Storage - Ensure Expiration Time For External Sharing Links Is Set
Summary
Users can easily share content with people outside the organization (such as partners, vendors, clients, or customers) with the help of the external sharing features of Microsoft SharePoint, where, it is a part of secure collaboration with Microsoft 365.
Reason
An attacker can compromise a user account for a short period of time, send anonymous sharing links to an external account, then take their time accessing the data. External accounts can also be compromised and the anonymous sharing links can be stolen to send those external entities after the data has been shared. By restricting how long the links are valid can reduce the window of opportunity for attackers.
What If?
If this feature is enabled, then, it will ensure that the link expires within the defined number of days. This will however, have an effect on the links that were previously not set with an expiration.
How to?
To set expiration for anonymous access links, use the Microsoft 365 Admin Center:
- Select Admin centers and SharePoint
- Expand Policies and then click Sharing
- Under Choose expiration and permissions options for Anyone links. Check the These links must expire within this many days
- Set to the desired number of days, such as 30
- Click Save
To set expiration for anonymous access links, you can also use SharePoint Online PowerShell:- Connect to SharePoint Online using Connect-SPOService
- Now, run the following PowerShell command:
To set expiration for anonymous access links, you can also use SharePoint Online PowerShell:
- Connect to SharePoint Online using Connect-SPOService
- Now, run the following PowerShell command:
Set-SPOTenant -RequireAnonymousLinksExpireInDays 30
Monitor:
To verify anonymous access links are correctly set to expire, use the Microsoft 365 Admin Center:
- Select Admin centers and SharePoint
- Expand Policies and then click Sharing
- Under Choose expiration and permissions options for Anyone links. Verify if These links must expire within this many days is checked.
- Confirm the number of days is set to the desired value, such as 30.
To verify anonymous links are correctly set to expire, you can also use SharePoint Online PowerShell:- Connect to SharePoint Online using Connect-SPOService
- Now, run the following PowerShell command:
To verify anonymous links are correctly set to expire, you can also use SharePoint Online PowerShell:
- Connect to SharePoint Online using Connect-SPOService
- Now, run the following PowerShell command:
Get-SPOTenant | fl RequireAnonymousLinksExpireInDays
3. Verify that the returned value is at most 30 days but is not set to -1
Comments
Post a Comment