Manage 'Everyone' and 'Everyone except external users' claim within a SharePoint site using PowerShell
Introduction
As part of Microsoft 365 Copilot readiness, you may want to find where “Everyone and “Everyone except external users” claims are granted permissions which is a cause of oversharing. This blog post will guide you through using PowerShell to manage and audit the “Everyone” and “Everyone except external users” claims within your SharePoint site collection.
For more insights on why the “Everyone except external users” group is riskier than “People in your organization,” refer to Copilot for Microsoft 365 Data Ready – Where “Everyone except external users” group is more risky than “People in your organization” links!.
Hide ‘Everyone’ and ‘Everyone except external users’ claim from people picker in tenant
To hide ‘Everyone’ and ‘Everyone except external users’ claim in the tenant within people picker use the PowerShell snippet
Set-PnPTenant -ShowEveryoneExceptExternalUsersClaim $false -ShowAllUsersClaim $false
Hide ‘Everyone except external users’ claim from people picker within private sites only
Set-PnPTenant -AllowEveryoneExceptExternalUsersClaimInPrivateSite $false
Audit ‘Everyone’ and ‘Everyone except external users’ claim within tenant
To audit where the ‘Everyone’ and ‘Everyone except external users’ claims are granted access within your SharePoint site collection, use the following script:
Output of the script
The results of the output is exported to a csv file
Remove ‘Everyone’ and ‘Everyone except external users’ claim from a SharePoint site
To remove the ‘Everyone’ and ‘Everyone except external users’ claims from a specific SharePoint site, use the following PowerShell commands:
connect-PnPOnline -Url https://reshmeeauckloo.sharepoint.com/sites/sharepointpremium/ -interactive
Get-PnPUser | ? Title -in @("everyone except external users","everyone") | remove-pnpuser
Conclusion
Managing the ‘Everyone’ and ‘Everyone except external users’ claims within your SharePoint site collection is crucial for maintaining data security and preventing oversharing. By using the provided PowerShell scripts, you can effectively hide, audit, and remove these claims, ensuring that your SharePoint environment remains secure and compliant.