Data Protection
Harden Microsoft 365 SharePoint and OneDrive Sharing Controls
Reduce accidental data exposure by tightening external sharing defaults, link permissions, and access governance.
Set restrictive tenant-wide defaults
Default configurations often prioritize convenience over risk.
Tighten baseline settings for link scope, expiration, and domain restrictions.
Action checklist
- Set default links to specific people or organization-only.
- Require expiration for external links.
- Block sharing to unapproved external domains where possible.
Apply site-level sensitivity controls
Not all sites require the same sharing posture.
Use labels and site policies to differentiate high-risk repositories.
Action checklist
- Identify high-sensitivity sites.
- Apply stricter sharing controls to sensitive content.
- Restrict external sharing for confidential workspaces.
Govern guest access lifecycle
Guest access should be time-bound and reviewable.
Stale guest accounts increase long-term exposure risk.
Action checklist
- Enable guest access expiration and review policies.
- Require business justification for external invites.
- Automate removal of inactive guests.
Monitor sharing anomalies
Visibility into unusual sharing behavior helps detect data leakage early.
Track link creation spikes and unusual external download patterns.
Action checklist
- Set alerts for mass external sharing events.
- Review anonymous link usage trends.
- Investigate high-volume external access anomalies.