In today’s digital workplace, external sharing with others is very important. You can easily send files and communicate with clients, partners, and suppliers. However, this ease can bring risks. For example, sharing files the wrong way can allow unauthorized individuals to access them. Studies show that about 25% of files are shared too much. A notable case is Ateam’s Google Drive mistake in 2023, which exposed private data to the public for over six years.
To keep sensitive information safe, you need to implement effective management and auditing methods for external sharing. This approach helps ensure compliance with regulations and reduces the risk of data leaks.
Key Takeaways
External sharing in Microsoft 365 helps work with clients and partners. But it can show sensitive data if not handled well.
Set strict rules and check often to manage external sharing. This helps lower the chances of unauthorized access.
Teach users about data loss prevention and sharing rules. This helps reduce accidental data leaks and insider threats.
Check access permissions often. Make sure only authorized users can see sensitive information, especially in risky areas.
Use Microsoft 365 tools like audit logs and alerts. These help watch external sharing activities and keep up with rules.
External Sharing Overview
External sharing in Microsoft 365 helps you work with people outside your company. This feature is important for better teamwork and communication with clients, partners, and suppliers. Microsoft 365 says external sharing means sharing content with users outside your organization. This includes:
Users with Microsoft 365 Accounts from their own organizations.
Users with Microsoft Accounts (like Outlook.com or Live.com).
Users with Non-Microsoft Accounts (like Gmail.com or Yahoo.com).
You can use external sharing for many reasons, such as:
Sharing a Team in Microsoft Teams.
Sharing a SharePoint Site.
Sharing a file or folder.
Sharing Methods
Microsoft 365 has different ways for external sharing. Each way meets different teamwork needs. Here’s a summary of the main ways:
These methods help you work well with guests. But they can also create risks if not managed carefully.
Risks of Unmanaged Sharing
Not managing external sharing can cause big security and compliance problems. Here are some main risks:
Also, unmanaged devices can be risky. Attackers might use these devices for bad actions, leading to possible data loss. In industries with strict rules, unmanaged external sharing can break laws like GDPR and HIPAA. Companies risk facing legal and money penalties for not following these rules. This is very important for industries that handle sensitive customer information, where compliance is closely watched.
To reduce these risks, you need strict governance policies. Regular audits and monitoring of external sharing activities can help you keep control over shared content and follow industry rules.
Configuring Sharing Settings
Setting up sharing settings in Microsoft 365 is very important. It helps keep your information safe while allowing teamwork. You can manage these settings in two ways: for the whole organization and for specific teams. Each way is important for controlling external sharing.
Tenant-Wide Settings
To set up external sharing correctly, start with the tenant-wide settings. These settings apply to your whole organization. They help you decide the sharing rules for SharePoint and OneDrive. Here’s how to set these up:
Go to the SharePoint Admin Center.
Click on ‘Policies’ and then ‘Sharing’.
Choose how much external sharing you want to allow for SharePoint and OneDrive.
Set the default sharing options for files and folders in SharePoint and OneDrive.
You have different choices for external sharing:
Anyone (Anonymous Sharing): This lets anyone access without signing in. It is the least safe option.
New and existing external users (Authenticated External Sharing): This needs a Microsoft account, making it safer.
Existing external users: This only shares with users you invited before, giving the best security.
Direct - Only people in your organization: This stops all external sharing, keeping everything very safe.
By choosing these options carefully, you can limit external sharing and keep sensitive information safe.
Team-Level Defaults
After setting tenant-wide options, look at team-level defaults. These settings let you change sharing options for certain teams or projects. Team-level defaults can greatly affect security when sharing with outside users.
By default, guest access is on in Microsoft Teams. This lets outside users work together, but you can change or turn off this feature to make it safer. The organization-wide sharing settings for SharePoint and OneDrive also impact external sharing. More open settings can cause security problems if not watched closely.
Here are some important things to remember about team-level defaults:
Team-level defaults help you adjust sharing settings for specific teams.
You can limit guest access to make things safer while still allowing needed teamwork.
Regularly check and change these settings to match your organization’s security rules.
By managing both tenant-wide and team-level sharing settings, you build a strong system for external collaboration. This way, you can support teamwork while keeping sensitive data safe.
Best Practices for External Sharing
When you share information with others, it’s very important to follow best practices. This helps keep sensitive data safe. Here are some good strategies to improve your security while working with guests.
Data Loss Prevention
Data Loss Prevention (DLP) policies are key to protecting your information when sharing. Here are some best practices for sharing that you should think about:
User Education: Teach your users about DLP policies. Make sure they know what to do if they get blocked when sharing.
Simulation Mode: Start by using the policy in simulation mode. This lets you watch sensitive information without bothering users.
Policy Tips and Notifications: Use policy tips and alerts. These help users understand sharing rules before blocking them.
Gradual Implementation: After users learn from alerts, turn on blocking but allow exceptions. This helps keep real teamwork going.
By following these practices, you can lower the chance of accidentally sharing sensitive data when sending files and folders.
User Education
Teaching users is very important to stop accidental sharing. Studies show that 62% of insider threats come from employee mistakes, costing companies about $307,000 each time. To reduce these risks, think about these training methods:
Frequent Training: Hold regular, short training sessions. These work better than once-a-year ones.
User-Friendly Communication: Make sure training materials are easy to read. Clearly explain what employees need to know.
Preparedness for Human Error: Understand that mistakes will happen. Support training with strong data protection rules.
Putting money into good training materials and courses will help your team spot threats, like phishing emails. Watching user behavior can also help find risky actions that might lead to accidental data sharing.
Governance in Managing External Sharing
Creating a governance plan is very important for managing external sharing well. Here are some key parts to think about:
Also, change default link permissions to View-Only to stop unauthorized changes. Making a guest access group for regular reviews can also improve your governance plan.
By using these best practices for sharing, you can balance the need to work together with security needs. This way, your organization stays compliant while allowing good teamwork with outside partners.
Auditing External Sharing Activities
Checking external sharing activities is very important for keeping security and following rules in Microsoft 365. You can see who shares what and when. This helps keep sensitive information safe. Microsoft gives you tools to help you check these activities well.
Using Audit Logs
You can use audit logs to watch external sharing events in SharePoint and OneDrive. These logs keep track of different activities, like file-sharing events. Here’s how to use these logs:
To track sharing activities, pay attention to specific events like SharingSet and UserExpirationChanged. This helps you ignore unimportant events and focus on those with real users, including guests. You can pull out and study the AuditData property for more details on sharing actions.
Microsoft 365 has features that improve your auditing skills:
Access Reviews
Doing regular access reviews is key for keeping control over external sharing permissions. You should check guest access often to make sure only allowed users can see sensitive information.
Regular access reviews help you keep up with changes in technology and user roles. They stop security problems and make sure you follow rules. For the best results, do access reviews every three months to stay updated on changing access rights and avoid possible security issues.
Governance Strategies
Creating a strong plan for managing external sharing is very important in Microsoft 365. This plan helps you handle risks while working with guests. A clear governance strategy makes sure you keep control over shared content and follow the rules.
Governance Framework
Your governance plan should have several key parts. These parts guide how you manage external sharing well. Here’s a table that shows the main options:
Besides these options, think about these strategies to improve your governance plan:
Manage non-staff users with guest controls in Teams, SharePoint, and Entra ID.
Control naming rules, privacy settings, and expiration policies for teams.
These strategies help you build a safe space for external sharing while allowing needed teamwork with guests.
Continuous Monitoring
Ongoing monitoring is key to keeping external sharing secure. By tracking sharing activities, you can quickly spot and react to possible security issues. Here’s a table that lists good monitoring practices and their benefits:
Regular audits and monitoring keep you updated on who accesses your data and how they use it. This ongoing watchfulness is crucial for protecting sensitive information and following the rules.
By setting up a strong governance plan and sticking to continuous monitoring, you can manage external sharing in Microsoft 365 well. This method not only boosts security but also creates a teamwork-friendly space where you can work confidently with guests.
Managing and checking external sharing in Microsoft 365 is very important for your organization’s safety and following rules. By matching your sharing settings with company rules, you can keep sensitive data safe while allowing secure teamwork.
Think about these benefits of good management:
Better audit reports
Alerts for risks and unwanted sharing
To keep following the rules, do these steps:
Write down your organization’s data types.
Set rules based on data types.
By using these strategies, you can improve data safety and support a teamwork-friendly space.
FAQ
What is external sharing in Microsoft 365?
External sharing lets you share files, folders, and sites with people outside your organization. This feature helps you work better with clients, partners, and suppliers while keeping sensitive information safe.
How can I manage external sharing settings?
You can manage external sharing settings in the SharePoint Admin Center. Change the settings for the whole organization and for specific teams to control how and with whom you share content.
What are the risks of unmanaged external sharing?
Not managing external sharing can cause unauthorized access, data leaks, and rule violations. Risks include anonymous links, guest users inviting others, and shadow IT practices.
How often should I conduct access reviews?
Do access reviews every three months for high-risk areas and every six months for medium-risk areas. Regular reviews help make sure only allowed users can access sensitive information.
What tools can I use for auditing external sharing?
You can use Microsoft 365 audit logs and access governance reports to track external sharing activities. These tools help you watch sharing events and follow the rules.
