoint-team-site...
No response as yet.
Also see the same issue being reported by other users in the same thread here: https://techcommunity.microsoft.com/t5/Microsoft-SharePoint-Blog/Modernize-your-SharePoint-team-site...
02-06-2019 02:54 PM
Hi @Abhimanyu Singh , thank you for the link, will add my question to that place as well. I tried to find something similar in Discussions but missed the blog.
02-09-2019 04:06 AM
Kevin, as far as workaround works plus there is no such effect on isolated sites - we will survive. Opening of the support ticket is usually quite time consuming for us. I mean not opening itself, but all following communications and tests. That's for critical cases.
02-28-2019 07:06 AM
Slightly related to this, I have issue with the "Everyone except external users" on Public groups! I want to make an exception and give them Read permissions. As a result, "Everyone except external users" is stored in the underlying Visitors (Read) group. After a couple of days, "Everyone except external users" is back in the Members group and have back their Edit permissions.
This is not a single event - this is the case for all our Public O365 Groups where we want to give them only Read permissions. Anyone has the same issues on their tenant? Ours is located in W-Europe.
03-02-2019 01:18 AM
Interesting, didn't see such. Based on discussion here https://techcommunity.microsoft.com/t5/Microsoft-SharePoint-Blog/Modernize-your-SharePoint-team-site... 'everyone' shall not work with Members/Visitors for public/private groups by design. Instead we have unpredictable behaviour of 'everyone' being added to one of these groups.
03-26-2019 08:08 AM
@Pieter Op De BeéckWe have the same problem (in a Dutch company, so also W-Europe tenant). I thought it must have been a single event changing the group permissions of dozens of our SharePoint sites from read to contribute for the "Everyone except external users" group. But in the audit logs I cannot find anything that happened there, and indeed it can be the case that it happens automatically after some time.
Earlier I found out the Privacy setting of the Group in Teams (in the Edit Team menu) configured after the group permission in the SharePoint site was set effects the private/public setting of the SharePoint site so it can be the cause of our problems. In that case there is no possibility to have SharePoint site where everyone can read, the project team can contribute, and where only the project team can chat in Teams without others reading/editing in Teams as well. Then you have to make private groups, because in the end O365 syncs the different privacy settings on different spots.
03-27-2019 07:53 AM
@MVHBakkerMS states it is by design in this post (march 2019): https://support.microsoft.com/en-us/help/4492201/everyone-except-external-users-group-is-removed
03-30-2019 11:19 AM
I have the exact same issue where I change the permission from edit to read for "Everyone Except External Users" on a "Public" goup site. Sometime after 1 minute or a 1 day it goes back to Edit. At the begining I thought it was related to SP groups I was adding to the site permissions but I noticed it was occurng also on sites where I was just switching permission from edit to read for "Everyone Except External Users".
For me this is a huge security issue. One of my customer found out the issue and do not trust permissions in SharePoint anymore. Issue observed in US and Canada tenants.
I've submitted a case to Microsoft today...
04-01-2019 05:49 AM - edited 04-01-2019 05:51 AM
When site is Private, and you want to give access to the site to "Everyone except external users" read only, we cannot. I too had a same issue and had opened a ticket with Microsoft. They said that it is by design and you cannot use "Everyone except external users" in the Visitors group. A background process is run by Microsoft, that removes this from the Visitors group. You may search your Audit logs in the Security and Compliance center and will get hold of this information. I was able to find this in the Audit logs and hence was sure that it was not done by anyone in my team but Microsoft did it.
For time being the solution, I see is to create your own Security group (or may be a Dynamic group) and add users into that security group. Later, use the security group to add it into your SharePoint Visitors group.
04-01-2019 07:34 AM
Hi @ainnani ,
Yes, it was discussed in the comments to this blog https://techcommunity.microsoft.com/t5/Microsoft-SharePoint-Blog/Modernize-your-SharePoint-team-site... and support article was published https://support.microsoft.com/en-us/help/4492201/everyone-except-external-users-group-is-removed
We add 'everyopne' as domain group in Sharepoint, not as part of any Groups group.
04-09-2019 08:20 PM
I finally got a confirmation by Microsoft support of this issue where changing permission of "Everyone except external users" from "Edit" to "Read" is change back to "Edit" after a period of time on Public O365 group site.
Hope you doing well.
We are following up with you for the issue related to the Modern Sharepoint site and we have reproduced the issue on multiple tenants and found that it is a known issue. We have also discussed your case with my supervisior, also escalated your case to the escalations team and will update you once i will recieve a reply from them.
Thank you for choosing Microsoft online services.
04-24-2019 05:24 PM
@Pieter Op De Beéck , did you find the issue or get information from Microsoft?
On my side I had the worst experience with the escalation team ever... First line of support tells me they can replicate the issue. Then another level of support tell me they can't replicate the issue. Then the escalation team say that this is a known behavior and it is how public group site should work!! So I start to feel they are making fun of me because in my last discussion they tell me they can't reproduce the issue BUT it is a know behavior and it is how it should work...... So how come they can't reproduce the behavior?? So the end of the story is
1) The UI gives you the ability to change permissions for Everyone Except External Users from Edit To Read in public group site
2) If the permissions are set back to edit, well this is how it should work but they can't do it on their side!!
Also, there is a thread on PowerShell PnP where someone creating a public site and setting EEEU from edit to read change back after a couple of minutes after.... https://techcommunity.microsoft.com/t5/SharePoint/Pnp-provisoning-issue-with-permissions-for-Everyon...
What a mess...
04-26-2019 06:13 PM
04-30-2019 02:51 PM
@nenonix , Escalation team is saying that setting read permissions on "Everyone Except External Users" may (or will ??) revert to Edit caused by a background job on public group site and is a normal behavior..... Ticket closed!!!
It's a none sense to me. I asked them to document this behavior because it is not documented. They said they will... I'm eager to read user comments when they will document this !!
So why providing the option to change permissions on public group site if everyone will always have edit access anyway? Go find out....
04-30-2019 03:08 PM
@Martin Coupal I think you should join the discussion on GitHub or add feedback on the document in question. The docs are opensource now, so anyone can contribute. (I work on the freelance team that helps to resolve issues on GitHub and I saw this discussion while trying to figure out a change that mentioned this, but did not explain it very well). You can open a new issue on the content page that should be changed - perhaps this one: https://docs.microsoft.com/en-us/sharepoint/understanding-permission-levels (scroll to the bottom and add your feedback to "this page" to open an issue on GitHub) is where to request that this be documented.
05-31-2019 02:44 AM
@Pieter Op De Beéck Hi Pieter, i have the exact same issue! After creating a new site the "Everyone except external users" group is member of the Members group instead of the Visitors Group. Also West-Europe (The Netherlands). So far i haven't found a solution.
06-03-2019 03:06 AM
@niels_de_kok we did get an answer from Microsoft - hate it or love it; it's all about their vision on teamwork. In addition to the previous answer we tried making it a private group and giving read permissions to Everyone except external members. That was not possible either. Both answers combined provide a good answer to the question.
06-03-2019 03:09 AM
In addition to the solution we were looking for, the following can also provide us with a valid solution: Create a Modern SharePoint Teamsite without Office 365 Group connected to it. Only then we can manage security entirely up to our wishes. Please consider this solutions.
06-04-2019 01:14 PM
@Pieter Op De Beéck , I agree because permissions on SP sites connected to O365 Group are unpredictable due to updates performed by a background job. Behavior observed are different from one tenant to the other.
08-29-2019 01:29 AM
This is happening all by design - but in my opinion, does not make it right.
Microsoft has severely broken the SharePoint permissions model and they have not been able to resolve any of the permissions support calls we've logged. They must have gotten new developers to build the O365 groups platform, people who had absolutely no idea how SharePoint permissions work, and the two are not playing nicely at all. Since when does Microsoft have a say over who we add where in our platforms? That is not on....