OneDrive for Business to Remove EEEU Sharing Permission to Strengthen Data Security
Microsoft is removing the EEEU permission in OneDrive for Business to prevent unauthorized internal access.
Published: Feb 24, 2025
Key Takeaways:
- Microsoft is removing the EEEU sharing permission from the root site and default document library in OneDrive for Business.
- The change will ensure that only explicitly granted users, apps, and processes can view specific files and folders.
- The rollout of this change will begin in April.
Microsoft is tightening security measures in OneDrive for Business by removing the EEEU sharing permission, a setting that could inadvertently expose sensitive data to internal users. This change aims to enhance data protection and prevent unauthorized access within organizations.
The EEEU sharing permission in OneDrive is a setting that allows all internal users within an organization to access certain content while excluding external users. This permission enables users to manage access to content in Microsoft OneDrive and SharePoint.
Essentially, managing access with EEEU can be difficult for administrators, which makes it harder to track who has permission to view specific content. This lack of control increases the risk of unauthorized individuals accessing sensitive data. Microsoft discourages the use of the EEEU setting to enhance security and compliance.
Currently, the EEEU permission may be unintentionally applied to the root site and default document library in Microsoft OneDrive. Consequently, apps, processes, or users within an organization could gain access to restricted or confidential information. This unintended access poses significant security and privacy risks.
“After the EEEU permission is removed, these apps, processes, and users will lose access to the content from the affected OneDrive accounts. Users, processes, and apps that were granted direct permissions to specific files and folders of a OneDrive account will not be impacted and will continue to retain their access,” the company explained in a message on the Microsoft 365 Admin Center.
When does EEEU sharing permission removal begin?
Starting April 10, Microsoft will automatically scan OneDrive accounts to detect EEEU permissions in the root site and default document library. Once detected, these permissions will be removed. The rollout is expected to be completed by September 30.
To improve security, Microsoft advises administrators and users to set explicit permissions for individual files and folders. This should help to ensure that only authorized apps and users can access specific content.
In January, Microsoft started auto-archiving OneDrive for Business accounts that remained unlicensed for over 90 days. This means that customers will no longer have access to these unlicensed accounts. The data will remain in the recycle bin for an additional 93 days before permanent deletion.