Set Guest User Access Expiration in SharePoint Online
When you are sharing, you are caring. But it is important to be cautious when you share!
When you share content with external users, you allow them to collaborate on files and sites within SharePoint online. The external users can be anyone from customers to business partners. So, it is always better to keep your externally shared content safe by configuring the expiration policy to avoid content misuse outside the organization.
Sharing without setting any limits can put you in danger. Let’s see how to set guest user access expiration in SharePoint online prior to sharing something.
Setting Expiration for Guest Access
Setting guest access expiration is configuring a policy that prevents an external user from accessing your shared content after a specific range of time. The shared content can be anything from site to individual files in SharePoint online. As soon as the external user reaches the day of expiration, access to the content is lost unless the expiration is extended.
Two Ways to Configure Guest Access Expiration
You can set user access expiration in SharePoint Online at both tenant level and site level. The settings can be configured both via SharePoint Admin Center and PowerShell in the following way.
How to Configure Guest User Access Expiration in SharePoint Online Admin Center?
Tenant Level Configuration
Step1: Login to Microsoft 365 admin center.
Step2: Select SharePoint from the list of admin centers.
Step3: Under Policies, select and open the ‘sharing’ tab.
Step4: Select More external sharing settings.
Step5: Check the box that shows ‘Guest access to a site or OneDrive will expire automatically after these many days.
Step6: Enter the number of days the user access should expire after.
Step7: Click Save.
Site Level Configuration
You can also configure guest access expiration at the site level. It lets you set different expiration limits for different sites.
Follow the given steps to set guest access expiration at the site level.
Step1: Login to Microsoft 365 admin center.
Step2: Navigate to the SharePoint admin center from the list of admin centers.
Step3: Choose Active sites under sites.
Step4: Select the site which you want to configure the expiration limit -> select sharing.
Step 5: Reach the Expiration of guest access section and select “Guest access expires automatically after this many days” and enter the value from 30 to 730.
Step 6: Then Save.
Note: If you wish to set the limit the same as the organization level setting, select the option shown below.
Use PowerShell to Set Guest User Access Expiration at Tenant Level
To do this,
First, connect to SharePoint online by using the Connect-SPOService cmdlet.
Connect-SPOService -Url https://m365scripts-admin.sharepoint.com/
The above URL is the URL to your SharePoint admin center.
Then, set expiration using the following cmdlet.
Set-SPOTenant -ExternalUserExpirationRequired $True -ExternalUserExpireInDays 150
Use PowerShell to Set Guest User Access Expiration at The Site Level
Follow the steps given below to set expiration to guest access at the site level using PowerShell.
First, connect to SharePoint online Powershell via the Connect-SPOService cmdlet.
Connect-SPOService –Url https://m365scripts-admin.sharepoint.com/
Then set the expiration limit at the site level using the Set-SPOSite cmdlet.
Set-SPOSite -Identity $SiteURL -OverrideTenantExternalUserExpirationPolicy $True -ExternalUserExpirationInDays 35
Here, $SiteURL is the URL to the site you want to set the expiration policy.
Here, the OverrideTenantExternalUserExpirationPolicy part of the script deselects the “Same as organization level setting” for you.
Managing Guest Access Expiration
After you set the expiration limit either at the site level or globally, it is important to manage them for extending or removing the access. You can see the guest expiration managing section for a site by navigating through Site -> Gear icon -> Site Permissions -> Guest Expiration -> Manage
As soon as you share a site with a guest user after setting the policy, you can find their name in the above list and as admin, you can decide whether to extend or remove access. Admin receives alert notifications 21 days prior to access expiry via email.
Additionally, a banner showing details about expiring guest access displays on the web app, 2 to3 weeks before the guest expiration date.
Other Important Things to Know When Setting Up an Expiration Limit
- The threshold limit that you can set for expiration ranges from 30 to 730 days.
- Site level setting for expiration takes precedence over the organization level settings.
- The above-mentioned steps work for Microsoft 365 group-connected sites when you share the whole site itself and for sites that are not connected to Microsoft 365 group, these steps work when you share files and folders within the site.
- The policy won’t affect the guest users with existing site permissions before the policy is configured.
Hope you enjoyed the blog, Feel free for any assistance.