Set Guest User Access Expiration in SharePoint Online

Set Guest User Access Expiration in SharePoint Online

When you are sharing, you are caring. But it is important to be cautious when you share! 

When you share content with external users, you allow them to collaborate on files and sites within SharePoint online. The external users can be anyone from customers to business partners. So, it is always better to keep your externally shared content safe by configuring the expiration policy to avoid content misuse outside the organization. 

Sharing without setting any limits can put you in danger. Let’s see how to set guest user expiration in SharePoint online prior to sharing something. 

Setting Expiration for Guest Access 

Setting guest access expiration is configuring a policy that prevents an external user from accessing your shared content after a specific range of time. The shared content can be anything from site to individual files in SharePoint online. As soon as the external user reaches the day of expiration, access to the content is lost unless the expiration is extended. 

Two Ways to Configure Guest Access Expiration

You can set expiration at both tenant level and site level in SharePoint online. The settings can be configured both via SharePoint Admin Center and PowerShell in the following way. 

How to Configure Guest Access Expiration Via SharePoint Admin Center?

Tenant Level Configuration

Step1: Login to Microsoft 365 admin center.
Step2: Select SharePoint from the list of admin centers.
Step3: Under Policies, select and open the ‘sharing’ tab.
Step4: Select More external sharing settings.
Step5: Check the box that shows ‘Guest access to a site or OneDrive will expire automatically after these many days.
Step6: Enter the number of days the user access should expire after.
Step7: Click Save. 

SharePoint guest access expiration global settings

Site Level Configuration

You can also configure guest access expiration at the site level. It lets you set different expiration limits for different sites.
Follow the given steps to set guest access expiration at the site level.

Step1: Login to Microsoft 365 admin center.
Step2: Navigate to the SharePoint admin center from the list of admin centers.
Step3: Choose Active sites under sites.
Step4: Select the site which you want to configure the expiration limit -> select sharing.
Step 5: Reach the Expiration of guest access section and select “Guest access expires automatically after this many days” and enter the value from 30 to 730.
Step 6: Then Save. 

set expiration at site level

Note: If you wish to set the limit the same as the organization level setting, select the option shown below. 

set expiration same as organization level

Use PowerShell to Set Guest User Access Expiration at Tenant Level

To do this, 

First, connect to SharePoint online by using the Connect-SPOService cmdlet. 

Connect-SPOService -Url https://m365scripts-admin.sharepoint.com/ 

The above URL is the URL to your SharePoint admin center.  

Then, set expiration using the following cmdlet. 

Set-SPOTenant -ExternalUserExpirationRequired $True -ExternalUserExpireInDays 150 

Use PowerShell to Set Guest User Access Expiration at The Site Level

Follow the steps given below to set expiration to guest access at the site level using PowerShell. 

First, connect to SharePoint online Powershell via the Connect-SPOService cmdlet. 

Connect-SPOServiceUrl https://m365scripts-admin.sharepoint.com/

Then set the expiration limit at the site level using the Set-SPOSite cmdlet. 

 Set-SPOSite -Identity $SiteURL -OverrideTenantExternalUserExpirationPolicy $True -ExternalUserExpirationInDays 35 

Here, $SiteURL is the URL to the site you want to set the expiration policy. 

Here, the OverrideTenantExternalUserExpirationPolicy part of the script deselects the “Same as organization level setting” for you.

Managing Guest Access Expiration 

After you set the expiration limit either at the site level or globally, it is important to manage them for extending or removing the access. You can see the guest expiration managing section for a site by navigating through Site -> Gear icon -> Site Permissions -> Guest Expiration -> Manage 

managing guest expiration for a SharePoint site

As soon as you share a site with a guest user after setting the policy, you can find their name in the above list and as admin, you can decide whether to extend or remove access. Admin receives alert notifications 21 days prior to access expiry via email.  

Additionally, a banner showing details about expiring guest access displays on the web app, 2 to3 weeks before the guest expiration date.  

Other Important Things to Know When Setting Up an Expiration Limit 

  • The threshold limit that you can set for expiration ranges from 30 to 730 days. 
  • Site level setting for expiration takes precedence over the organization level settings. 
  • The above-mentioned steps work for Microsoft 365 group-connected sites when you share the whole site itself and for sites that are not connected to Microsoft 365 group, these steps work when you share files and folders within the site. 
  • The policy won’t affect the guest users with existing site permissions before the policy is configured. 

Hope you enjoyed the blog, Feel free for any assistance. 

Set Guest User Access Expiration in SharePoint Online

by Aima time to read: 3 min
0