Sign in with Microsoft
Sign in or create an account.
Hello,
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.

Summary

This article describes how to understand the extent of the "Everyone" permission that's used in your organization.

More Information

Prerequisites

Assumption

  • Your Microsoft 365 organization is Contoso. Your organization uses contoso.sharepoint.com for SharePoint sites and groups, and contoso-my.sharepoint.com for OneDrive storage.

  • You are an administrator for the organization with the identity of admin@contoso.com.

Process

  1. Configure your tenant to grant the Everyone claim to external users if they're not set already. To do this, run the following cmdlet: 

    Set-SPOtenant -ShowEveryoneClaim $true

  2. Browse to contoso-admin.sharepoint.com, and then sign in by using your admin@contoso.com credentials.

  3. Locate the Site Collections tab in the Admin Center.

  4. Create a new site collection by using the URL contoso.sharepoint.com/sites/externalusertest.

  5. Browse to the site contoso.sharepoint.com/sites/externalusertest.

  6. Click Share, type the contoso_externaluser@outlook.com address, and then click Send to send an invitation to the account.

  7. Sign in to the consumer account contoso_externaluser@outlook.com on a separate computer or by using an in-private browser session.

  8. Click the link in the email invitation, and then sign in by using the contoso_externaluser@outlook.com account. The external user now has access to this site.

  9. Open the SharePoint Search Query Tool.

  10. In the Connection section, type the following:

    SharePoint Site URL: https://contoso.sharepoint.com/sites/externalusertest

    Authentication: Authenticate by using a specific user account

    Authentication Method: SharePoint Online

  11. Click Sign In.

  12. When you are prompted, type the credentials for the consumer account contoso_externaluser@outlook.com. 

    In Query Text, type path:https://contoso.sharepoint.com.

    This constructs a query as follows:

    https://contoso.sharepoint.com/sites/externalusertest/_api/search/query?querytext='path:https://contoso.sharepoint.com'

  13. Click Run to execute the query.

  14. View the Primary Results tab. This lists the content to which external users have access under the root site of your tenancy. Ignore the results from the site to which they were invited (https://contoso.sharepoint.com/sites/externalusertest).

  15. Repeat the query by using the following Query Text to review access to OneDrive content:

    path:https://contoso-my.sharepoint.com

The results will include access to some system ASPX pages that have no content. Those pages can be ignored.

Then, you can investigate any results individually to determine whether they are permissioned correctly.

Reference

For more info about how to govern access of external users in Microsoft 365, refer to the following Microsoft Help article: 

4089534 How to govern access of external users in Microsoft 365

Facebook LinkedIn Email

Need more help?

Want more options?

Discover Community

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Microsoft 365 subscription benefits

Microsoft 365 training

Microsoft security

Accessibility center

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Ask the Microsoft Community

Microsoft Tech Community

Windows Insiders

Microsoft 365 Insiders

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!

×