Skip to main content
Version: 2.1.1-preview

CISA.MS.SHAREPOINT.3.2 - Allowable file and folder permissions for Anyone links SHALL be set to View only.

Overview

Allowable file and folder permissions for Anyone links SHALL be set to View only.

Rationale: Allowing edit permissions on Anyone links increases the risk of unauthorized modifications to shared content. Restricting to View only limits the potential impact of anonymous access.

Remediation action:

  1. Sign in to the SharePoint admin center.
  2. Select Policies > Sharing.
  3. Under Advanced settings for Anyone links, set the file and folder permissions to View.
  4. Select Save.

Test Metadata

FieldValue
Test IDCISA.MS.SHAREPOINT.3.2
SeverityUnknown
SuiteCISA
Categoryspo
PowerShell testTest-MtCisaSpoAnyoneLinkPermission
TagsCISA, CISA.MS.SHAREPOINT.3.2, MS.SHAREPOINT, MS.SHAREPOINT.3.2

Source

  • Pester test: tests/cisa/spo/Test-MtCisaSpoAnyoneLinkPermission.Tests.ps1
  • PowerShell source: powershell/public/cisa/spo/Test-MtCisaSpoAnyoneLinkPermission.ps1