Microsoft Office Sharepoint

All my posts are provided "AS IS" with no warranties, and confer no rights.

Spell it out (or why my Everyone But External Users or Everyone gets removed automatically from a modern Site group membership)

This is a recurrent one mostly coming from experienced SharePoint Admins that see their configured security settings are not persisted over night.

Scenario:

You have created a modern team site in SharePoint.

As a SharePoint Admin you go into the site permissions and add “Everyone but external users” claim to the group members. Later on when you verify the permissions ( or after getting messages from disgruntled users that are not part of the group) you see that the claim is no longer there. Set it again ( maybe you forgot to add it) , it disappears again.

Before you question your mental health as to whether you are remembering it correctly, here is one explanation:

From: “Learn about O365 Modern Groups”

“When creating a group you’ll need to decide if you want it to be a private group or a public group.

Content in a public group can be seen by anybody in your organization, and anybody in your organization is able to join the group. Content in a private group can only be seen by the members of the group and people who want to join a private group have to be approved by a group owner.”

So if you have a private group (and by default they’re private) and add any Everyone claim … what type of privacy is that please ???

The platform enforces this and removes the Everyone (…) claims from private groups if it finds them, to be in sync with the fact that the group stays private and does not potentially “leak” information.

In other words: private group + everyone allowed = logic fail  (you’re doing it wrong).

If you want a modern team site with Everyone (with or without externals) in it, make sure you create a public group.

Wondering how to switch?

Here

P.S. Word of advice for the Admins still using /user.aspx to manage modern team site permissions:

Out of the box Modern Team site permissions are dictated through the associated O365 Group membership.

V