Jan 09 2019 12:06 AM
Am trying to set sharing default to "People with Existing Access".
These are the steps I have taken:
1. Set the default sharing link to "Internal"
The result of this is:
2. Next I used Powershell to "Disable Company wide Sharing".
Set-SPOSite -Identity <site-collection> -DisableCompanyWideSharingLinks Disabled
The final result is - see below.
Why is it defaulting to "Specific People" instead of "People with existing Access"?
Jan 09 2019 02:48 AM
Seems to be the same in Onedrive-admin console as well..
Seems like @microsoft has forgot something 😉
Jan 09 2019 09:55 AM
SolutionHi @Gilbert Okello,
We do not support setting the default to people with existing access. When the default link is not available, we set the default to the next supported default link (which in the case above, is specific people). If this is a capability you're interested, I'd suggest submitting this to onedrive.uservoice.com to help us prioritize the work. Thanks!
Stephen Rice
OneDrive Program Manager II
Jan 09 2019 10:56 AM
Hi Stephen,
Thanks for the response.
This has already been requested for.. and I went in and voted for it:
Feb 11 2019 10:42 AM
This is causing a lot of issues for us as well. I voted for this topic on UserVoice.
We just need Microsoft to add another option... i can't imagine that this would take long to include "People with Existing Access" in a future update:
May 03 2019 06:23 AM
Dear Stephen,
This is causing a lot of confusion, because "Share" and "Copy link" are perceived by users with a very different meaning and most of the times the latter is used with the intention to provide a link to people with existing access.
Furthermore, as reported here, there is the problem of (unexpected and undesired) breaking permissions inheritance.
In conclusion I see several issues introduced by the recent changes:
1. Can't get anymore a "restricted link", a simple and readable url that can be easily shared with people with existing access
2. The default link depends on a combination of different settings but cannot be set to "People with existing access"
3. If the default link type turns out to be "Anyone" or "Anyone in your org with the link" when a user clicks on "Get a link" (with any intention) the default link will be immediately created, breaking the permissions inheritance, which is most of the times undesired and confusing
Possible improvements:
1. "Copy link" should not be used to change permissions, but just provide a link for those who already has access
2. Otherwise, "Copy link" should always be set by default to "people with existing access" and explicitly changed every time if the need is to grant unique permissions
Thanks
May 09 2019 11:50 AM
Thanks for providing your feedback! I'll reply back on the other thread around inheritance breaking.
Our goal for Share & Copy Link is generally the same: both are about helping users share files with others (including getting shareable links). Copy Link is meant to just be a shortcut for creating a shareable link & copying it to your clipboard. If the default link type is set to "Direct/Specific People", copy link will return the existing access link (as you can't copy a link for a specific person without first naming the person 🙂 ).
We've certainly heard the feedback around defaulting all sharing links to People with existing access. Nothing to share yet but it is something we are aware of the desire for. Thanks!
Stephen Rice
OneDrive Program Manager II
Jun 13 2019 04:03 PM
I'd just like to provide some context where this functionality would have helped us and our users avoid risk during an intranet migration.
As an intranet admin, we periodically move intranet URL e.g. to start using Modern site features.
To stop users getting to the old intranet, we remove them from the "old intranet visitors" group.
BUT
because we could not set the default sharing option in the old intranet to "people with existing access", after we move to the new intranet URL links created using the Share button for "specific users" OR "people in CompanyX with the link" still allow users access to the OLD content.
Please provide the facility to set the default share/copy link option to "people with existing access" , so that admins don't have to ShareGate or PowerShell, removing unique permissions on 10000s of files in the old intranet.
For collaboration spaces your reasoning behind the way share/copy link options work is perfect. But for authoritative files it introduces risk.
Thanks
Jun 13 2019 04:06 PM
Hi @Dorje-McKinnon,
Thanks for the feedback and context! As I've mentioned above, there's nothing specific I can say here just yet but we're certainly looking at this area and seeing how we can improve. Thanks!
Stephen Rice
OneDrive Program Manager II
Jun 13 2019 05:13 PM
@StephenRice Many thanks for getting back to us so quickly.
For those reading we solved this problem using ShareGate
To do this in bulk, you can use ShareGate’s explorer function for a library, select all the items in the library, then click the “Restore inheritance”. This removes the links created by users clicking the Get Link or Share buttons. In our situation this meant the old intranet files still existed BUT were finally no longer accessible to users, thus avoiding an out of date policy or procedure being used.
Mar 31 2020 09:52 AM
@StephenRice"People with existing access" is the most logical choice when working amongst Office 365 Groups & Teams, which MS has obviously been pushing. Definite oversight/doesn't fit with MS's evolving access use cases. I'm voting for the fix, but please ack the user experience gap and push the team.
Mar 31 2020 02:17 PM
Hi @Frank McDermott,
You can now set People with Existing Access as the default link type for any site collection via PowerShell and this should be available in the modern SharePoint Admin Center soon! We'll continue to listen to feedback here around how we can make further improvements though! Thanks!
Stephen Rice
Senior Program Manager, OneDrive
Mar 31 2020 02:19 PM
Much appreciated @StephenRice !
Mar 31 2020 03:32 PM
Hi @StephenRice
Thanks so much for getting back to this thread.
I used it only yesterday - awesome.
Please thank your entire team for all the work I know they're doing in very trying work and personal situations. It makes our lives out here on the front lines easier every day.
thanks from the South Pacific
Dorje
Apr 02 2020 10:01 AM
My pleasure! I'll be sure to pass this along to the rest of the team!
Stephen Rice
Senior Program Manager, OneDrive
Apr 08 2020 02:51 PM
What I don't get, working with MS Teams, every owner of a Team has full access, so if we, as admins set security, they can just override it and do whatever they want, share it with whoever they want within the company (at least we can restrict sharing with external on a tenant level) How can this be solved? Since when does Microsoft think it's ok to let non IT people set security on files and folders? Default usage should be "people with existing access", that's the way it's configured by IT and users can't just go around changing security. With GDPR and ISO certifications in mind, you just can't explain this. This should be the number 1 priority for Teams/Sharepoint, get the security up to business standards.
Apr 09 2020 08:24 PM
Apr 10 2020 09:31 AM
@Arne Vandeleene, thanks for the feedback! Our aim has been to build a lot of great controls here so that admins can tune the experience to fit their specific needs as needed. And we're always looking to improve in this space!
@Michael Rennie, the command only works on a per-site basis so if you ran it for mytenant.sharepoint.com, it will only apply on that site collection. You will need to run it for each site collection where you want this default to apply (e.g. tenant.sharepoint.com/teams/team1, tenant.sharepoint.com/sites/projectalpha, etc).
Hope that helps!
Stephen Rice
Senior Program Manager, OneDrive
Apr 13 2020 10:35 AM
@StephenRice I was trying to set this today on a couple of sites since my security officer is reviewing our settings, and my PowerShell is giving me an error that the site is a group site and -DefaultSharingToExistingAccess isn't legit for a group site. Am I just behind on my PowerShell module? 16.0.19927.12000 is what I have installed. Or oes this mean not available yet?
16.0.19927.12000
Set-SPOSite :
https://XXXX.sharepoint.com/sites/SSSS is a
Groups site collection. The valid parameters for this type of
site collection are '-Identity', '-AllowSelfServiceUpgrade',
'-DefaultLinkPermission', '-DefaultSharingLinkType',
'-DenyAddAndCustomizePages', '-DisableCompanyWideSharingLinks',
'-DisableSharingForNonOwners', '-LockState', '-Owner',
'-ResourceQuota', '-ResourceQuotaWarningLevel',
'-SandboxedCodeActivationCapability', '-SharingCapability',
'-ShowPeoplePickerSuggestionsForGuestUsers',
'-SocialBarOnSitePagesDisabled', '-StorageQuota',
'-StorageQuotaReset', and '-StorageQuotaWarningLevel'.
At line:1 char:1
+ Set-SPOSite -identity
https://XXXX.sharepoint.com/sites/SSSS...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~
+ CategoryInfo : NotSpecified: (:) [Set-SPOSite], Se
rverException
+ FullyQualifiedErrorId : Microsoft.SharePoint.Client.ServerE
xception,Microsoft.Online.SharePoint.PowerShell.SetSite
Apr 13 2020 10:38 AM
Hi @Robin Nilsson,
It's definitely worth double checking to make sure you have the latest version of PowerShell but I'll double check this on our side. Thanks!
Stephen Rice
Senior Program Manager, OneDrive
Jan 09 2019 09:55 AM
SolutionHi @Gilbert Okello,
We do not support setting the default to people with existing access. When the default link is not available, we set the default to the next supported default link (which in the case above, is specific people). If this is a capability you're interested, I'd suggest submitting this to onedrive.uservoice.com to help us prioritize the work. Thanks!
Stephen Rice
OneDrive Program Manager II