Disable unlicensed users from accessing SharePoint Online in general.
Currently, users can access Site collections no matter if an admin has assigned a SPO license to them or not. The access is only regulated via permissions within Site collections.
For our migration of 800 Teamsites from SP2013 to SPO, removing all permissions as the Microsoft support told us, is no feasible solution, not even a workaround.
Users should not be able to access SharePoint Online, if they don't have a SPO license.
This currently can be done through by submitting a Customer Service Support request. It needs to be escalated to engineer team to switch the global tenant setting for SharePoint Restriction for Unlicensed user access on or off. This option or setting is currently unavailable to end users through frontend portal U.I. or through powershell commands. It can only be restricted at the moment through a customer service support request. It is a common request and can be handled through customer service rather quickly (24-48 hours). By default the restriction is turned off. You would need to submit a request to have the restriction turned on to block all unlicensed SharePoint users who have access through AD from accessing all SharePoint features.
I have stumbled upon this issue recently as well. The problem with the answer given here, and nearly everywhere else since 2015, is that no one addresses the possible non-compliance with licensing terms this presents to companies.
Just because Microsoft is not blocking unlicensed users access to SharePoint Online doesn't mean they should be granted access to it. It may still be the company's responsibility to block unlicensed-user access to SharePoint by using permission groups other than "Everyone" or "Everyone except external users". No one addresses this possible licensing compliance issue.
If a company continues to allow internal unlicensed users access to SharePoint, does it make that company non-compliant to licensing terms and possibly responsible for non-compliance fees during a Microsoft true-up/audit? What are the licensing compliance implications here?
It sounds to me that these internal users should not be accessing SharePoint without a license, but it is up to companies to enforce this since Microsoft is not enforcing it as they should. If companies don't take the responsibility and enforce it themselves, then Microsoft could potentially fine the company for non-compliance.
However, this is just my speculation since I can't find any official documentation or comments from Microsoft that would confirm or deny the licensing compliance issues that this may cause.
Yeah this is bizarre. These unlicensed users can even create new Team sites...? How on earth can that be right...?
Please remove this default, its pretty much just giving users one big file share. = back 20 years of uncontrolled data
If Microsoft could separate the SPO and One Drive licenses, we would be in favor of this.
Currently, we find this behavior useful because we want users to have access to SPO, but not to One Drive (which is added if we assign a SPO license).
We can't enable SPO and use the option to "hide" OneDrive, because we still want SOME users to have access to One Drive, but the hide option applies to all.