Manually set permissions for "Everyone except external users" for modern group permissions in SharePoint O365 don't stick!
Unexpected and buggy behavior encountered when permissions are manually set using modern group permissions in a SharePoint site. If you manually assign "Everyone except external users" with "Read" access in a "Private group" SharePoint team site it will remain with those permissions until you make a change in Teams or SharePoint such as adding/removing a member. It appears that making a change in Teams or SharePoint resets default "Private group" permissions for the site and removes "Everyone except external users" from the Visitors group.
Similarly, If you manually set "Everyone except external users" with Read permissions in the Visitors group in a "Public group" SharePoint team site and in Teams or SharePoint add/remove a member it will reset to "Public group" default permissions with "Everyone except external users" in the Members with edit permissions.
Having manually set modern group permissions not stick for "everyone except external users" has major security implications in terms who is allowed/able to modify/access content in an O365 SharePoint site.
Paul Saunders commented
Conversely, you can accidentally add Everyone to the Owners.
It is ununderstandable that that Microsoft imposes this absurd behavior from the point of view of the security of information.
Every day users modify the information on my public websites, even not kwowing they are doing it ! And no way to put on the right protection.
It must change ASAP !
Veronique Palmer commented
This needs to be sorted out as a matter of urgency. Microsoft must NOT be allowed to dictate what permissions we use where.
I'm "fighting" with Microsoft since last year about this.... There is a lot of confusion regarding the ability to change EEEU from Edit to Read on public group site. The root of this confusion is caused by the background job who sometimes will reset the permission changes. Some tenants will have this behaviors and others not... If you read the last documentation update on this, we can conclude that permission changes on EEEU can't be done (more precisely, you can do it in the UI but the background job will reset) https://docs.microsoft.com/en-us/sharepoint/default-sharepoint-groups#special-sharepoint-groups
This is a major issue that is not addressed by Microsoft. Also providing Edit permission to Members and Visitor is a mistake by Microsoft. This is too much permission having the possibility to delete libraries/lists. I've tried other scenarios (like having no users as members and create a new sharepoint group with collaborate but it causes issues in other services or apps...).