CISA.MS.SHAREPOINT.3.2 - Allowable file and folder permissions for Anyone links SHALL be set to View only.
Overview
Allowable file and folder permissions for Anyone links SHALL be set to View only.
Rationale: Allowing edit permissions on Anyone links increases the risk of unauthorized modifications to shared content. Restricting to View only limits the potential impact of anonymous access.
Remediation action:
- Sign in to the SharePoint admin center.
- Select Policies > Sharing.
- Under Advanced settings for Anyone links, set the file and folder permissions to View.
- Select Save.
Related links
Test Metadata
| Field | Value |
|---|---|
| Test ID | CISA.MS.SHAREPOINT.3.2 |
| Severity | Unknown |
| Suite | CISA |
| Category | spo |
| PowerShell test | Test-MtCisaSpoAnyoneLinkPermission |
| Tags | CISA, CISA.MS.SHAREPOINT.3.2, MS.SHAREPOINT, MS.SHAREPOINT.3.2 |
Source
- Pester test:
tests/cisa/spo/Test-MtCisaSpoAnyoneLinkPermission.Tests.ps1 - PowerShell source:
powershell/public/cisa/spo/Test-MtCisaSpoAnyoneLinkPermission.ps1