Control SharePoint Online Guest Access From Tenant Admin Center

Introduction

 
Recently, Microsoft has announced that now SharePoint tenant admin can manage how long guests can access SharePoint Online and OneDrive documents. In this article, we will learn about how a SharePoint Online tenant admin can control guest access in terms of the number of days.
 
What will you learn from this tutorial?
  • What is the use of having an external sharing policy in SharePoint or OneDrive?
  • The key points of “Manage how long guests can access SharePoint Online and OneDrive documents” feature status
  • Microsoft Update Number & Details:
  • When the "Manage how long guests can access SharePoint Online and OneDrive documents" feature will be available across tenant?
  • When the "Manage how long guests can access SharePoint Online and OneDrive documents" feature will be available across tenant?
  • How will "Manage how long guests can access SharePoint Online and OneDrive documents" feature affect your organization?
  • What do we need to prepare for this change?
  • Practically verify what exactly this "Manage how long guests can access SharePoint Online and OneDrive documents" feature 
 

What is the use of having an external sharing policy in SharePoint or OneDrive?

 
Generally, we can share SharePoint documents within the domain of the tenant i.e. the user within the organization domain, however, due to business needs, sometimes we might need to share the SharePoint documents to the external users (outside the organization), for that SharePoint tenant administrator used to enable the guest sharing policy, but there was no policy or configuration using which tenant administrator could control how long the guest users can access the SharePoint documents or contents.
 
Now with this new external sharing policy feature, the SharePoint tenant administrator can configure (in a number of days) how long guests can access SharePoint Online and OneDrive documents after sharing it.
 
The key points of "Manage how long guests can access SharePoint Online and OneDrive documents" feature status
 
Admins and end users can expire shares to external users.
  • Featured ID: 43797
  • Added to Roadmap: 11/8/2018
  • Last Modified: 8/14/2020
  • Tags: Worldwide (Standard Multi-Tenant), General Availability, OneDrive
Microsoft Update Number & Details 
 
MC220791, Stay Informed, Published date: Aug 21, 2020
 
We will soon be able to create a policy that automatically revokes access for external guests to SharePoint Online (SPO) sites and individual OneDrives after a defined period of time.
 
This message is associated with Microsoft 365 Roadmap ID 43797.
 
When the "Manage how long guests can access SharePoint Online and OneDrive documents" feature will be available across tenant? 
 
Microsoft will gradually roll this out in late August and expect the rollout to be complete at the end of October.
 

How will "Manage how long guests can access SharePoint Online and OneDrive documents" feature affect your organization?

 
One of the strengths of SharePoint and OneDrive is that it facilitates sharing and collaborating among peers, not only within an organization but also with people outside the organization (guests).
 
In order to better manage sharing, tenant admins will be able to create a policy to revoke guest access to SPO sites and individual OneDrives after a defined period of time. With this policy, you can limit guest user access; thus guests who are no longer active partners will not retain indefinite access to documents and files.
 
This policy is not retroactive; it does not apply to guests who already have access to sites, documents, and files.
 
The policy applies to a user’s access to a given SPO site or individual OneDrive. When the access period reaches your policy threshold, such as 10 days, then the guest loses access to all content in that site. Guest access expires on a site-by-site basis, determined by when the guest was granted access to each site, whether that is an SPO site or an individual OneDrive.
 
After a guest loses access to a site, any user with the ability to share content externally can re-invite the guest to each document or item as needed.
 
SharePoint site administrators can extend access at any time, up to the limit of the tenant policy. For example, if the tenant policy is 10 days, and today is the 10th of the month, the SharePoint site admin could extend access for an external guest to the 20th of the month. There is no limit on the number of times a site admin can extend access.
SharePoint site administrators will receive e-mail notifications advising of upcoming guest user access expirations.
 

What should we need to prepare for this change? 

 
If you plan to enable this feature, be sure to inform your SharePoint site administrators and users about the new process so that they are prepared to manage guest access as needed.
 
You can enable this policy, which applies to both SPO and OneDrive, in the SharePoint admin center.
 
Practically verify what exactly this "Manage how long guests can access SharePoint Online and OneDrive documents" feature,
 
If we login to the SharePoint Online admin site URL, then navigate to the Policy -> Sharing -> More external sharing settings, we cannot see the checkbox "Guest access to a site or OneDrive will expire automatically after this many days".
 
Guest access to a site or OneDrive will expire automatically after this many days
 
However, after this new release from Microsoft from October 2020, if we navigate to the Policy Sharing page from the SharePoint admin center, we will see the new checkbox to configure "Guest access to a site or OneDrive will expire automatically after this many days".
 
Guest access in SharePoint Online Policy
 

Summary

 
Thus, in this article, we learned about how a SharePoint Online tenant admin can configure guest access for SharePoint and OneDrive documents.