Manage SharePoint Oversharing

What is SharePoint Oversharing?

SharePoint oversharing occurs when content such as files or folders in SharePoint sites is shared with people who should not have access to them or should have a lower level of permissions. This often results from sharing settings being too permissive, user mistakes, or a lack of proper oversight and control. When oversharing occurs, it can lead to serious issues like data breaches, leaking of sensitive information, and even breaking compliance rules. To prevent this, it’s crucial to enforce strict access controls, conduct regular audits, educate users on proper sharing practices, and set up policies that ensure information is only shared with those who truly need it.

Sharing content within SharePoint sites is incredibly easy, designed to make collaboration seamless. With just a few clicks, users can share documents, files, or entire folders with colleagues or external users. SharePoint offers multiple sharing options, such as sending a link via email, setting permissions directly from the document, or generating a shareable link with customizable access levels. However, this ease of sharing also makes it easy for users to accidentally overshare. For example, creating an “anyone” link without setting an expiry date can unintentionally grant access to sensitive information. While this user-friendly system enhances productivity, it’s crucial for users to be mindful of sharing settings to avoid potential security risks.

An example of how easily oversharing can occur is as follows. If a user clicks the share button on a file or folder, they have the option to specify the user by name, group, or email. They can also set the required permission by clicking the pencil icon and can set additional options such as ‘Set password’ and ‘Set expiration date’ by clicking the settings cog icon. However, as busy individuals, it’s often easy to overlook such settings and simply share by clicking the ‘Copy link’ button, resulting in an anyone link without an expiry date set.

How to create a sharing link in Microsoft SharePoint and avoid SharePoint Oversharing.

It may be that within your SharePoint environment, your organization does not allow anyone sharing links. However, this too can be a security risk. If a user needs someone external to your organization to have access to a file, and SharePoint does not allow the file to be shared, the user might use other technologies, such as Dropbox, to share the file. This results in a lack of control for the organization.

As a Site Owner, it is a good idea to consider whether sharing should be allowed within your site and to what level. The following Site Sharing Settings can be configured by navigating to Settings -> Site permissions -> Change how members can share.

  • Site owners and members can share files, folders, and the site. People with Edit permissions can share files and folders.
  • Site owners and members, and people with Edit permissions can share files and folders, but only site owners can share the site.
  • Only site owners can share files, folders and the site.

If it is likely that your department, and therefore your site contains content that should not be shared externally, you should consider the bottom option of ‘Only site owners can share files, folders, and the site.’

Manage who can share SharePoint content

As you can see, the ability to share content within your site is configurable at both the tenant and site levels. However, as a site owner responsible for managing your content and its security, it is important to carefully consider who should be able to share content. By default, all members of your SharePoint site typically have Edit permissions, which allows them to share files or folders without restriction. It is crucial to review and adjust these settings to ensure that only authorized individuals have the ability to share content, thereby maintaining better control and security over your site’s resources.

How to manage SharePoint oversharing from a Administrator perspective

Oversharing can be restricted at the Microsoft 365 tenant level by accessing the Microsoft 365 Admin Center, SharePoint Admin Center, and Sharing Policies.

In the External sharing section, you can control permissions from the most restrictive setting (“Only people in your organization”) to the most permissive (“Anyone”). As a site owner, you can further restrict sharing options at the site level. However, even the most restrictive settings can lead to a loss of control, as users may turn to alternative applications for sharing content. Additionally, people within your organization can pose a potential risk. It’s possible that information you should not have access to is shared with you. Therefore, sharing should always be carried out responsibly to maintain security and control.

File and folder links can also be controlled centrally from the SharePoint Admin Center. Note that the default type of link can be configured to ‘Specific People’ rather than ‘Anyone with the link.’ Additionally, the default permission level can be set to View rather than Edit. Expiration and permission options can also be configured, ensuring that ‘Anyone’ links have an expiry date. These settings help enforce stricter access controls and enhance the security of shared content.

How to report on SharePoint oversharing.

There are several options when it comes to reporting on SharePoint oversharing.

PowerShell scripts provide a powerful option for managing and reporting on sharing links within your SharePoint environment. For example, the script below demonstrates how you can retrieve sharing links for a specific site. Note that you will need the necessary permissions to enumerate sharing links within the site being queried.

Using PowerShell scripts offers several advantages:

  1. Automation: You can automate repetitive tasks, such as generating reports or updating permissions, which saves time and reduces the risk of human error.
  2. Customization: Scripts can be tailored to meet specific requirements, such as filtering for particular types of sharing links or formatting output data in a specific way.
  3. Efficiency: Running a script can quickly gather information from large datasets or across multiple sites, providing a comprehensive overview that would be time-consuming to compile manually.

Below is an example of a PowerShell script that reports on sharing links within a specified SharePoint site:

# Install required module if not already installed
Install-Module -Name PnP.PowerShell -Force -AllowClobber

# Define the site URL
$siteUrl = "https://yourtenant.sharepoint.com/sites/yoursite"

# Connect to the SharePoint site
Connect-PnPOnline -Url $siteUrl -Interactive

# Get all lists in the site
$lists = Get-PnPList

# Initialize array to hold the report data
$reportData = @()

foreach ($list in $lists) {
# Get all items in the list
$items = Get-PnPListItem -List $list.Title

foreach ($item in $items) {
# Get sharing links for each item
$sharingLinks = Get-PnPSharingLink -List $list.Title -Identity $item.Id

foreach ($link in $sharingLinks) {
# Add sharing link details to the report data
$reportData += [PSCustomObject]@{
ListTitle = $list.Title
ItemId = $item.Id
LinkId = $link.Id
LinkUrl = $link.Url
LinkScope = $link.Scope
LinkExpires = $link.ExpirationDateTime
}
}
}
}

# Export the report data to a CSV file
$reportData | Export-Csv -Path "SharePointSiteSharingLinksReport.csv" -NoTypeInformation

# Disconnect from the SharePoint site
Disconnect-PnPOnline

Write-Host "Report generated successfully and saved to SharePointSiteSharingLinksReport.csv"

Reporting within the SharePoint Site

Within the SharePoint site, you can either report on sharing links for each file or folder individually, which would be extremely time-consuming, or you can use the Site Usage Report.

Using the Site Usage Report provides a more efficient way to gather comprehensive data about sharing activities. This report gives you an overview of how files and folders are being shared within your site, who is accessing them, and how frequently they are being accessed. By utilizing the Site Usage Report, you can quickly identify potential oversharing issues and take necessary actions to secure your content.

Here are the steps to access the Site Usage Report:

  1. Navigate to the Site: Go to the SharePoint site you want to analyze.
  2. Access Site Settings: Click on the gear icon (Settings) in the top right corner.
  3. View Site Usage: Select “Site usage” from the dropdown menu.

The Site Usage Report includes key metrics such as:

  • Total Views and Visits: Shows how many times your site has been viewed and visited.
  • Popular Content: Highlights the most viewed and accessed files and folders.
  • Shared with External Users: Lists files and folders that have been shared with users outside your organization.

By leveraging the Site Usage Report, you can efficiently monitor and manage sharing activities, ensuring that your SharePoint site remains secure and compliant.

Reporting File or Folder at a time.

To report on a file or folder individually, you can select the file or folder, and then choose “Manage Access.” In the Manage Access dialog, select “Links.” Here, you can view, remove, or modify the sharing link.

While this method allows you to check and manage sharing links for specific files or folders, it is time-consuming and impractical for large-scale reporting or management. However, if you need to focus on a particular file or folder, this approach is effective for ensuring the correct sharing settings.

Here are the steps to manage sharing links for an individual file or folder:

  1. Select the File or Folder: Navigate to the specific file or folder in your SharePoint site.
  2. Manage Access: Click on the three dots (ellipsis) next to the file or folder name, and select “Manage Access.”
  3. View Links: In the Manage Access dialog, select “Links” to view all sharing links associated with the file or folder.
  4. Modify or Remove Links: You can then remove or modify the sharing links as needed to ensure appropriate access.

While this method is useful for detailed management of specific files or folders, it does not scale well for managing multiple items. For broader reporting and management, consider using automated scripts or the Site Usage Report to gain comprehensive insights and control over sharing activities within your SharePoint site.

From the Site settings, choose Site Usage, and scroll down to the Shared with External Users section. You’ll be able to see any sharing links with external users. The report does not include all sharing links, but will at least focus on what is shared externally.

Here are the steps to access the Site Usage Report:

  1. Navigate to the Site: Go to the SharePoint site you want to analyze.
  2. Access Site Settings: Click on the gear icon (Settings) in the top right corner.
  3. View Site Usage: Select “Site usage” from the dropdown menu.
  4. Shared with External Users: Scroll down to the “Shared with external users” section. This will show you any sharing links with external users. Note that this report does not include all sharing links but focuses on what is shared externally.

The Site Usage Report includes key metrics such as:

  • Total Views and Visits: Shows how many times your site has been viewed and visited.
  • Popular Content: Highlights the most viewed and accessed files and folders.
  • Shared with External Users: Lists files and folders that have been shared with users outside your organization.

The ‘Run Report’ option will give you a complete list of users and everything that they have access to within a CSV file. You can then filter the report to see the information that you require.

Learn How DeliverPoint can help with SharePoint Oversharing.

DeliverPoint is a powerful permissions management and reporting tool designed for Site Owners and Site Collection Administrators within SharePoint environments. This tool provides contextual reports that make it easy to manage and report on permissions across single or multiple sites and site collections.

One of the features of DeliverPoint is its Sharing Link reports. These reports display detailed information about sharing links across your SharePoint sites, enabling you to identify and manage permissions efficiently. With DeliverPoint, you can see who has access to what, ensuring that only the appropriate individuals have access to sensitive content.

Key capabilities of DeliverPoint include:

  • Contextual Reporting: DeliverPoint offers contextual reports that are tailored to the specific needs of Site Owners and Administrators, providing permission information and management capabilities such as copy, transfer, delete permissions.
  • Comprehensive Permissions Overview: Easily report on and manage permissions across single or multiple sites and site collections.
  • Sharing Link Management: DeliverPoint’s Sharing Link reports allow you to view all sharing links, making it simple to manage them in bulk. You can set expiry dates or remove sharing links across multiple sites and collections, reducing the risk of unauthorized access.
  • Bulk Management: The tool’s bulk management features save time and effort by enabling the simultaneous adjustment of permissions and sharing settings for multiple items. This is particularly useful for large organizations with extensive SharePoint environments.
  • Ease of Use: Designed with user experience in mind, DeliverPoint provides an intuitive interface that simplifies the complex task of permissions management, making it accessible even to those who may not have advanced technical skills.

By leveraging DeliverPoint, Site Owners and Site Collection Administrators can maintain tighter control over sharing links. Learn more in the video below:

Related Posts
Clear Filters

Add Comment