Restrict default permissions for Files in Public groups
Currently, the "Everyone except external users" claim/group is added with Edit level access to every Office 365 public group. This in turn means that every user in the company is not only able to view files in every public group, they are also able to delete files.
The suggestion is to remove "Everyone except external users" from the Members group, thus removing the Edit permissions level. Instead, the Viewers group should be used for "Everyone except external users".

11 comments
-
Marina M commented
Several of our customers need this change. Indeed in a security point of view it's mandatory to move the group "everyone except external users" to the visitors group with read access than member.
-
Anonymous commented
This is a must!
-
Tiffany commented
Edit rights is FAR too permissive as a default for the "Everyone except external users" group in any site without an admin expressly adding them there.
-
francis commented
what the heck??!! why Microsoft has been so determined to add those features in a VERY insecure way. I agree, those things must be changed ASAP.
-
Martin Coupal commented
They can even delete libraries, lists, modify public views etc. I'm sure 99% of people who creates groups are not aware of this... This is a non sense... I would say even members should have contribute instead of edit.
-
Anonymous commented
This is a must to implement ASAP other wise private groups will end up ruling the O365 world.
-
Jourdan commented
Nice! ;-)
-
Anonymous commented
This is a must!
-
melanie tully commented
voted! Hopefully the default is changed to read only
-
Rahul commented
I agree to it as well. I hope MS change this behavior from edit to read.
-
Radi Atanassov commented
This is critical :)