As an organization, anything that is internal stays internal and if anything needs to be share to external, are only provided view permission to only specific site or documents, especially organization’s SharePoint Online or On premises main sites.
Providing sharing option for external is dangerous as this will causes sudden surprise of deleted sites or deleted documents, and users will start to compliant asking and demanding “How come that my site get deleted?” and another disadvantage is that even “Security & Compliance’s Audit Logging & SharePoint Audit Logging”, will not provide you the details of whom has perform the operation, because allowing anonymous to access to your organization’s main sites or any other private sites will not have result shown in audit logging.
For private sites or department sites, SharePoint Online share site permission, by default is Edit. Thus, if this falls on the hands of external, he or she can have the rights to delete or modify anything within the organization’s sites and copy any Private & confidential documents and exploit your data.
- Office 365 group is equal to SharePoint private site.
- Only Owner of site has permission to perform deletion
- If audit logging is not enable on the site, activities will not shown in Security & Compliance and SharePoint Online Audit report
- By default, audit logging is disable for private sites
- Set sharing for Main site to “Allow only internal”
- Try to make use of OneDrive for document sharing
- Enable Rights Management Service for SharePoint Online
- Anything internal, Stays internal
- Educate users on the risk of sharing to external parties
- Enabled Audit logging for all private sites (Only owner of the sites has permission)
- Without this you Global admin has no visibility to that site’s behavior, even with Security & Compliance
- Restrict users from creating Office 365 groups (optional)