Update Rolling Out to Remove EEEU from pre-August 2019 Accounts
Everyone except external users (EEEU) is an internal SharePoint group automatically populated with all tenant users. The intent behind the group was to facilitate easy internal sharing. The need to share still exists, but a good case can be argued that better methods exist to achieve the need today, whether it’s something like an org-wide team or a Microsoft 365 dynamic group.
In August 2019, Microsoft implemented new default settings for OneDrive for Business accounts which meant that accounts created after this point do not include EEEU in OneDrive site permissions. For instance, my Office 365 account was created in 2011. OneDrive shows read access for EEEU in the list of permissions assigned to the account. You can check permissions through the site permissions section of site settings.
Figure 1: The EEEU permission listed in the permissions for a OneDrive for Business account
Note: The fact that EEEU permission is included in site permissions does not mean that everyone in the organization has access to the account owner’s OneDrive for Business document library. It’s there to enable access to items stored in OneDrive, not to grant general access to everything.
EEEU Removed from Older Accounts
What’s changing is that Microsoft is rolling out an update to these older accounts to align them with the settings used for accounts created since August 2019. As described in Office 365 notification MC225111, published on October 26, the update will remove EEEU from site permissions and perform a full permissions reset on any personal list stored in OneDrive. Microsoft says that “the result will be that any users that these personal lists were previously shared with will be unable to view the list until the list owner reinstates the sharing permissions.”
The change is due to start rolling out in early November and will continue through the end of 2020.
It’s hard to gauge how much effect this change will have. Microsoft has tweaked the sharing arrangements in OneDrive for Business before when they stopped creating a Shared with Everyone folder in all accounts in 2017. That didn’t cause too much fuss, but many fewer people were using OneDrive for Business at that time, and Lists have received new life with the launch of the Microsoft Lists app.
No Method Available to Analyze Tenant
Microsoft isn’t providing a method to allow tenant administrators understand which accounts are affected and how many lists are involved. The exact number affected comes down to people with older accounts who exploit the permission to share personal lists with internal users, and that’s going to be different from tenant to tenant. Clearly, the change will have zero impact on accounts created since August 2019 because these users have had to set explicit permissions to share personal lists with internal users.
If your tenant uses a lot of lists stored in OneDrive (not SharePoint), you might want to create a list of accounts created before August 2019 and check with these users to understand if they have lists in active use that depend on the EEEU permission.
For more interesting and useful information about SharePoint Online and OneDrive for Business, read Chapter 8 of the Office 365 for IT Pros eBook.
7 Replies to “Microsoft Removes EEEU Permission from OneDrive for Business Accounts”
Thanks Tony! I opened an incident with Microsoft to ask how many would be impacted and, after some utterly useless initial answers, they told me they couldn’t tell me.
Your article did prompt me to look into this a bit further. If you would permit me to elaborate;
– the ‘everyone except external user (EEEU)’ has read permissions to your site [within your site collection]
– your ‘OneDrive’ is a list (document library) within your your site, but doesn’t inherit the EEEU permissions
[your screenshot got me in a mild panic thinking all my files were visible to everyone in the tenancy]
Haven’t found this message in our tenant and cant find much information about it yet… EEEU is also used as unique permission for the folder “Shared with Everyone” for users that where created before August 1, 2015 in OneDrive. Does this also reset this unique permission on this folder?
Re: “The need to share still exists, but a good case can be argued that better methods exist to achieve the need today, whether it’s something like an org-wide team or a Microsoft 365 dynamic group.”
Tony – I would appreciate you views on this:
Being a pre-2015 OneDrive for Business user – I immediately saw the value of the “Shared with Everyone” folder and have been using it ever since.
It provides a simple no-fuss way for individuals to make available to the whole organisation, open but internal document content which may be useful (especially with Delve) to someone else not yet met. In the same way that I sometimes put in a search term to Google for something I’m working on – just to see what comes up (unknown -knowns) – I do the same with Delve.
I was hoping that as people’s digital competence/dexterity/capability/literacy improved we would reach the point where those folks who are happy to do the “working out loud” thing would be able to use their own “Shared with Everyone” folder – simply to facilitate what is known as managed “serendipity” – finding someone working on something related to what you are doing but you didn’t know.
Former Hewlett-Packard CEO, Lew Platt, once said: “If HP knew what HP knows, we’d be three times more productive.” This is one aspect that Delve is supposed to facilitate.
Without EEEU, I’m unsure whether the share option “People in X with the link” will surface in Delve.
Delve can only show what someone is allowed to see. If shared with everyone is no longer available, logically there are fewer items which meet the bar for Delve to display.
The same is true for SharePoint search, which can only show documents that someone can access.
{"id":null,"mode":"button","open_style":"in_modal","currency_code":"EUR","currency_symbol":"\u20ac","currency_type":"decimal","blank_flag_url":"https:\/\/office365itpros.com\/wp-content\/plugins\/tip-jar-wp\/\/assets\/images\/flags\/blank.gif","flag_sprite_url":"https:\/\/office365itpros.com\/wp-content\/plugins\/tip-jar-wp\/\/assets\/images\/flags\/flags.png","default_amount":100,"top_media_type":"featured_image","featured_image_url":"https:\/\/office365itpros.com\/wp-content\/uploads\/2022\/11\/cover-141x200.jpg","featured_embed":"","header_media":null,"file_download_attachment_data":null,"recurring_options_enabled":true,"recurring_options":{"never":{"selected":true,"after_output":"One time only"},"weekly":{"selected":false,"after_output":"Every week"},"monthly":{"selected":false,"after_output":"Every month"},"yearly":{"selected":false,"after_output":"Every year"}},"strings":{"current_user_email":"","current_user_name":"","link_text":"Virtual Tip Jar","complete_payment_button_error_text":"Check info and try again","payment_verb":"Pay","payment_request_label":"Office 365 for IT Pros","form_has_an_error":"Please check and fix the errors above","general_server_error":"Something isn't working right at the moment. Please try again.","form_title":"Office 365 for IT Pros","form_subtitle":null,"currency_search_text":"Country or Currency here","other_payment_option":"Other payment option","manage_payments_button_text":"Manage your payments","thank_you_message":"Thank you for supporting the work of Office 365 for IT Pros!","payment_confirmation_title":"Office 365 for IT Pros","receipt_title":"Your Receipt","print_receipt":"Print Receipt","email_receipt":"Email Receipt","email_receipt_sending":"Sending receipt...","email_receipt_success":"Email receipt successfully sent","email_receipt_failed":"Email receipt failed to send. Please try again.","receipt_payee":"Paid to","receipt_statement_descriptor":"This will show up on your statement as","receipt_date":"Date","receipt_transaction_id":"Transaction ID","receipt_transaction_amount":"Amount","refund_payer":"Refund from","login":"Log in to manage your payments","manage_payments":"Manage Payments","transactions_title":"Your Transactions","transaction_title":"Transaction Receipt","transaction_period":"Plan Period","arrangements_title":"Your Plans","arrangement_title":"Manage Plan","arrangement_details":"Plan Details","arrangement_id_title":"Plan ID","arrangement_payment_method_title":"Payment Method","arrangement_amount_title":"Plan Amount","arrangement_renewal_title":"Next renewal date","arrangement_action_cancel":"Cancel Plan","arrangement_action_cant_cancel":"Cancelling is currently not available.","arrangement_action_cancel_double":"Are you sure you'd like to cancel?","arrangement_cancelling":"Cancelling Plan...","arrangement_cancelled":"Plan Cancelled","arrangement_failed_to_cancel":"Failed to cancel plan","back_to_plans":"\u2190 Back to Plans","update_payment_method_verb":"Update","sca_auth_description":"Your have a pending renewal payment which requires authorization.","sca_auth_verb":"Authorize renewal payment","sca_authing_verb":"Authorizing payment","sca_authed_verb":"Payment successfully authorized!","sca_auth_failed":"Unable to authorize! Please try again.","login_button_text":"Log in","login_form_has_an_error":"Please check and fix the errors above","uppercase_search":"Search","lowercase_search":"search","uppercase_page":"Page","lowercase_page":"page","uppercase_items":"Items","lowercase_items":"items","uppercase_per":"Per","lowercase_per":"per","uppercase_of":"Of","lowercase_of":"of","back":"Back to plans","zip_code_placeholder":"Zip\/Postal Code","download_file_button_text":"Download File","input_field_instructions":{"tip_amount":{"placeholder_text":"How much would you like to tip?","initial":{"instruction_type":"normal","instruction_message":"How much would you like to tip? Choose any currency."},"empty":{"instruction_type":"error","instruction_message":"How much would you like to tip? Choose any currency."},"invalid_curency":{"instruction_type":"error","instruction_message":"Please choose a valid currency."}},"recurring":{"placeholder_text":"Recurring","initial":{"instruction_type":"normal","instruction_message":"How often would you like to give this?"},"success":{"instruction_type":"success","instruction_message":"How often would you like to give this?"},"empty":{"instruction_type":"error","instruction_message":"How often would you like to give this?"}},"name":{"placeholder_text":"Name on Credit Card","initial":{"instruction_type":"normal","instruction_message":"Enter the name on your card."},"success":{"instruction_type":"success","instruction_message":"Enter the name on your card."},"empty":{"instruction_type":"error","instruction_message":"Please enter the name on your card."}},"privacy_policy":{"terms_title":"Terms and conditions","terms_body":null,"terms_show_text":"View Terms","terms_hide_text":"Hide Terms","initial":{"instruction_type":"normal","instruction_message":"I agree to the terms."},"unchecked":{"instruction_type":"error","instruction_message":"Please agree to the terms."},"checked":{"instruction_type":"success","instruction_message":"I agree to the terms."}},"email":{"placeholder_text":"Your email address","initial":{"instruction_type":"normal","instruction_message":"Enter your email address"},"success":{"instruction_type":"success","instruction_message":"Enter your email address"},"blank":{"instruction_type":"error","instruction_message":"Enter your email address"},"not_an_email_address":{"instruction_type":"error","instruction_message":"Make sure you have entered a valid email address"}},"note_with_tip":{"placeholder_text":"Your note here...","initial":{"instruction_type":"normal","instruction_message":"Attach a note to your tip (optional)"},"empty":{"instruction_type":"normal","instruction_message":"Attach a note to your tip (optional)"},"not_empty_initial":{"instruction_type":"normal","instruction_message":"Attach a note to your tip (optional)"},"saving":{"instruction_type":"normal","instruction_message":"Saving note..."},"success":{"instruction_type":"success","instruction_message":"Note successfully saved!"},"error":{"instruction_type":"error","instruction_message":"Unable to save note note at this time. Please try again."}},"email_for_login_code":{"placeholder_text":"Your email address","initial":{"instruction_type":"normal","instruction_message":"Enter your email to log in."},"success":{"instruction_type":"success","instruction_message":"Enter your email to log in."},"blank":{"instruction_type":"error","instruction_message":"Enter your email to log in."},"empty":{"instruction_type":"error","instruction_message":"Enter your email to log in."}},"login_code":{"initial":{"instruction_type":"normal","instruction_message":"Check your email and enter the login code."},"success":{"instruction_type":"success","instruction_message":"Check your email and enter the login code."},"blank":{"instruction_type":"error","instruction_message":"Check your email and enter the login code."},"empty":{"instruction_type":"error","instruction_message":"Check your email and enter the login code."}},"stripe_all_in_one":{"initial":{"instruction_type":"normal","instruction_message":"Enter your credit card details here."},"empty":{"instruction_type":"error","instruction_message":"Enter your credit card details here."},"success":{"instruction_type":"normal","instruction_message":"Enter your credit card details here."},"invalid_number":{"instruction_type":"error","instruction_message":"The card number is not a valid credit card number."},"invalid_expiry_month":{"instruction_type":"error","instruction_message":"The card's expiration month is invalid."},"invalid_expiry_year":{"instruction_type":"error","instruction_message":"The card's expiration year is invalid."},"invalid_cvc":{"instruction_type":"error","instruction_message":"The card's security code is invalid."},"incorrect_number":{"instruction_type":"error","instruction_message":"The card number is incorrect."},"incomplete_number":{"instruction_type":"error","instruction_message":"The card number is incomplete."},"incomplete_cvc":{"instruction_type":"error","instruction_message":"The card's security code is incomplete."},"incomplete_expiry":{"instruction_type":"error","instruction_message":"The card's expiration date is incomplete."},"incomplete_zip":{"instruction_type":"error","instruction_message":"The card's zip code is incomplete."},"expired_card":{"instruction_type":"error","instruction_message":"The card has expired."},"incorrect_cvc":{"instruction_type":"error","instruction_message":"The card's security code is incorrect."},"incorrect_zip":{"instruction_type":"error","instruction_message":"The card's zip code failed validation."},"invalid_expiry_year_past":{"instruction_type":"error","instruction_message":"The card's expiration year is in the past"},"card_declined":{"instruction_type":"error","instruction_message":"The card was declined."},"missing":{"instruction_type":"error","instruction_message":"There is no card on a customer that is being charged."},"processing_error":{"instruction_type":"error","instruction_message":"An error occurred while processing the card."},"invalid_request_error":{"instruction_type":"error","instruction_message":"Unable to process this payment, please try again or use alternative method."},"invalid_sofort_country":{"instruction_type":"error","instruction_message":"The billing country is not accepted by SOFORT. Please try another country."}}}},"fetched_oembed_html":false}
Thanks Tony! I opened an incident with Microsoft to ask how many would be impacted and, after some utterly useless initial answers, they told me they couldn’t tell me.
Your article did prompt me to look into this a bit further. If you would permit me to elaborate;
– the ‘everyone except external user (EEEU)’ has read permissions to your site [within your site collection]
– your ‘OneDrive’ is a list (document library) within your your site, but doesn’t inherit the EEEU permissions
[your screenshot got me in a mild panic thinking all my files were visible to everyone in the tenancy]
Reasonable comment. I’ll update
Haven’t found this message in our tenant and cant find much information about it yet… EEEU is also used as unique permission for the folder “Shared with Everyone” for users that where created before August 1, 2015 in OneDrive. Does this also reset this unique permission on this folder?
I don’t believe so. The notification was very specific about personal lists.
Re: “The need to share still exists, but a good case can be argued that better methods exist to achieve the need today, whether it’s something like an org-wide team or a Microsoft 365 dynamic group.”
Tony – I would appreciate you views on this:
Being a pre-2015 OneDrive for Business user – I immediately saw the value of the “Shared with Everyone” folder and have been using it ever since.
It provides a simple no-fuss way for individuals to make available to the whole organisation, open but internal document content which may be useful (especially with Delve) to someone else not yet met. In the same way that I sometimes put in a search term to Google for something I’m working on – just to see what comes up (unknown -knowns) – I do the same with Delve.
I was hoping that as people’s digital competence/dexterity/capability/literacy improved we would reach the point where those folks who are happy to do the “working out loud” thing would be able to use their own “Shared with Everyone” folder – simply to facilitate what is known as managed “serendipity” – finding someone working on something related to what you are doing but you didn’t know.
Former Hewlett-Packard CEO, Lew Platt, once said: “If HP knew what HP knows, we’d be three times more productive.” This is one aspect that Delve is supposed to facilitate.
Without EEEU, I’m unsure whether the share option “People in X with the link” will surface in Delve.
Delve can only show what someone is allowed to see. If shared with everyone is no longer available, logically there are fewer items which meet the bar for Delve to display.
The same is true for SharePoint search, which can only show documents that someone can access.