Is it practically possible to disable EVERYONE permission group from people picker in SharePoint Online ?


Sriram Varadarajan
Enterprise Architect
Published On :   04 Jul 2016
Visit Count
Today :  17    Total :   4488
Plan, Migrate, Secure, Report
SharePoint & Office 365 Tool. Simple & Easy to Use. 15-Day Trial!

SharePoint Office 365 Tool
Simple & Powerful Tool for Migration, Security & Reporting. Free Trial


EVERYONE permission group from the people picker controls throughout the O365 SPO tenant can be hidden with the PowerShell command Set-SPOTenant -ShowEveryoneClaim $false . This change hides the Everyone group but it does not disables it from using it from anywhere.

clip_image002

The Everyone permission allows all accounts from the Active Directory as well as any external account that has been invited from anywhere in the tenant.

A site collection owner could choose not to have the invite external accounts option enabled for their site collection, but by adding the Everyone group, they would invite external participants from across the organisation to have access to their content.

For those who wish to have an open permission for their content, the “Everyone except external users” group can be applied

In addition, individual external accounts can be added to the site, which requires that a more controlled and considered approach is taken when sharing content.

Here is our caveat; this just hides EVERYONE doesn’t disable it, Let’s see where and all we can see EVERYONE group.

From SharePoint admin (tenant), you could still see EVERYONE group getting displayed when you’re trying to add owners/edit the owners from the ribbon.

Assume I would like to change an owner for one my site collection, here is what I would do from the tenant; select the site collection click the owner tab in the ribbon

clip_image004

Select manage administrators underneath it;

Under ALL USERS I could still see Everyone:

clip_image006

2. Next place to see Every One is in our One Drive;

a. Go to One drive site and go to site content

clip_image008

Check the permission of the Document folder that gets created by default by clicking the 3 dots

clip_image010

Click permissions for this document library

clip_image012

Selected the second link; “There are limited access users on this site. Users may have limited access if an item or document under the site has been shared with them”

You will see everyone with limited access;

clip_image014

Conclusion:

After of search and research here is what MS says

This behaviour seen is Intended. The ShowEveryoneClaim setting is meant to be a visibility setting, not a security one.

More details on this can be found here. A bit more investigation revealed that; as we all know SharePoint has got lot of hidden list and libraries and for those to function properly MS still keeps this Everyone group visible in some cases.

SharePoint Usage Reports
Usage reports, collaboration and audit for SharePoint.
Categories

KWizCom Scan