CISA.MS.SHAREPOINT.1.2 - External sharing for OneDrive SHALL be limited to Existing guests or Only People in your organization.
Overview
External sharing for OneDrive SHALL be limited to Existing guests or Only People in your organization.
Rationale: Restricting OneDrive sharing reduces the risk of unauthorized data exposure from individual user storage. Allowing broad external sharing of OneDrive content increases the attack surface.
Remediation action:
- Sign in to the SharePoint admin center.
- Select Policies > Sharing.
- Adjust external sharing slider for OneDrive to Existing guests or Only people in your organization.
- Select Save.
Related links
Test Metadata
| Field | Value |
|---|---|
| Test ID | CISA.MS.SHAREPOINT.1.2 |
| Severity | Unknown |
| Suite | CISA |
| Category | spo |
| PowerShell test | Test-MtCisaSpoOneDriveSharing |
| Tags | CISA, CISA.MS.SHAREPOINT.1.2, MS.SHAREPOINT, MS.SHAREPOINT.1.2 |
Source
- Pester test:
tests/cisa/spo/Test-MtCisaSpoOneDriveSharing.Tests.ps1 - PowerShell source:
powershell/public/cisa/spo/Test-MtCisaSpoOneDriveSharing.ps1