Microsoft OneDrive: We will remove the EEEU sharing permission from root web and default document library [MC1013464]

Microsoft OneDrive: We will remove the EEEU sharing permission from root web and default document library [MC1013464]

Message ID: MC1013464

EEEU, which stands for Everyone Except External Users, is a permission setting used in Microsoft SharePoint and Microsoft OneDrive to manage access to content. This setting allows all internal users in an organization to access certain content while excluding external users. We discourage use of this setting due to concerns about inadvertent oversharing of user data.

[What is changing]

Starting April 10, 2025 and ending by September 30, 2025, we will run logic to detect and remove the EEEU permission from the root site of each user’s OneDrive and the default document library in OneDrive.

[How this will affect your organization:]

Before this retirement, apps, processes, or users may be able to discover and access content from OneDrive because of the inadvertent presence of EEEU in the root web and default document library in OneDrive. After the EEEU permission is removed, these apps, processes, and users will lose access to the content from the affected OneDrive accounts. Users, processes, and apps that were granted direct permissions to specific files and folders of a OneDrive account will not be impacted and will continue to retain their access.

We recommend OneDrive owners and OneDrive admins give explicit permission to individual files and folders in OneDrive to be accessed by one or more users or apps.

[What you need to do to prepare:]

This change will happen automatically by the specified date. No admin action is required. Please notify your users about this change and update relevant documentation. If you have questions or wish to discuss more, please open a support ticket.

Learn more: The section called Use Microsoft Entra groups and dynamic membership instead of default claims in Grant Everyone claim to external users in Microsoft 365 – Microsoft 365 | Microsoft Learn

Source: Microsoft

Show 3 Comments

3 Comments

  1. Mike Rosoft

    The recent announcement regarding the removal of the Everyone Except External Users (EEEU) sharing permission from the root web and default document library in OneDrive is set to create ripples across both administrative and user landscapes.

    For admins, this change means a shift in how permissions are managed. The EEEU setting, while convenient, has posed risks of unintended data exposure. With its removal, admins will have to adopt a more granular approach to sharing. This could mean a bit more work in the short term as they ensure that all necessary files and folders are explicitly shared with the right individuals or groups. However, this increased diligence will ultimately lead to a more secure environment for sensitive information.

    Users, on the other hand, might initially feel the impact of this update as their access to certain content may change. The good news is that users who have been granted direct permissions to specific files and folders will remain unaffected. It’s an opportunity for users to become more aware of their access rights and perhaps even engage in some housekeeping of their own shared content.

    In terms of overall impact, this change is quite significant. By curbing the potential for oversharing, it helps protect user data and reinforces a culture of responsible data management within organizations.

    So, while this may feel like a bump in the road for some, it’s ultimately a step toward a more secure and organized OneDrive experience. It’s like cleaning out your closet—initially a hassle, but so rewarding once you see the tidy results!

    I’d love to hear your thoughts on this update! How do you think it will affect your workflow? Share your comments below, and let’s start a conversation! For more insights, don’t forget to check out additional posts on mwpro.co.uk.

  2. James Rinke

    Is EEEU the same thing as the “People in Your Organization” file sharing option in SharePoint?

    I have never seen EEEU as a file sharing option. I have seen it as a group which can be added to a SharePoint permissions group. We (and many other companies) use that to grant access to intranet sites for everyone in our org (except external users of course). We add EEEU to the SharePoint visitors (read only) group for the site.

    Do we need to use a different method for granting read only access to everyone in our organization?
    If so, what method do you recommend?

    • Mike Rosoft

      Hi James,

      Thank you for your comment!

      You’re absolutely right—while the “Everyone Except External Users” (EEEU) permission and the “People in Your Organization” sharing option in SharePoint may seem similar, they serve different purposes.

      EEEU is a security group that automatically includes all internal users in your organization but excludes external users. This group can be assigned to SharePoint permission groups (e.g., the Visitors group) to provide read-only access to all employees.
      “People in Your Organization” is a file-sharing setting that allows you to share content with all internal users, but it is not a security group and cannot be added to SharePoint permission groups.

      With Microsoft’s decision to remove the EEEU permission from OneDrive and SharePoint, you’ll need an alternative way to grant read-only access to all internal users. Here are a few recommended approaches:

      Alternative Solutions:
      Microsoft Entra Groups (formerly Azure AD):
      Create a dynamic security group in Microsoft Entra that includes all internal users.
      Add this group to the SharePoint Visitors group to grant organization-wide read-only access.

      Microsoft 365 Groups:
      Set up a Microsoft 365 Group that includes all internal users.
      Add this group to the SharePoint Visitors group to maintain read-only access.

      Explicit Permissions:
      Manually assign read-only access to specific files, folders, or sites by adding users or groups directly to the SharePoint Visitors group.

      By implementing one of these alternatives, you can ensure seamless read-only access for your users without relying on the EEEU permission.

Comments are closed