Office365:Interesting Stuff about Everyone, All Users, EveryoneExcpetExternalUsers claim groups in SharePoint online


We recently had many Customer’s report the behavior where they are able to Resolve ” Everyone” Or “Everyone Except External Users” Group via the People picker control on their SharePoint online Tenant , while

Trying to Share a Site / List / Document

Adding Permissions   via UI

 

Even when the Admin have set the following properties to Hide these claims at the Tenant Level

PS C:\Windows\system32> Set-SPOTenant -ShowEveryoneClaim $false
PS C:\Windows\system32> Set-SPOTenant -ShowEveryoneExceptExternalUsersClaim $false
PS C:\Windows\system32> Set-SPOTenant -ShowAllUsersClaim $false

https://technet.microsoft.com/en-us/library/fp161390.aspx?f=255&MSPPError=-2147217396

This behavior seen is Intended. The ShowEveryoneClaim setting is meant to be a visibility setting, not a security one. The parameters above are used to prevent end users from accidentally sharing a document . The goal is to make it harder for end users to accidentally share something with these aliases, not prevent the action entirely. If a user is determined to do so (and if they are familiar with some more advanced SharePoint constructs), they will still be able to do so.

These Permissions /Claims cannot be Completely disabled as many of the services in Office 365 SPO require the “Everyone” & “Everyone except external users” which is why they can still be resolved even when the admin has signaled their intent to hide the claims.

Here is more Information about the Default SharePoint Groups in Office 365 :

https://support.office.com/en-us/article/Default-SharePoint-Groups-13BB2B6B-DD8C-447E-B71B-0E4BB9EFE1D3?ui=en-US&rs=en-US&ad=US

 

Post By : Rajan Kapoor [MSFT]


Comments (0)

Skip to main content