Set Guest User Access Expiration in SharePoint Online
When you are sharing, you are caring. But it is important to be cautious when you share!
When you share content with external users, you allow them to collaborate on files and sites within SharePoint online. The external users can be anyone from customers to business partners. So, it is always better to keep your externally shared content safe by configuring the expiration policy to avoid content misuse outside the organization.
Sharing without setting any limits can put you in danger. Let’s see how to set guest user access expiration in SharePoint online prior to sharing something.
Setting guest access expiration is configuring a policy that prevents an external user from accessing your shared content after a specific range of time. The shared content can be anything from site to individual files in SharePoint online. As soon as the external user reaches the day of expiration, access to the content is lost unless the expiration is extended.
Also, if a site gets shared with desired permissions, external users can created folders or upload files on SharePoint sites. So, setting expiration is essential to avoid unwanted actions. Moreover, files & folders created by external users should be reviewed periodically to identify and prevent malicious file uploads.
You can set user access expiration in SharePoint Online at both tenant level and site level. The settings can be configured both via SharePoint Admin Center and PowerShell in the following way.
Tenant Level Configuration
Step1: Login to Microsoft 365 admin center.
Step2: Select SharePoint from the list of admin centers.
Step3: Under Policies, select and open the ‘sharing’ tab.
Step4: Select More external sharing settings.
Step5: Check the box that shows ‘Guest access to a site or OneDrive will expire automatically after these many days.
Step6: Enter the number of days the user access should expire after.
Step7: Click Save.
Site Level Configuration
You can also configure guest access expiration at the site level. It lets you set different expiration limits for different sites.
Follow the given steps to set guest access expiration at the site level.
Step1: Login to Microsoft 365 admin center.
Step2: Navigate to the SharePoint admin center from the list of admin centers.
Step3: Choose Active sites under sites.
Step4: Select the site which you want to configure the expiration limit -> select sharing.
Step 5: Reach the Expiration of guest access section and select “Guest access expires automatically after this many days” and enter the value from 30 to 730.
Step 6: Then Save.
Note: If you wish to set the limit the same as the organization level setting, select the option shown below.
To do this,
First, connect to SharePoint online by using the Connect-SPOService cmdlet.
Connect-SPOService -Url https://m365scripts-admin.sharepoint.com/
The above URL is the URL to your SharePoint admin center.
Then, set expiration using the following cmdlet.
Set-SPOTenant -ExternalUserExpirationRequired $True -ExternalUserExpireInDays 150
Follow the steps given below to set expiration to guest access at the site level using PowerShell.
First, connect to SharePoint online Powershell via the Connect-SPOService cmdlet.
Connect-SPOService –Url https://m365scripts-admin.sharepoint.com/
Then set the expiration limit at the site level using the Set-SPOSite cmdlet.
Set-SPOSite -Identity $SiteURL -OverrideTenantExternalUserExpirationPolicy $True -ExternalUserExpirationInDays 35
Here, $SiteURL is the URL to the site you want to set the expiration policy.
Here, the OverrideTenantExternalUserExpirationPolicy part of the script deselects the “Same as organization level setting” for you.
After you set the expiration limit either at the site level or globally, it is important to manage them for extending or removing the access. You can see the guest expiration managing section for a site by navigating through Site -> Gear icon -> Site Permissions -> Guest Expiration -> Manage
As soon as you share a site with a guest user after setting the policy, you can find their name in the above list and as admin, you can decide whether to extend or remove access. Admin receives alert notifications 21 days prior to access expiry via email.
Additionally, a banner showing details about expiring guest access displays on the web app, 2 to3 weeks before the guest expiration date.
- The threshold limit that you can set for expiration ranges from 30 to 730 days.
- Site level setting for expiration takes precedence over the organization level settings.
- The above-mentioned steps work for Microsoft 365 group-connected sites when you share the whole site itself and for sites that are not connected to Microsoft 365 group, these steps work when you share files and folders within the site.
- The policy won’t affect the guest users with existing site permissions before the policy is configured.
Setting up guest user access expiration is easy but monitoring guest user access policies can be a complex task. To track the access expiration of guest users, you must manually access the guest expiration management section for each SharePoint Online site individually. Unfortunately, it lacks detailed and necessary information about the policy configurations.
Don’t worry! AdminDroid acts as a game changer that simplifies the monitoring of guest user access expiration by giving deep drilled details at ease.
AdminDroid’s “Guest Access Expiration Changes” report helps you track expiration changes by giving information about the extended or removed guest user expiration for sharing invitations.
It will keep you up to date on changes made in the expiration policy by giving necessary insights such as the guest user for whom the expiration was modified, the user who made the change, the time of the modification, and so on.
Additionally, with AdminDroid’s SharePoint Online auditing tool, you can keep track of all sharing policy changes, thereby controlling the access and permissions granted to external users. Also, to help you protect the organization’s data from various threats, AdminDroid offers extensive metrics on SharePoint Online files, folders, pages, DLP activities, memberships, etc.
Furthermore, the AdminDroid SharePoint Online reporting tool provides you complete visibility over SharePoint sites, site collection details, SPO site usage, SPO lists/document libraries, etc. for efficient SharePoint Online management.
AdminDroid doesn’t gets over with the above, to analyze your entire SPO environment at a glance, it provides a visually appealing SharePoint Online dashboard. This will give you an overview of all the SharePoint Online content for effective SharePoint Online management.
Download AdminDroid and see how it helps you in guest user access management!
Hope you enjoyed the blog, Feel free for any assistance.