SharePoint Online: Why you should not Share your main site to external? What are the best practice?

As an organization, anything that is internal stays internal and if anything needs to be share to external, are only provided view permission to only specific site or documents, especially organization’s SharePoint Online or On premises main sites.

Providing sharing option for external is dangerous as this will causes sudden surprise of deleted sites or deleted documents, and users will start to compliant asking and demanding “How come that my site get deleted?” and another disadvantage is that even “Security & Compliance’s Audit Logging & SharePoint Audit Logging”, will not provide you the details of whom has perform the operation, because allowing anonymous to access to your organization’s main sites or any other private sites will not have result shown in audit logging.

For private sites or department sites, SharePoint Online share site permission, by default is Edit. Thus, if this falls on the hands of external, he or she can have the rights to delete or modify anything within the organization’s sites and copy any Private & confidential documents and exploit your data.

*Note:

  • Office 365 group is equal to SharePoint private site.
  • Only Owner of site has permission to perform deletion
  • If audit logging is not enable on the site, activities will not shown in Security & Compliance and SharePoint Online Audit report
  • By default, audit logging is disable for private sites

Best practices;

  1. Set sharing for Main site to “Allow only internal”
  2. Try to make use of OneDrive for document sharing
  3. Enable Rights Management Service for SharePoint Online
  4. Anything internal, Stays internal
  5. Educate users on the risk of sharing to external parties
  6. Enabled Audit logging for all private sites (Only owner of the sites has permission)
    • Without this you Global admin has no visibility to that site’s behavior, even with Security & Compliance
  7. Restrict users from creating Office 365 groups (optional)

 

Author: sabrinaksy

Just a little girl who love what she does best.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s