Audit SharePoint External Sharing in Microsoft 365 (2024)

• To collaborate with external users in Microsoft SharePoint, such as clients, vendors, or partners, organizations can work on common projects, share files, and communicate easily across organizations.
• To eliminate the need for manual sharing of files, sites with external access allow for sharing to personal emails ensuring that all clients, vendors, or partners have access to the latest versions of documents and can co-author in real-time.
• To ensure secure file sharing, SharePoint provides various sharing policies and permissions.

• Login to the SharePoint Online admin enter. Navigate to Policies»Sharing.
• Choose the external sharing level as per your requirement.

• Using SharePoint Online Admin Center Navigate to Sites»Active sites. Click on the desired site. Under the Settings tab, choose the mode of sharing from the External Sharing Capability drop-down box.
• Using Windows PowerShell Run the below PowerShell cmdlet to turn external sharing on or off for an individual SharePoint Online site.

Connect-SPOService -Url https://<yourtenantname>-admin.sharepoint.comSet-SPOSite -Identity <https://yourtenantname.sharepoint.com/sites/yoursite> -SharingCapability <SharingMode>

Need a unified view of SharePoint sites with their external sharing permission levels?

With AdminDroid, you can easily find the SharePoint sharing permission levels configured for each site from the External Sharing Capability column.

• Data leakage: Sharing SharePoint sites with external users increases the risk of unintentional data leakage. Users may inadvertently share files or folders with unintended recipients, potentially exposing confidential data.
• Risk of insider threats: External sharing expands the risk of insider threats, as employees who have access to shared sites may intentionally or unintentionally disclose sensitive information to unauthorized parties, compromising data security.
• Lack of control: On sharing files externally with SharePoint, organizations have less control over how those files are accessed and used. Monitoring their activities and tracking the flow of information becomes challenging.

Never let any activities performed by external users on SharePoint files go unnoticed!

With AdminDroid, you can monitor the file access activities by external users on SharePoint sites in your organization.

• SharePoint Online Admin Center To check sharing level of SharePoint sites, navigate to Sites»Active sites.
• Microsoft PowerShell Run the PowerShell cmdlet provided to get the SharePoint Online external sharing report.

• Login to the SharePoint Online admin center.
• Navigate to Sites»Active sites. Click the site from the site’s list and click on the “Sharing” button in the toolbar.
• Set up expiration of guest access from the Advanced settings for external sharing section.

Investigate extended guest access periods to uphold data security and mitigate potential risks!

With AdminDroid, you can track the activities related to changes in guest access period for sharing invitations.

• Limit external sharing level : While enabling external sharing at the organizational level, avoid setting the sharing level to "Anyone" which is the most permissive.
• Apply sensitivity labels for SPO sites : Use sensitivity labels for "Groups & sites" and label highly confidential sites to be shared only with people in your organization. These labels override the sharing settings of sites configured at the site and the organizational level.
• Limit external sharing to specific security groups : Create security groups that will allow users in those groups to share externally while also preventing unauthorized sharing.
• Limit external sharing by domain : Add trusted domains so that contents in your SharePoint sites can be shared with those domains only.
• Set an expiration date for Anyone links : If you want to set the sharing level to "Anyone", set up guest expiration periods for those links and restrict the permissions to "View" mode.