SharePoint Online: Share Site to "Everyone Except External Users" using PowerShell

Requirement: Add everyone except external users in SharePoint Online.

SharePoint Online: Share with Everyone Except External Users Group
Got a requirement to grant access to everyone in the organization to a SharePoint Online site. To share with everyone except external users,
  • Login to your SharePoint Online site >> Click on "Share" button on the top-right corner.
  • In the Add user popup, Enter "Everyone Except External Users", pick the relevant SharePoint group or permission for this group and click on Share.
    sharepoint online share with everyone except external users
You can also do this by going to: Site Settings >> Click on "Site permissions" under "Users and Permissions" group >> Pick the group where you want to add everyone in your organization >> New >> Add Users >> Enter "Everyone except external users" >> Click Share

In case, you don't get "Everyone except external users" in the Share popup page, you have to make sure if everyone except external users claims is enabled at your tenant: SharePoint Online: How to enable Everyone Except External Users?

PowerShell to Add Everyone Except External Users in SharePoint Online
Let's add everyone except external users to site visitors group using PowerShell
#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
#Set Variables
$SiteURL = ""
#Get Credentials to connect
$Cred = Get-Credential
Try {
    #Setup the context
    $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
    $Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password)
    #Get the default visitors groups of the site
    $VisitorsGroup = $ctx.web.AssociatedVisitorGroup

    #Resolve User Name by Display Name
    $Principal = [Microsoft.SharePoint.Client.Utilities.Utility]::ResolvePrincipal($Ctx, $Ctx.Web, "Everyone except external users", "All", "All", $Null, $True)
    $User = $Ctx.Web.EnsureUser($Principal.Value.LoginName)

    #Add user to the group
    $VisitorsGroup.Users.AddUser($User) | Out-Null
catch {
    write-host "Error: $($_.Exception.Message)" -foregroundcolor Red

PnP PowerShell to Add Everyone Except External Users to Site
Let's add everyone except external users to the visitors group of the site with PnP PowerShell.
#Config Parameter
$SiteURL = ""

#Connect to PnP Online
Connect-PnPOnline -Url $SiteURL -Credentials (Get-Credential)

#Get the Group to Add - Default Visitors group of the site
$Group = Get-PnPGroup -AssociatedVisitorGroup

#Add Everyone except External Users to Visitors group
Add-PnPUserToGroup -Identity $Group -LoginName "everyone except external users" 

1 comment:

  1. Good morning. Firstly, I want to thank you for this site - your scripts have helped me on quite a few occasions. I have two questions.

    Firstly, do you have an example script on how to *remove* the "Everyone" & "Everyone except external users" from all sites in a tenant? It seems my predecessor had added those groups to quite a few sites, and 2 years later it's been found that people have been viewing information that they shouldn't. We've decided to send out comms to let people know we'll be removing those groups from all sites, and if they want them back to contact us. I just haven't been able to figure out a script for doing it (and we have in the region of 15,000 sites in our tenant)

    My second question is do you have an example for how to delete a specifically named file recursively through the subsites of a site? One of our businesses in the Netherlands has an executive site, with subsites for each board member. The structure of all the subsites is identical. The PA copies files to a folder on the root site, and then there's a flow and some azure app that then copies the file to the same location on each subsite (again, this was done by my predecessor, and there's no source code or any form of documentation on how it was built). What they would like to do is, if they upload a file with an exclamation mark at the beginning (eg !Document1.docx), then a script will run and DELETE the file called Document1.docx from each of the subsites. The explanation is that Document1.docx was uploaded in error, and they need to delete it, but no-one has access to all 17 board members' subsites.

    I would appreciate it if you could possibly point me in the right direction on these.

    Thank you, and have a good day.


Please Login and comment to get your questions answered!

Powered by Blogger.