Mar 26 2019 01:48 AM
Basically, I've setup a Pnp powershell script that is triggered by a site design (site design/script -> flow -> azure queue -> azure function ...) to provision a newly created public Team site in my organization.
This Pnp script adjust, among others, the permission settings for "Everyone except external user" from the standard one (being in the Members group with edit permission) to the Visitor group with read permission.
Here is the part of the provisioning script that set the permission :
While the permission is effectively applied and visible in the newly provisioned site, it is somehow reset after a few minutes to the original setting.
What am I missing here ? Any hints ?
Apr 24 2019 04:26 PM
@Auren10 , I have the exact same issue without using PnP (Just using the UI). After setting permissions for EEEU from edit to read, it will change back to edit after a while.
I've check the audit log and sometimes the change is done by the Microsoft\ServiceAccount or the site owner (knowing the site owner did not change the permission on the site).
This does not occurs in team site not connected to O365 group. I'm sure there is a job issue related to Azure O365 groups doing some changes in SharePoint. I'm struggling with Microsoft to find what is the issue... For now looks to be tenants related (because Microsoft say they can't replicate the issue) but I have customers in Canada and US where the issue occurs... I look forward to see if you will get more details on this.
Apr 24 2019 05:57 PM
@Auren10 this is what I've been told by the escalation team regarding permissions reverting back from read to edit for "Everyone Except External Users" on public group site (which does not makes any sense to me):
Hello Martin,
I just had a discussion with Escalation Team and got to know that this is a known behavior globally. This has been confirmed that this is how a Public Group Site collection should work. In order to get this resolved we can follow either of the following step.
OR
OR
Your patience is highly appreciated
Apr 29 2019 07:39 AM
@Martin Coupalthanks for the reply !
I finally get to a similar solution but on a private team site:
For info:
Adding "Everyone Except External Users" in the "Visitors" group on a private site has a similar behavior as on public site. After some time "Everyone Except External Users" is removed from the "Visitors" group ...
Apr 29 2019 07:41 AM
@Martin Coupal thanks for the reply !
I finally get to a similar solution but on a private team site:
For info:
Adding "Everyone Except External Users" in the "Visitors" group on a private site has a similar behavior as on public site. After some time "Everyone Except External Users" is removed from the "Visitors" group ...
Apr 29 2019 08:01 AM
@Auren10 , For private group site, this is a "By Design" behavior. Personnaly I think this is causing confusion as site owner are allowed to add EEEU and set the permission but a background process "play" with permission. IMO, this is not good.
https://support.microsoft.com/en-us/help/4492201/everyone-except-external-users-group-is-removed
But for public group site I never saw this was a "By design" behavior (And It would not make sense if it was). I'm still in discussion with Microsoft on this. I'm waiting for an answer. Apparently it's not happening on all tenants but surely other people are having the issue (on my side I have the problems with my customers tenants in Canada and my tenant in the US).