Is it practically possible to disable EVERYONE permission group from people picker in SharePoint Online ?

Sriram Varadarajan
 
Solution Architect
July 4, 2016
 
Rate this article
 
Views
13110

EVERYONE permission group from the people picker controls throughout the O365 SPO tenant can be hidden with the PowerShell command Set-SPOTenant -ShowEveryoneClaim $false . This change hides the Everyone group but it does not disables it from using it from anywhere.

clip_image002

The Everyone permission allows all accounts from the Active Directory as well as any external account that has been invited from anywhere in the tenant.

A site collection owner could choose not to have the invite external accounts option enabled for their site collection, but by adding the Everyone group, they would invite external participants from across the organisation to have access to their content.

For those who wish to have an open permission for their content, the “Everyone except external users” group can be applied

In addition, individual external accounts can be added to the site, which requires that a more controlled and considered approach is taken when sharing content.

Here is our caveat; this just hides EVERYONE doesn’t disable it, Let’s see where and all we can see EVERYONE group.

From SharePoint admin (tenant), you could still see EVERYONE group getting displayed when you’re trying to add owners/edit the owners from the ribbon.

Assume I would like to change an owner for one my site collection, here is what I would do from the tenant; select the site collection click the owner tab in the ribbon

clip_image004

Select manage administrators underneath it;

Under ALL USERS I could still see Everyone:

clip_image006

2. Next place to see Every One is in our One Drive;

a. Go to One drive site and go to site content

clip_image008

Check the permission of the Document folder that gets created by default by clicking the 3 dots

clip_image010

Click permissions for this document library

clip_image012

Selected the second link; “There are limited access users on this site. Users may have limited access if an item or document under the site has been shared with them”

You will see everyone with limited access;

clip_image014

Conclusion:

After of search and research here is what MS says

This behaviour seen is Intended. The ShowEveryoneClaim setting is meant to be a visibility setting, not a security one.

More details on this can be found here. A bit more investigation revealed that; as we all know SharePoint has got lot of hidden list and libraries and for those to function properly MS still keeps this Everyone group visible in some cases.

Category : SharePoint

Author Info

Sriram Varadarajan
 
Solution Architect
 
Rate this article
 
Sriram is a Technology Evangelist with 15+ years experience in Microsoft Technologies. He is an enterprise architect working for large pharmaceutical organization which has presence globally with largest Microsoft implementation ...read more
 

Leave a comment