Storage - Ensure Document Sharing Is Being Controlled By Domains With Whitelist or Blacklist

 









Summary

Sharing of documents to external domains should be controlled by either blocking domains or by only allowing sharing with specific named domains.

Reason

Attackers often targets sensitive information and expose them to external entities via sharing, and restricting the domains that the users can share documents with will reduce the surface area. 

What If?

If this feature is enabled, then, it will prevent users from sharing documents with domains outside of the organization unless allowed.

How to?

To configure domain sharing restrictions, use the Microsoft 365 Admin Center:
  1. Navigate to Microsoft 365 administration portal (https://admin.microsoft.com), click on Admin centers and then SharePoint.
  2. Expand Policies and click Sharing.
  3. Now, expand More external sharing settings and check Limit external sharing by domain.
  4. Select Add domains to add a list of approved domains
  5. Click Save at the bottom page.

To configure document sharing restrictions, you can also use SharePoint Online PowerShell Module:
  1. Connect to SharePoint Online using Connect-SPOService
  2. Now, run the following PowerShell command: 

Set-SPOTenant -SharingDomainRestrictionMode AllowList - 
SharingAllowedDomainList "domain1.com domain2.com"

Monitor:

To verify domain sharing settings, use the Microsoft 365 Admin Center:
  1. Navigate to Microsoft 365 administration portal (https://admin.microsoft.com), click on Admin Centers and then SharePoint.
  2. Expand Policies and click Sharing.
  3. Now, expand More external sharing settings and confirm that Limit external sharing by domain is checked.
  4. Verify that an accurate list of allowed domains is listed.

To verify document sharing setting, you can also use SharePoint Online PowerShell:
  1. Connect to SharePoint Online using Connect-SPOService
  2. Now, run the following PowerShell command: 

Get-SPOTenant | fl SharingDomainRestrictionMode, SharingAllowedDomainList







































Comments

Popular posts from this blog

Deployment (Part 3)

Deployment (Part 1)

Project Resourcing (Part 2)