CISA.MS.SHAREPOINT.3.3 - Reauthentication days for people who use a verification code SHALL be set to 30 days or less.
Overviewβ
Reauthentication days for people who use a verification code SHALL be set to 30 days or less.
Rationale: Requiring periodic reauthentication via verification codes ensures that external users maintain valid access and reduces the risk of prolonged unauthorized access through stale sessions.
Remediation action:β
- Sign in to the SharePoint admin center.
- Select Policies > Sharing.
- Under Advanced settings, check Guests must sign in using the same account to which sharing invitations are sent.
- Check People who use a verification code must reauthenticate after this many days and set to 30 days or less.
- Select Save.
Related linksβ
Test Metadataβ
| Field | Value |
|---|---|
| Test ID | CISA.MS.SHAREPOINT.3.3 |
| Severity | Unknown |
| Suite | CISA |
| Category | spo |
| PowerShell test | Test-MtCisaSpoVerificationCodeReauth |
| Tags | CISA, CISA.MS.SHAREPOINT.3.3, MS.SHAREPOINT, MS.SHAREPOINT.3.3 |
Sourceβ
- Pester test:
tests/cisa/spo/Test-MtCisaSpoVerificationCodeReauth.Tests.ps1 - PowerShell source:
powershell/public/cisa/spo/Test-MtCisaSpoVerificationCodeReauth.ps1