Everyone external Share permission in SharePoint Online per note from MS Support

Copper Contributor

We have enacted the following instructions in SharePoint Online to enable the Anyone external sharing option.

 

Inline image 1

https://support.office.com/en-us/article/Turn-external-sharing-on-or-off-for-SharePoint-Online-62882...

 

We received a note from MS Support saying that in late March, the Everyone sharing option would be changed. See information here: https://support.microsoft.com/en-us/help/4089534/how-to-grant-the-everyone-claim-to-external-users-i...

 

We are unfamiliar with the Everyone setting.

 

I simply would like to confirm that the changes we enacted to enable Anyone external sharing will still be functional past the March 23 date mentioned in that communication.

 

Thanks all.

 

 

 

 

11 Replies

What about the case for SharePoint Sites where Everyone has been used inside SharePoint Groups to grant everyone including External users access/permissions to the site?

Checking our Tenant via Get-SPOTenant PowerShell command the "ShowEveryoneClaim" property is already set to True without any action from us.

So will we and any other Tenant administrator still be impacted on the After March 23 change?

Either run the PowerShell cmdlets like
Set-SPOTenant -ShowAllUsersClaim $true

Or implement an ADD Groups approach?

If this has already been discussed in other threads I hope you can redirect me to it since I didn't find it...

"After this date [March 23, 2018], an external user will see only the content that’s shared with that user or with groups to which the user belongs. External users will no longer see content that’s shared with EveryoneAll Authenticated Users, or All Forms Users. By default, content that’s granted permissions to these groups will be visible only to your organization's users."

So, the article is clear. (see https://support.microsoft.com/en-us/help/4089534/how-to-grant-the-everyone-claim-to-external-users-i...)

But I understand that in your tenant the "ShowEveryoneClaim" property is already set to True without any action from you, hence you want to know what will happen after March 23, 2018.

@Stephen Rice surely knows the answer...

 

Yes that is exactly what I'm trying to establish to better understand if an action is really required or not when it comes to "SharePoint Sites" which is on the list of artifacts in the KB from Microsoft..

By now I have checked 3 different tenants and the property is True for all of them which must be default value when enabling External Sharing on tenant level.. None of these tenants has ever been managed via PowerShell before only via the old SharePoint Admin UI..

@Stephen Rice is it possible for you to help out here to clarify if all our customers will be effected or not after March 23.. They use Everyone role inserted into SharePoint Visitors group on a large number of SharePoint sites to allow internal as well as external accounts read access to content managed on SP sites..

 

Below I have pasted in what Microsoft communicated out in the Admin center/notification and I read it as all tenants needs to do an action to continue as before. But the 3 tenants I have checked all has the Set-SPOTenant -ShowEveryoneClaim set to True without doing anything..

So please help out so it is crystal clear if action is still required or not in relation to SharePoint sites and use of Everybody role...

---

New ways to govern access of external users are coming to Office 365

 

 

 

 

Major update: General Availability rollout started

 
 

Applied to: All customers

 

 

 

 

Starting March 23, 2018, we're giving you new ways to govern access of external users. As part of this update, external users will no longer be able to see content that has been Shared with Everyone, All Authenticated Users, or All Forms Users, even if they have been invited or added to authorized groups.

[How does this affect me?]
In SharePoint Online and OneDrive for Business, sharing resources (files, folders, sites, etc.) with external users is accomplished by sending an invitation to the users directly, or adding them to groups and granting appropriate access levels. As a result, an external user would only see the content that has been shared with the user or with groups to which the user belongs.

After March 23, 2018, external users will no longer see content that has been shared with Everyone, All Authenticated Users, or All Forms Users. Only a small number of tenancies use this permissions model to grant access to their specific external invited guests. Content that has been permissioned to these groups will, by default, be visible only to your users within your organization's tenancy.

[What do I need to do to prepare for this change?]
If you would like to allow external users the ability to see content that has been shared with Everyone, All Authenticated Users, or All Forms Users within your organization's tenancy, as administrator, you still have the ability to do so. Please click Additional Information to learn more about granting sharing permissions.

 

Hi @Freddy Bang,

 

Sorry for the delay, I am following up on this and will get back to you when I have an answer. Thanks!

 

Stephen Rice

OneDrive Program Manager II

Thanks @Stephen Rice hope you can help get a clear understanding this week?

Hey @Freddy Bang,

 

I have an answer for you :) By default, the value of the ShowEveryoneClaim is "unspecified". Get-SPOTenant returns the "effective" value in this case, which is currently "true". After this change goes live, the "effective" value of "unspecified" will be False. We're going to update the documentation to make this more clear (keep an eye out for that in the next few days).

 

In the meantime, if you want to keep the current behavior, you should explicitly set the value to True via PowerShell.

 

I'm not sure if this counts as a "clear" understanding but I hope it helps! Let me know if this doesn't make sense!

 

Stephen Rice

OneDrive Program Manager II

Thanks @Stephen Rice,

I assume I have to look at the documentation for Get-SPOTenant and/or How to govern access of external users in Office 365 or where to keep looking?

Hi Freddy,

 

I think I can give you the relevant info here:

 

If you want documents that are shared with "Everyone" to continue to be accessible by external users (present and future), then run:

 

Set-SPOTenant -ShowEveryoneClaim $true

 

If you want documents that are shared with "Everyone" to only be accessible by internal users, then run:

 

Set-SPOTenant -ShowEveryoneClaim $false

 

Hope that helps!

 

Stephen Rice