This website uses cookies to improve your experience. We'll assume you're ok with this. Know more.
Is your organization's sensitive information exposed to anonymous external users through SharePoint sites configured with external sharing? If yes, limit the SharePoint external sharing settings of highly confidential sites by getting the list of SPO sites with external sharing enabled.
Native Solution
Microsoft 365 Permission Required
High
Global Admin or a SharePoint Admin.
Option 1 Using SharePoint Online Admin Center
- Login to the SharePoint Online admin center.
- Navigate to Sites»Active sites. Click the site from the site’s list and click on the “Sharing” button in the toolbar. The sharing page displays the external sharing settings of the current site.
Option 2 Using Windows PowerShell
- Connect to SharePoint Online PowerShell using the below cmdlet.
Connect-SPOService -Url https://<yourtenantname>-admin.sharepoint.com
- Run the following cmdlet to generate external sharing report in SharePoint Online.
Get-SPOSite -Detailed |Where-Object {$_.SharingCapability -ne "Disabled"}|select Url,SharingCapability
- The above cmdlet displays the list of SharePoint sites with external sharing enabled along with their sharing permission levels in your Microsoft 365 environment.
Option 3 Using PowerShell Script
- Are you wondering who's accessing the content shared via external sharing SPO sites in your Microsoft 365 environment? Our PowerShell script helps you to get a SharePoint external sharing report with just a few clicks!
- Run a report on file-sharing activities to external users using the script below in your Administrator PowerShell.
AdminDroid Solution
More than 150 reports are under the free edition.
AdminDroid Permission Required
Delegated
Any user with report access assigned by Super Admin.
StepsUsing AdminDroid
ad
- Login to the AdminDroid Office 365 reporter.
- Navigate to the Sharing Configs report under Reports»SharePoint»Site Collections.
- Using the easy filter option at the top, set the following condition.
Leverage the comprehensive report that includes all external sharing-enabled sites along with their respective sharing modes, permitted sharing domains, and blocked domains.
- Create visual representations of SharePoint Online sites based on their sharing permission levels in your Microsoft 365 environment.
Explore a full range of reporting options
Simple yet the best! Isn't it?
Prevent sensitive data from falling into the wrong hands!
Gain insights on sharing SharePoint Online site with external users and enhance data security with AdminDroid effectively!
Witness the report in action using the
Live DemoImportant Tips
Track the SharePoint anonymous access links created in your Microsoft 365 environment which can be accessed and modified by anyone without signing in.
Monitor the instances of SharePoint Online DLP rule matches to prevent leakages of sensitive information.
Audit the sites' sensitivity label removal activities, since certain sites containing sensitive information are labelled for secure sharing.
SharePoint OnlineMonitor the External Sharing Report to Prevent Unauthorized Access in Microsoft 365
Showing 1 of 6
Why are SharePoint sites shared with external users? How to enable external sharing in SharePoint Online? What are the security risks involved in sharing sites externally in SharePoint Online? How to check if SharePoint Online sites has external sharing enabled? How to manage guest expiration in SharePoint Online? How to manage external sharing settings in SharePoint Online?
Why are SharePoint sites shared with external users?
SharePoint sites are shared externally due to following reasons,
- To collaborate with external users in Microsoft SharePoint, such as clients, vendors, or partners, organizations can work on common projects, share files, and communicate easily across organizations.
- To eliminate the need for manual sharing of files, sites with external access allow for sharing to personal emails ensuring that all clients, vendors, or partners have access to the latest versions of documents and can co-author in real-time.
- To ensure secure file sharing, SharePoint provides various sharing policies and permissions.
How to enable external sharing in SharePoint Online?
To enable external sharing at the organizational level, follow the steps below.
- Login to the SharePoint Online admin enter. Navigate to Policies»Sharing.
- Choose the external sharing level as per your requirement.
You can also set sharing permissions in SharePoint Online at the site level. However, it must be at the same or more restrictive as the organization level. Follow the steps below to change the SPO sharing settings for a site.
- Using SharePoint Online Admin Center Navigate to Sites»Active sites. Click on the desired site. Under the Settings tab, choose the mode of sharing from the External Sharing Capability drop-down box.
- Using Windows PowerShell Run the below PowerShell cmdlet to turn external sharing on or off for an individual SharePoint Online site.
Connect-SPOService -Url https://<yourtenantname>-admin.sharepoint.comSet-SPOSite -Identity <https://yourtenantname.sharepoint.com/sites/yoursite> -SharingCapability <SharingMode>
Need a unified view of SharePoint sites with their external sharing permission levels?
With AdminDroid, you can easily find the SharePoint sharing permission levels configured for each site from the External Sharing Capability column.
- Pro Tip: Change the sharing level to the most restrictive for sites containing highly confidential information, thereby minimizing data breaches.
What are the security risks involved in sharing sites externally in SharePoint Online?
Your Microsoft 365 environment may face these security issues when SharePoint sites are shared externally.
- Data leakage: Sharing SharePoint sites with external users increases the risk of unintentional data leakage. Users may inadvertently share files or folders with unintended recipients, potentially exposing confidential data.
- Risk of insider threats: External sharing expands the risk of insider threats, as employees who have access to shared sites may intentionally or unintentionally disclose sensitive information to unauthorized parties, compromising data security.
- Lack of control: On sharing files externally with SharePoint, organizations have less control over how those files are accessed and used. Monitoring their activities and tracking the flow of information becomes challenging.
Never let any activities performed by external users on SharePoint files go unnoticed!
With AdminDroid, you can monitor the file access activities by external users on SharePoint sites in your organization.
- Make use of the easy filtering functionality to view SharePoint-related activities from the Workload drop-down box.
- Gain visibility on each file access activity performed by external users along with the Operation performed, File name, External user ID, IP address, Site URL, etc.
How to check if SharePoint Online sites has external sharing enabled?
When you invite external users to a SharePoint site, it gives access to sensitive information in your organization. So, monitoring them is mandatory for your organization’s security. You can get the list of sites that can be shared with people outside your organization in the below ways:
- SharePoint Online Admin Center To check sharing level of SharePoint sites, navigate to Sites»Active sites.
- Microsoft PowerShell Run the PowerShell cmdlet provided to get the SharePoint Online external sharing report.
Viewing SharePoint permission levels from the admin center is a time-consuming process as it requires navigating to each site individually. Moreover, the PowerShell cmdlet doesn’t provide additional information apart from the sites with external access. Simplifying these processes would greatly enhance efficiency and productivity.
With AdminDroid's built-in policy template, you can receive regular alerts for any changes in the SharePoint external sharing settings at the organizational level, enabling you to maintain control and ensure data security.
- Click the Preview & Deploy option to create the alert policy.
- Pro Tip: Configure the thresholds to create alerts for a greater number of changes in the sharing policy within a short period of time.
How to manage guest expiration in SharePoint Online?
Limit the duration of external access to specific SharePoint sites!
To block external access to SharePoint sites after a certain period, you can establish guest expiration policy by the steps outlined below. Upon SharePoint permission expiration, the external users’ access to the SharePoint site is blocked.
- Login to the SharePoint Online admin center.
- Navigate to Sites»Active sites. Click the site from the site’s list and click on the “Sharing” button in the toolbar.
- Set up expiration of guest access from the Advanced settings for external sharing section.
What is SharePoint external sharing time limit?
The minimum period you can specify for guest access is 30 days while the maximum is 730 days.
Investigate extended guest access periods to uphold data security and mitigate potential risks!
With AdminDroid, you can track the activities related to changes in guest access period for sharing invitations.
Pro Tip:
Block access for unwanted external users if the link expiration settings have been modified beyond the initial SharePoint external sharing time limit.
How to manage external sharing settings in SharePoint Online?
Follow these external collaboration settings for secure guest sharing in SharePoint Online.
- Limit external sharing level : While enabling external sharing at the organizational level, avoid setting the sharing level to "Anyone" which is the most permissive.
- Apply sensitivity labels for SPO sites : Use sensitivity labels for "Groups & sites" and label highly confidential sites to be shared only with people in your organization. These labels override the sharing settings of sites configured at the site and the organizational level.
- Limit external sharing to specific security groups : Create security groups that will allow users in those groups to share externally while also preventing unauthorized sharing.
- Limit external sharing by domain : Add trusted domains so that contents in your SharePoint sites can be shared with those domains only.
- Set an expiration date for Anyone links : If you want to set the sharing level to "Anyone", set up guest expiration periods for those links and restrict the permissions to "View" mode.
By following these SharePoint external sharing best practices, you can securely share your SharePoint sites and their contents externally.
AdminDroid SharePoint Online Reporting toolBe at the peak of secured external sharing in SharePoint Online!
The AdminDroid SharePoint Online reporting and auditing tool offer an all-inclusive solution for Microsoft 365 admins. It provides extensive out-of-the-box information and a variety of reports specifically tailored to SharePoint Online external sharing, ensuring secure collaboration beyond organizational boundaries.
Unique functionalities that AdminDroid provides you to get the SharePoint Online external sharing report:
The Site Collections Sharing Configurations report provides you with complete information about the SPO sites with external sharing enabled which helps you to manage external sharing settings in SharePoint Online.
A Quick Summary
Complete Overview of External Sharing Sites
Block access to unwanted domains by leveraging the "Sharing Allowed Domain List" attribute of the SharePoint sites.
External Activities on Confidential Files
Leverage SharePoint Online file access reports to monitor the actions of external users on highly sensitive files.
Be Alerted on Changes in Sharing Policy of Specific Sites
Trigger an alert on SharePoint sharing levels to receive notifications on changes in sharing levels of sensitive SharePoint Online sites.
Audit Sharing Invitations Created
Audit SharePoint external sharing invitations created in your Microsoft 365 environment that helps you to identify the individuals who can access the shared item.
Role-Based Access Control to Monitor SharePoint Online
Similar to a SharePoint admin, you can delegate granular access to any Microsoft 365 user for monitoring SharePoint Online activity reports alone using AdminDroid.
Get Pictorial Representation of Reports
Create visual representations for SharePoint Online activities using a variety of charts such as pie charts, donut charts, bar charts, and heat maps.
In addition to viewing sharing capabilities, AdminDroid allows you to access comprehensive details about SharePoint Online site files and track the operations performed by external users. This valuable information aids in maintaining data security by ensuring accurate sharing permission levels for SharePoint sites within your organization.
Kickstart Your Journey with AdminDroid
Your Microsoft 365 Companion with Enormous Reporting Capabilities!
Common Errors and Resolution Steps for the SharePoint Online external sharing report
The following are possible errors and troubleshooting hints while dealing with sharing SharePoint sites with external users.
Error: The term 'Get-SPOSite' is not recognized as the name of a cmdlet, function, script file, or operable program.
This happens because the SharePoint Online module may not be installed properly.
Troubleshooting hint :Install the SharePoint Online PowerShell module. If it is already installed, updating it could resolve the issue.
// Run the below cmdlet for installing it.Install-Module -Name Microsoft.Online.SharePoint.PowerShell
// Run the below cmdlet for updating it.Update-Module -Name Microsoft.Online.SharePoint.PowerShell
Error: Welcome to SharePoint Online. This invitation cannot be accepted by the current signed in user. You'll need to accept the invitation using a different account.
This error occurs when a user fails to accept an external sharing invitation as they are already signed into a personal Microsoft account in their browser, and then copies the invitation link to the browser.
Troubleshooting hint :Users must ensure that they are fully logged out of any personal accounts in their browser before accepting the SPO invitation.
Error: Your organization doesn’t allow sharing with users from this domain.
This happens because sharing with the external user’s domain may be blocked by your organization.
Troubleshooting hint :Run the below cmdlet to enable external sharing with the particular domain.
Set-SPOTenant -SharingDomainRestrictionMode "AllowList" -SharingAllowedDomainList "<Domain Name>"
Error: Add-SPOUser :The specified user could not be found
This happens when you add a new external user to a SharePoint Online site that does not have the permission to add new guests.
Troubleshooting hint :Run the below cmdlet to allow sharing SharePoint sites with new guest users.
Set-SPOSite -Identity <Site URL> -SharingCapability ExternalUserSharingOnly
See all available help manuals
×
×
Delivering Reports on Time
Want a desired Microsoft 365 reports every Monday morning? Ensure automated report distribution and timely delivery with AdminDroid’s Scheduling to your email anytime you need.
Schedule tailored reports to execute automatically at the time you set and deliver straight to the emails you choose. In addition, you can customize report columns and add intelligent filtering to the activities just from the previous day to suit your Microsoft 365 report requirements.
Set It, Schedule It, See Results - Your Reports, Your Way, On Your Time!
Time SavingAutomationCustomizationIntelligent Filtering
Give Just the Right Access to the Right People
Grant fine-tuned access to any Microsoft 365 user with AdminDroid’s Granular Delegation and meet your organization’s security and compliance requirements.
Create custom roles loaded with just the right permissions and give access to admins or normal users within AdminDroid. The result? A streamlined Microsoft 365 management experience that aligns your organization's security protocols and saves your invaluable time and effort.
Align, Define, Simplify: AdminDroid's Granular Delegation
Smart Organizational ControlEffortless M365 ManagementSimplified Access
Advanced Alerts at a Glance
Receive quick notifications for malicious Microsoft 365 activities. Engage with the AdminDroid’s real-time alert policies crafted to streamline your security investigations.
Stay informed of critical activities like suspicious emails and high-risk logins, bulk file sharing, etc. Through creating and validating ideal alert policies, AdminDroid provides a comprehensive approach to real-time monitoring and management of potential threats within your organization.
AdminDroid Keeps You Always Vigilant, Never Vulnerable!
Proactive ProtectionReal-time MonitoringSecurity IntelligenceThreat Detection
Merge the Required Data to One Place
Combine multiple required columns into one comprehensive report and prioritize the information that matters most to you with AdminDroid’s Advanced Column Customization.
This column merging capability offers a flexible way to add different columns from various reports and collate all the essential data in one place. Want to revisit the customized report? Save it as a 'View’, and your unique report is ready whenever you need it.
Merge with Ease and Save as Views!
Custom ReportingUnique ViewDesired ColumnsEasy Data Interpretation
Insightful Charts and Exclusive Dashboards
Get a quick and easy overview of your tenant's activity, identify potential problems, and take action to protect your data with AdminDroid’s Charts and Dashboards.
With AdminDroid charts and dashboards, visualize your Microsoft 365 tenant in ways you've never thought possible. It's not just about viewing; it's about understanding, controlling, and transforming your Microsoft 365 environment.
Explore Your Microsoft 365 Tenant in a Whole New Way!
Executive overviewsInteractive insightsDecision-makingData Visualization
Efficient Report Exporting for Microsoft 365
Downloading your reports in the right file format shouldn’t be a hassle with AdminDroid’s Report Export. Experience seamless report exporting in various formats that cater to your needs.
Navigate through diverse options and export Microsoft 365 reports flawlessly in your desired file format. Tailor your reports precisely as you need them and save them directly to your computer.
Take Control, Customize and Deliver- Your Office 365 Data, Exported in Your Way!
Easy ExportSeamless DownloadingData ControlManage Microsoft 365