Root site permissions

Brass Contributor

Hi,

 

I am in the process of replacing my old root site (SharePoint online) with a new Communication site we created.

I read that: 

Review your source site to make sure it has the same policies, permissions, and external sharing settings as your current root site.

As our new root site is the top of our intranet I have set permissions on the site so that it can't be shared outside the organisation. Then I added some AD groups to let specific users access (in the visitors group) and we have a few users specifically being in the Owners group. 

Our current root site has the default "Everyone Except External Users" in the visitors group and specific users in the Owners group.

Also the current site has external sharing enabled.

 

Can anyone help me understand what would happen if I go on and use the settings that I have on my new site (no external sharing and specific AD groups in the visitors group) and swap it in as the new root site?

If it is not advisable to use a site with no external sharing as the root site, can anyone let me know how I can explain to my security guy why we need external sharing enabled on our top Intranet site?

Thanks in advance :)

4 Replies

You need to enable external sharing only if you have Guests who needs access to your root site. In general it is advisable to add everyone in the company as a visitor to your Intranet home page assuming you want everyone in the company to access Intranet (news, events etc that comes with it).

To answer your question - if you swap your new Communication site as home site without sharing it with everyone, users who are not part of your specific AD group will start experiencing problems. Access denied to Intranet to start with and depending on what services you have configured, like Viva Connections will be impacted. Any automations or Apps built in your home site will be impacted.

Thanks for your answer :)
Can you perhaps help me understand what specific scenarios I could have where guests would need to access our root site?
I mean, we have Teams where guests are allowed in, but I don't see what would cause guests to access our root site - especially because it is going to be the top intranet site.
But am I missing something?
I think I will put the "everyone except external users" in the visitors group, to prevent issues for our internal users, but I still don't see the use for external access.
So I hope that you perhaps could elaborate or tell me about scenarios where external access would be needed to our new root site.
Thanks in advance :)
I personally cannot think of any scenario where Guests need access to Intranet and would never do that.
But I don’t know about your Intranet, may be work work with your content creators to understand why it was allowed earlier ?
Thanks :)
But unfortunately there is nobody I can ask. The setup was created by an external company and the then admin is not here anymore.
But thank you very much for your answer :folded_hands::)