search

Expiration Times for Guest Access to a Site SHOULD Be Determined by specific needs

hashtag
Description

SharePoint allows sharing with users who are outside the agency, which is convenient but may pose a data loss or other information security risk. This working group recommends setting an expiration time for guest access to the site or OneDrive

hashtag
Policy

  • Expiration timers for ‘guest access to a site or OneDrive’ and ‘people who use a verification code’ SHOULD be set.

  • Expiration timers SHOULD be set to 30 days.

hashtag
Licensing Considerations

Any tenant with SharePoint online licensing can access this setting.

hashtag
Set-Up Instructions

Managing SharePoint Online Security: A Team Effort | Microsoft Learnarrow-up-right

To limit external sharing by domain, in the SharePoint admin center:

  1. Select Policies -> Sharing.

  2. Expand More external sharing settings.

  3. Select Guest access to a site or OneDrive will expire automatically after this many days.

  4. Enter “30” days.

  5. Select People who use a verification code must reauthenticate after this many days.

  6. Enter “30” days.

hashtag
End-User Impact

circle-info

Level: Low

• Users may have to reshare new links if the existing ones expire before the interaction with external users is complete.

circle-info

Tips

None Currently

hashtag
PowerShell Scripts

Set-SPOSite (Microsoft.Online.SharePoint.PowerShell) | Microsoft Learnarrow-up-right

Best practices for unauthenticated sharing | Microsoft Learnarrow-up-right

hashtag
Videos

None Currently

PreviousSensitive SharePoint Sites SHOULD Adjust Their Default Sharing SettingsNextUsers SHALL Be Prevented from Running Custom Scripts

Last updated