Microsoft Removes EEEU Permission from OneDrive for Business Accounts

Update Rolling Out to Remove EEEU from pre-August 2019 Accounts

Everyone except external users (EEEU) is an internal SharePoint group automatically populated with all tenant users. The intent behind the group was to facilitate easy internal sharing. The need to share still exists, but a good case can be argued that better methods exist to achieve the need today, whether it’s something like an org-wide team or a Microsoft 365 dynamic group.

In August 2019, Microsoft implemented new default settings for OneDrive for Business accounts which meant that accounts created after this point do not include EEEU in OneDrive site permissions. For instance, my Office 365 account was created in 2011. OneDrive shows read access for EEEU in the list of permissions assigned to the account. You can check permissions through the site permissions section of site settings.

The EEEU permission listed in the permissions for a OneDrive for Business account
Figure 1: The EEEU permission listed in the permissions for a OneDrive for Business account

Note: The fact that EEEU permission is included in site permissions does not mean that everyone in the organization has access to the account owner’s OneDrive for Business document library. It’s there to enable access to items stored in OneDrive, not to grant general access to everything.

EEEU Removed from Older Accounts

What’s changing is that Microsoft is rolling out an update to these older accounts to align them with the settings used for accounts created since August 2019. As described in Office 365 notification MC225111, published on October 26, the update will remove EEEU from site permissions and perform a full permissions reset on any personal list stored in OneDrive. Microsoft says that “the result will be that any users that these personal lists were previously shared with will be unable to view the list until the list owner reinstates the sharing permissions.”

The change is due to start rolling out in early November and will continue through the end of 2020.

It’s hard to gauge how much effect this change will have. Microsoft has tweaked the sharing arrangements in OneDrive for Business before when they stopped creating a Shared with Everyone folder in all accounts in 2017. That didn’t cause too much fuss, but many fewer people were using OneDrive for Business at that time, and Lists have received new life with the launch of the Microsoft Lists app.

No Method Available to Analyze Tenant

Microsoft isn’t providing a method to allow tenant administrators understand which accounts are affected and how many lists are involved. The exact number affected comes down to people with older accounts who exploit the permission to share personal lists with internal users, and that’s going to be different from tenant to tenant. Clearly, the change will have zero impact on accounts created since August 2019 because these users have had to set explicit permissions to share personal lists with internal users.

If your tenant uses a lot of lists stored in OneDrive (not SharePoint), you might want to create a list of accounts created before August 2019 and check with these users to understand if they have lists in active use that depend on the EEEU permission.

For more interesting and useful information about SharePoint Online and OneDrive for Business, read Chapter 8 of the Office 365 for IT Pros eBook.

7 Replies to “Microsoft Removes EEEU Permission from OneDrive for Business Accounts”

  1. Thanks Tony! I opened an incident with Microsoft to ask how many would be impacted and, after some utterly useless initial answers, they told me they couldn’t tell me.

    Your article did prompt me to look into this a bit further. If you would permit me to elaborate;
    – the ‘everyone except external user (EEEU)’ has read permissions to your site [within your site collection]
    – your ‘OneDrive’ is a list (document library) within your your site, but doesn’t inherit the EEEU permissions

    [your screenshot got me in a mild panic thinking all my files were visible to everyone in the tenancy]

  2. Haven’t found this message in our tenant and cant find much information about it yet… EEEU is also used as unique permission for the folder “Shared with Everyone” for users that where created before August 1, 2015 in OneDrive. Does this also reset this unique permission on this folder?

  3. Re: “The need to share still exists, but a good case can be argued that better methods exist to achieve the need today, whether it’s something like an org-wide team or a Microsoft 365 dynamic group.”

    Tony – I would appreciate you views on this:

    Being a pre-2015 OneDrive for Business user – I immediately saw the value of the “Shared with Everyone” folder and have been using it ever since.

    It provides a simple no-fuss way for individuals to make available to the whole organisation, open but internal document content which may be useful (especially with Delve) to someone else not yet met. In the same way that I sometimes put in a search term to Google for something I’m working on – just to see what comes up (unknown -knowns) – I do the same with Delve.

    I was hoping that as people’s digital competence/dexterity/capability/literacy improved we would reach the point where those folks who are happy to do the “working out loud” thing would be able to use their own “Shared with Everyone” folder – simply to facilitate what is known as managed “serendipity” – finding someone working on something related to what you are doing but you didn’t know.

    Former Hewlett-Packard CEO, Lew Platt, once said: “If HP knew what HP knows, we’d be three times more productive.” This is one aspect that Delve is supposed to facilitate.

    Without EEEU, I’m unsure whether the share option “People in X with the link” will surface in Delve.

    1. Delve can only show what someone is allowed to see. If shared with everyone is no longer available, logically there are fewer items which meet the bar for Delve to display.

      The same is true for SharePoint search, which can only show documents that someone can access.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.