Sensitive SharePoint Sites SHOULD Adjust Their Default Sharing Settings
PreviousExternal Sharing SHOULD be Set to “New and Existing Guests”NextExpiration Times for Guest Access to a Site SHOULD Be Determined by specific needs
Last updated
SharePoint allows sharing with users who are outside the agency, which is convenient but may pose a data loss or other information security risk. This working group recommends outside of the default organizational settings agencies should evaluate each created site and adjust sharing settings best aligned to their respective sensitivity level.
Sharing settings for specific SharePoint sites SHOULD align to their sensitivity level
Any tenant with SharePoint online licensing can access this setting.
Managing SharePoint Online Security: A Team Effort | Microsoft Learn
To limit external sharing by domain, in the SharePoint admin center:
Select Sites.
Select Active sites.
Select Site name.
Select Add domains.
Select Policies.
Under external sharing, select Edit.
Select permissions aligning to the risk posture associated with the sensitivity of the SharePoint site.
Select Save.
Level: Medium
Depending on the selection here, users will be restricted in sharing links of documents within the SharePoint Site.
Tips
There should be guidance provided on document repository structure.
Leverage some type of form for when users want to create a new SharePoint site to see if it will contain sensitive information.
Set-SPOSite (Microsoft.Online.SharePoint.PowerShell) | Microsoft Learn
Last updated