CISA.MS.SHAREPOINT.1.3 - External sharing SHALL be restricted to approved external domains and/or users in approved security groups per interagency collaboration needs.
Overviewβ
External sharing SHALL be restricted to approved external domains and/or users in approved security groups per interagency collaboration needs.
Rationale: By limiting sharing to domains or approved security groups used for interagency collaboration purposes, administrators help prevent sharing with unknown organizations and individuals.
Remediation action:β
This policy is only applicable if the external sharing slider on the admin page is set to any value other than Only People in your organization.
- Sign in to the SharePoint admin center.
- Select Policies > Sharing.
- Expand More external sharing settings.
- Select Limit external sharing by domain.
- Select Add domains.
- Add each approved external domain users are allowed to share files with.
- Select Manage security groups
- Add each approved security group. Members of these groups will be allowed to share files externally.
- Select Save.
Related linksβ
Test Metadataβ
| Field | Value |
|---|---|
| Test ID | CISA.MS.SHAREPOINT.1.3 |
| Severity | High |
| Suite | CISA |
| Category | spo |
| PowerShell test | Test-MtCisaSpoSharingAllowedDomain |
| Tags | CISA, CISA.MS.SHAREPOINT.1.3, MS.SHAREPOINT, MS.SHAREPOINT.1.3 |
Sourceβ
- Pester test:
tests/cisa/spo/Test-MtCisaSpoSharingAllowedDomain.Tests.ps1 - PowerShell source:
powershell/public/cisa/spo/Test-MtCisaSpoSharingAllowedDomain.ps1