Data Management - Ensure that External Users Cannot Share Files, Folders, and Sites They Do Not Own
Summary
SharePoint allows the users ability to share files, folder, and site collections. Internal users can share with external collaborators, who with the right permissions, could share those to another external party.
Reason
Although sharing and collaboration is crucial, but, file, folder or site collection owners should have the authority over what external users get shared with to prevent unauthorized disclosures of information.
What If?
This change's impact highly depends upon current practices. If the sharing with external parties is not done regularly, then, the impact will be minimum, but, if the sharing with external parties is done regularly, then, minimal impact could occur as those external users will be unable to 're-share' the content.
How to?
To set SharePoint sharing settings, use the Microsoft 365 Admin Center:
- Under Admin centers pick SharePoint.
- Expand Policies then select Sharing.
- Expand More external sharing settings, uncheck Allow guests to share items they do not own.
- After that, either start with a template or create a custom policy.
- Click Save.
To set Prevent external users from sharing files, folders, and sites that they do not own, use the SharePoint Online PowerShell Module:- Connect to SharePoint Online service using Connect-SPOService.
- Run the following SharePoint Online PowerShell command:
- Connect to SharePoint Online service using Connect-SPOService.
- Run the following SharePoint Online PowerShell command:
Set-SPOTenant -PreventExternalUsersFromResharing $True
Monitor:
To verify SharePoint sharing settings, use the Microsoft 365 Admin Center:
- Under Admin centers pick SharePoint.
- Expand Policies then select Sharing.
- Expand More external sharing settings, verify that Allow guests to share items they do not own is unchecked.
To verify Prevent external users from sharing files, folders, and sites that they do not own, use the SharePoint Online PowerShell Module:- Connect to SharePoint Online service using Connect-SPOService.
- Run the following SharePoint Online PowerShell command:
- Connect to SharePoint Online service using Connect-SPOService.
- Run the following SharePoint Online PowerShell command:
Get-SPOTenant | ft PreventExternalUsersFromResharing
3. Verify PreventExternalUsersFromResharing is set True.
Comments
Post a Comment