SharePoint Online: Enable or Disable the “Everyone”, “Everyone except external users” Groups using PowerShell

Requirement: Enable or Disable the “Everyone” and “Everyone except external users” groups in SharePoint Online.

“Everyone” claims in SharePoint Online consist of all users already having access to the site – This includes all accounts from the authentication provider (typically Active Directory) as well as any external accounts that are invited to the tenant. This is equivalent to the “all authenticated users” who need to log in (not anonymous users). Here’s a step-by-step guide to enabling or disabling the “Everyone” and “Everyone except external users” groups in SharePoint Online:

sharepoint online enable disable everyone group

Check if the “Everyone” group is enabled or Disabled:

From the SharePoint Online Management Shell, Type Get-SPOTenant to get all the SharePoint Online tenant properties, which tells us whether the “Everyone” and “Everyone Except External Users” groups are hidden. The “Everyone” group can be hidden from the Office 365 SharePoint Online tenant people picker with the below PowerShell script.

How to disable Everyone Group in SharePoint Online?

To disable everyone, use the Set-SPOTenant cmdlet in the SharePoint Online Management Shell:

#SharePoint Online Admin Center URL
$AdminURL = "https://Crescent-admin.sharepoint.com/"

#Connect to SharePoint Online
Connect-SPOService -url $AdminURL -credential (Get-Credential)

#Disable Everyone group
Set-SPOTenant -ShowEveryoneClaim $False

SharePoint Online – Enable Everyone group

If the “Everyone” group is missing, enable it with PowerShell below.

#Disable Everyone group
Set-SPOTenant -ShowEveryoneClaim $True

SharePoint Online: Disable Everyone except external users

When you add a new user in Office 365, The user becomes a member of the “Everyone except external users” group automatically, which is granted member permissions of the site by default. To grant all internal users (employees) access to a SharePoint site, You can use the “Everyone except external users” Group.

Typically, when you need to make a site available to everyone in your organization (E.g., Intranet Site), you use “Everyone except external users group” instead of “Everyone” Group. In case you want to disable “Everyone Except External Users”, you can set the “ShowEveryoneExceptExternalUsersClaim” value to “False.”

#SharePoint Online Admin Center URL
$AdminURL = "https://Crescent-admin.sharepoint.com"

#Connect to SharePoint Online
Connect-SPOService -url $AdminURL -credential (Get-Credential)

#Disable Everyone group
Set-SPOTenant -ShowEveryoneExceptExternalUsersClaim $False 

This hides “everyone except external users” in SharePoint Online. On the other hand, If the “Everyone except external users” is not working in SharePoint Online, You can enable it with the following:

Set-SPOTenant -ShowEveryoneExceptExternalUsersClaim $True 
SharePoint Online Remove Everyone except external users

Please note, these changes do not impact any existing permissions. And we can’t add/remove users to these two built-in groups!

PnP PowerShell to Enable “Everyone” or “Everyone Except External Users”

Use this PnP PowerShell script to enable Everyone and Everyone except external users in SharePoint Online people picker.

#Config Variables
$AdminCenterURL = "https://crescent-admin.sharepoint.com"
  
#Connect to PnP Online
Connect-PnPOnline -Url $AdminCenterURL -Interactive

#hide the "Everyone Except External Users" claim in People Picker
Set-PnPTenant -ShowEveryoneExceptExternalUsersClaim $True

#Show "Everyone" in people picker
Set-PnPTenant -ShowEveryoneClaim $True

Salaudeen Rajack

Salaudeen Rajack - Information Technology Expert with Two-decades of hands-on experience, specializing in SharePoint, PowerShell, Microsoft 365, and related products. He has held various positions including SharePoint Architect, Administrator, Developer and consultant, has helped many organizations to implement and optimize SharePoint solutions. Known for his deep technical expertise, He's passionate about sharing the knowledge and insights to help others, through the real-world articles!

4 thoughts on “SharePoint Online: Enable or Disable the “Everyone”, “Everyone except external users” Groups using PowerShell

  • Can admins still choose this for “approved” sites when it is hidden?

    Reply
  • Hi, when I want to give permissions to everyone when I share site, I don’t have group everyone. I tried this PowerShell command: Set-SPOTenant -ShowEveryoneClaim $true, but nothing happens.

    Reply
  • https://docs.microsoft.com/en-us/office365/troubleshoot/access-management/grant-everyone-claim-to-external-users

    Summary
    Starting on March 23, 2018, we are updating the behavior and governance of access by external users in Office 365.

    After this change is made, an external user will see only the content that is shared with that user or with groups to which the user belongs. External users will no longer see content that is shared to the Everyone, All Authenticated Users, or All Forms Users groups. By default, content that is granted permissions to these groups will be visible only to your organization’s users.

    Administrators can change the default behavior to enable external users to see content that is shared to Everyone, All Authenticated Users, or All Forms Users.

    Reply
  • Is there a way to do this in SharePoint 2019 or 2016?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *