SOLVED

Set Default Sharing to "People with Existing Access"

Iron Contributor

@StephenRice , @Stephen Rose

Am trying to set sharing default to "People with Existing Access".

These are the steps I have taken:

1. Set the default sharing link to "Internal"DefaultSharingLink.jpg

 

The result of this is:


DefaultSharingLink2.jpg

 

2. Next I used Powershell to "Disable Company wide Sharing".

Set-SPOSite -Identity  <site-collection> -DisableCompanyWideSharingLinks Disabled

 

The final result is - see below.

Why is it defaulting to "Specific People" instead of "People with existing Access"?

 

DefaultSharingLink3.jpg

 

47 Replies

Seems to be the same in Onedrive-admin console as well.. 

 

Seems like @microsoft has forgot something 😉

best response confirmed by VI_Migration (Silver Contributor)
Solution

Hi @Gilbert Okello,

 

We do not support setting the default to people with existing access. When the default link is not available, we set the default to the next supported default link (which in the case above, is specific people). If this is a capability you're interested, I'd suggest submitting this to onedrive.uservoice.com to help us prioritize the work. Thanks!

 

Stephen Rice

OneDrive Program Manager II

Hi Stephen,

Thanks for the response.

This has already been requested for.. and I went in and voted for it:

 

Here:
https://sharepoint.uservoice.com/forums/330318-sharepoint-administration/suggestions/33706777-add-pe...

This is causing a lot of issues for us as well. I voted for this topic on UserVoice. 

 

We just need Microsoft to add another option... i can't imagine that this would take long to include "People with Existing Access" in a future update:

SharingLinkType enumeration

@StephenRice 

 

Dear Stephen,

This is causing a lot of confusion, because "Share" and "Copy link" are perceived by users with a very different meaning and most of the times the latter is used with the intention to provide a link to people with existing access.

Furthermore, as reported here, there is the problem of (unexpected and undesired) breaking permissions inheritance.

In conclusion I see several issues introduced by the recent changes:

1. Can't get anymore a "restricted link",  a simple and readable url that can be easily shared with people with existing access
2. The default link depends on a combination of different settings but cannot be set to "People with existing access"
3. If the default link type turns out to be "Anyone" or "Anyone in your org with the link" when a user clicks on "Get a link" (with any intention) the default link will be immediately created, breaking the permissions inheritance, which is most of the times undesired and confusing

Possible improvements:
1. "Copy link" should not be used to change permissions, but just provide a link for those who already has access
2. Otherwise, "Copy link" should always be set by default to "people with existing access" and explicitly changed every time if the need is to grant unique permissions

Thanks

 

Hi @Alberto Schiavon,

 

Thanks for providing your feedback! I'll reply back on the other thread around inheritance breaking.

 

Our goal for Share & Copy Link is generally the same: both are about helping users share files with others (including getting shareable links). Copy Link is meant to just be a shortcut for creating a shareable link & copying it to your clipboard. If the default link type is set to "Direct/Specific People", copy link will return the existing access link (as you can't copy a link for a specific person without first naming the person 🙂 ). 


We've certainly heard the feedback around defaulting all sharing links to People with existing access. Nothing to share yet but it is something we are aware of the desire for. Thanks!


Stephen Rice

OneDrive Program Manager II

@Gilbert Okello @StephenRice 

 

I'd just like to provide some context where this functionality would have helped us and our users avoid risk during an intranet migration.

 

As an intranet admin, we periodically move intranet URL e.g. to start using Modern site features.
To stop users getting to the old intranet, we remove them from the "old intranet visitors" group.
BUT
because we could not set the default sharing option in the old intranet to "people with existing access", after we move to the new intranet URL links created using the Share button for "specific users" OR "people in CompanyX with the link" still allow users access to the OLD content.

 

Please provide the facility to set the default share/copy link option to "people with existing access" , so that admins don't have to ShareGate or PowerShell, removing unique permissions on 10000s of files in the old intranet.

 

For collaboration spaces your reasoning behind the way share/copy link options work is perfect. But for authoritative files it introduces risk.
Thanks

Hi @Dorje-McKinnon,

 

Thanks for the feedback and context! As I've mentioned above, there's nothing specific I can say here just yet but we're certainly looking at this area and seeing how we can improve. Thanks!

 

Stephen Rice

OneDrive Program Manager II

@StephenRice Many thanks for getting back to us so quickly.

For those reading we solved this problem using ShareGate

To do this in bulk, you can use ShareGate’s explorer function for a library, select all the items in the library, then click the “Restore inheritance”. This removes the links created by users clicking the Get Link or Share buttons. In our situation this meant the old intranet files still existed BUT were finally no longer accessible to users, thus avoiding an out of date policy or procedure being used.

 

@StephenRice"People with existing access" is the most logical choice when working amongst Office 365 Groups & Teams, which MS has obviously been pushing.  Definite oversight/doesn't fit with MS's evolving access use cases.  I'm voting for the fix, but please ack the user experience gap and push the team.

Hi @Frank McDermott,

 

You can now set People with Existing Access as the default link type for any site collection via PowerShell and this should be available in the modern SharePoint Admin Center soon! We'll continue to listen to feedback here around how we can make further improvements though! Thanks!

 

Stephen Rice

Senior Program Manager, OneDrive

 

 

Hi @StephenRice 

Thanks so much for getting back to this thread.

I used it only yesterday - awesome.

 

Please thank your entire team for all the work I know they're doing in very trying work and personal situations. It makes our lives out here on the front lines easier every day.

 

thanks from the South Pacific

Dorje

@Dorje-McKinnon,

 

My pleasure! I'll be sure to pass this along to the rest of the team!

 

Stephen Rice

Senior Program Manager, OneDrive

@StephenRice 

 

What I don't get, working with MS Teams, every owner of a Team has full access, so if we, as admins set security, they can just override it and do whatever they want, share it with whoever they want within the company (at least we can restrict sharing with external on a tenant level) How can this be solved? Since when does Microsoft think it's ok to let non IT people set security on files and folders? Default usage should be "people with existing access", that's the way it's configured by IT and users can't just go around changing security. With GDPR and ISO certifications in mind, you just can't explain this. This should be the number 1 priority for Teams/Sharepoint, get the security up to business standards.

I ran the command Set-SPOSite -identity https://mytenant.sharepoint.com/ -DefaultLinkToExistingAccess $true

It completed with out any errors however the share sheet default option is still the same “people in my org with link”

How long does the change take to apply?

Is that the right command? Note: I used my tenant when I ran it.

@Arne Vandeleene, thanks for the feedback! Our aim has been to build a lot of great controls here so that admins can tune the experience to fit their specific needs as needed. And we're always looking to improve in this space!

 

@Michael Rennie, the command only works on a per-site basis so if you ran it for mytenant.sharepoint.com, it will only apply on that site collection. You will need to run it for each site collection where you want this default to apply (e.g. tenant.sharepoint.com/teams/team1, tenant.sharepoint.com/sites/projectalpha, etc). 

 

Hope that helps!

 

Stephen Rice

Senior Program Manager, OneDrive

@StephenRice  I was trying to set this today on a couple of sites since my security officer is reviewing our settings, and my PowerShell is giving me an error that the site is a group site and -DefaultSharingToExistingAccess isn't legit for a group site. Am I just behind on my PowerShell module? 16.0.19927.12000 is what I have installed. Or oes this mean not available yet?

 

16.0.19927.12000

Set-SPOSite :
https://XXXX.sharepoint.com/sites/SSSS is a
Groups site collection. The valid parameters for this type of
site collection are '-Identity', '-AllowSelfServiceUpgrade',
'-DefaultLinkPermission', '-DefaultSharingLinkType',
'-DenyAddAndCustomizePages', '-DisableCompanyWideSharingLinks',
'-DisableSharingForNonOwners', '-LockState', '-Owner',
'-ResourceQuota', '-ResourceQuotaWarningLevel',
'-SandboxedCodeActivationCapability', '-SharingCapability',
'-ShowPeoplePickerSuggestionsForGuestUsers',
'-SocialBarOnSitePagesDisabled', '-StorageQuota',
'-StorageQuotaReset', and '-StorageQuotaWarningLevel'.
At line:1 char:1
+ Set-SPOSite -identity
https://XXXX.sharepoint.com/sites/SSSS...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~
+ CategoryInfo : NotSpecified: (:) [Set-SPOSite], Se
rverException
+ FullyQualifiedErrorId : Microsoft.SharePoint.Client.ServerE
xception,Microsoft.Online.SharePoint.PowerShell.SetSite

Hi @Robin Nilsson,

 

It's definitely worth double checking to make sure you have the latest version of PowerShell but I'll double check this on our side. Thanks!

 

Stephen Rice

Senior Program Manager, OneDrive

1 best response

Accepted Solutions
best response confirmed by VI_Migration (Silver Contributor)
Solution

Hi @Gilbert Okello,

 

We do not support setting the default to people with existing access. When the default link is not available, we set the default to the next supported default link (which in the case above, is specific people). If this is a capability you're interested, I'd suggest submitting this to onedrive.uservoice.com to help us prioritize the work. Thanks!

 

Stephen Rice

OneDrive Program Manager II

View solution in original post