We have seen many “Aha” moments when we provide an external sharing permissions report* and the company in question realises just what (and how much) is being shared externally with SharePoint and Teams.
Normally, when we carry out an analysis (and take remedial action), it’s in advance of a migration or the rollout of a remote working strategy.
Now – thanks to COVID-19 – you will be starting collaboration immediately and with external users including third party vendors, external contractors and customers. As such, you could be exposing your content and company to data loss, data manipulation etc.
Here are three key areas you should be investigating to protect your systems and data:
- External Access Rights – Check for any access rights to SharePoint that may have given to external contractors or clients. This Microsoft article provides the PowerShell that will enable you to pull a SharePoint external user list. https://docs.microsoft.com/en-us/powershell/module/sharepoint-online/get-spoexternaluser?view=sharepoint-p You can also do similar in the Microsoft 365 Admin Center.
- Excess Access Rights – If entire sites (and not just individual documents) were unwittingly shared with external users, there is always the possibility of ‘leftover’ access that the company is unaware of.
- User-Granted Access – If end users (and not IT) have been able to give the rights to share directly- there is almost definitely some content being shared externally that IT, Legal and your Data Protection Officer does not know about. Keep an eye out for the ability for admins to apply sensitivity labels to content in Teams, Office 365 groups and SharePoint containers that will override any previously used (currently in public review) https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels-teams-groups-sites?view=o365-worldwide
*The external sharing permissions report is one of the many reports generated from our Collaboration Security & Governance Workshop.
Others reports we deliver as part of this service include:
- A full permissions matrix
- Orphaned users
- Sites and Libraries (with Custom Permissions)
- Library items with explicit permissions to users
- Current configurations & settings for Teams & Yammer Tenants