Revoke guest access to SharePoint Online and OneDrive after a defined period of time
Update 19/05/2021 : Microsoft has updated the rollout timeline. The roll out will begin at the end of May
You will soon be able to create a policy that automatically revokes access for external guests to SharePoint Online (SPO) sites and individual OneDrives after a defined period of time.
When will this happen
Microsoft will gradually roll this out
in late August and expect rollout to be complete at the end of October. at the end of May and complete by the end of June.
How this affects your organization
One of the strengths of SharePoint and OneDrive is that it facilitates sharing and collaborating among peers, not only within an organization but also with people outside the organization (guests).
In order to better manage sharing, tenant admins will be able to create a policy to revoke guest access to SPO sites and individual OneDrives after a defined period of time. With this policy, you can limit guest user access; thus guests who are no longer active partners will not retain indefinite access to documents and files.
- This policy is not retroactive; it does not apply to guests who already have access to sites, documents and files.
- The policy applies to a user’s access to a given SPO site or individual OneDrive. When the access period reaches your policy threshold, such as 10 days, then the guest loses access to all content in that site. Guest access expires on a site-by-site basis, determined by when the guest was granted access to each site, whether that is an SPO site or an individual OneDrive.
- After a guest loses access to a site, any user with the ability to share content externally can re-invite the guest to each document or item as needed.
SharePoint site administrators can extend access at any time, up to the limit of the tenant policy. For example, if the tenant policy is 10 days, and today is the 10th of the month, the SharePoint site admin could extend access for an external guest to the 20th of the month. There is no limit on the number of time a site admin can extend access.
SharePoint site administrators will receive e-mail notifications advising of upcoming guest user access expirations.
What do you need to do?
If you plan to enable this feature, be sure to inform your SharePoint site administrators and users about the new process so that they are prepared to manage guest access as needed.
You can enable this policy, which applies to both SPO and OneDrive, in the SharePoint admin center.