Skip to main content
Version: 2.1.1-preview

CISA.MS.SHAREPOINT.3.3 - Reauthentication days for people who use a verification code SHALL be set to 30 days or less.

Overview​

Reauthentication days for people who use a verification code SHALL be set to 30 days or less.

Rationale: Requiring periodic reauthentication via verification codes ensures that external users maintain valid access and reduces the risk of prolonged unauthorized access through stale sessions.

Remediation action:​

  1. Sign in to the SharePoint admin center.
  2. Select Policies > Sharing.
  3. Under Advanced settings, check Guests must sign in using the same account to which sharing invitations are sent.
  4. Check People who use a verification code must reauthenticate after this many days and set to 30 days or less.
  5. Select Save.

Test Metadata​

FieldValue
Test IDCISA.MS.SHAREPOINT.3.3
SeverityUnknown
SuiteCISA
Categoryspo
PowerShell testTest-MtCisaSpoVerificationCodeReauth
TagsCISA, CISA.MS.SHAREPOINT.3.3, MS.SHAREPOINT, MS.SHAREPOINT.3.3

Source​

  • Pester test: tests/cisa/spo/Test-MtCisaSpoVerificationCodeReauth.Tests.ps1
  • PowerShell source: powershell/public/cisa/spo/Test-MtCisaSpoVerificationCodeReauth.ps1