Identifying, Evaluating, and Tracking Open Shares for External Users with Microsoft M365 E3

“To share or not to share” is not the question this week, because we all know that your organization relies on sharing and working with information both internally and externally. So this week Detexian’s CTO Adrian Kitto is enabling you to identify and track the risks that external shares in Microsoft M365 are introducing into your organization. 

In case you missed it last time, please check out:

1. Part 1: Who / What / Why does the mid-market all have Microsoft M365 E3 licenses

2. Part 2: How does Microsoft M365 E3 work with the non-Microsoft ecosystem applications?

3. Part 3: Discovering user consented apps with Microsoft M365 E3

4. Part 4: Identifying and removing inactive users with Microsoft M365 E3

5. Part 5: Calculating inferred or effective MFA for non-Microsoft applications

6. Part 6: Privileged Access Management in non-SCIM apps with Microsoft M365 E3
   
   
   

Introduction

In today's interconnected world, collaboration and data sharing have become essential components of a successful business. To facilitate this, organizations often use cloud-based services like Microsoft 365 (M365) to enhance productivity and streamline workflows. While M365 offers various collaboration features, it's crucial for businesses to maintain control over their data and security. One potential vulnerability that poses a significant risk to company data is open shares for external users, including guests or anyone with link shares.

In this blog post, we will delve into the importance of identifying, evaluating, and tracking open shares, and how the native tools in Microsoft M365 E3 can help businesses address these security concerns. Additionally, we'll explore the risks associated with open shares and provide a practical PowerShell example to export all open shares to a CSV file.

The Risks of Open Shares for External Users

Open shares, such as guest links or links accessible to anyone with the link, may seem convenient for sharing information with external collaborators. However, they can also present serious security risks to a company's sensitive data. Let's delve deeper into the potential risks associated with open shares and the detrimental consequences they can bring to an organization.

1. Data Leakage and Exfiltration: One of the most significant dangers of open shares is the risk of data leakage and exfiltration. When sensitive company information is shared with external users without proper access controls, there's an increased likelihood of unauthorized individuals gaining access to the data. It takes just one inadvertent or malicious act to expose confidential financial data, customer information, intellectual property, or strategic plans. This data leakage can result in severe financial losses, tarnished reputation, and even legal repercussions if the leaked data involves customers' personally identifiable information (PII) or violates data protection regulations.
   
   

2. Unauthorized Access and Data Manipulation: External users granted access to open shares may inadvertently or deliberately modify, delete, or manipulate critical files and documents. Whether it's accidental deletion or intentional sabotage, unauthorized data alterations can lead to disruptions in business operations, data integrity issues, and, in some cases, irreversible damage to the organization's reputation and trust among customers and partners.
   
   

3. Loss of Intellectual Property and Competitive Advantage: Intellectual property (IP) is the lifeblood of many businesses, providing a competitive edge in the market. Open shares make it easier for unscrupulous competitors to gain unauthorized access to sensitive company information, trade secrets, product designs, and proprietary algorithms. Losing control over such valuable assets can significantly impact a company's competitive advantage and potentially lead to a loss of market share.
   
   

4. Compliance and Regulatory Concerns: Many industries are bound by strict regulatory requirements, such as GDPR (General Data Protection Regulation) in Europe or HIPAA (Health Insurance Portability and Accountability Act) in the healthcare sector. Non-compliance with these regulations can result in hefty fines and penalties. Open shares that expose sensitive data, particularly personal and financial information, can be a major compliance risk. Organizations must take adequate measures to ensure data protection, even when collaborating with external partners.
   
   

5. Phishing and Social Engineering Attacks: Cybercriminals are known for their cunning tactics in exploiting security weaknesses. Open shares can become unwitting conduits for phishing attacks and social engineering schemes. Malicious actors can host fake login pages or distribute malware through seemingly legitimate links, tricking employees or external users into providing login credentials or unknowingly downloading harmful software. Such attacks can lead to further data breaches or unauthorized access to internal systems.
   
   

6. Uncontrolled Data Spread: Open shares can lead to uncontrolled data spread across various platforms and devices. When files and documents are shared openly, tracking and maintaining control over the data becomes challenging. This lack of visibility can hinder data governance efforts and make it difficult for organizations to ensure that data is being handled and stored securely.
   
   

To mitigate these risks, organizations need to establish a comprehensive security strategy that includes regular audits of open shares, robust access controls, employee training on secure data sharing practices, and leveraging the native security features provided by Microsoft M365 E3. A proactive and vigilant approach is essential to maintaining data integrity, confidentiality, and compliance in an ever-evolving digital landscape. By recognizing the potential risks and implementing appropriate measures, businesses can foster a secure and collaborative environment for their workforce and external partners alike.

Identifying Open Shares across SharePoint and OneDrive

To mitigate the risks mentioned above, businesses need to identify and evaluate open shares within their M365 environment. Fortunately, Microsoft offers tools and features to help administrators locate these shares and manage them effectively.

1. SharePoint: To identify open shares within SharePoint, administrators can use the "Sharing" settings in the SharePoint admin center. This will display all the sites and documents that have been shared externally. Additionally, administrators can enable "External sharing reports" to receive periodic reports on external sharing activities.
   
   

2. OneDrive: For OneDrive, administrators can access the "Sharing" settings in the OneDrive admin center. This will provide insights into external sharing activities for individual users' OneDrive accounts.
   
   

Microsoft 365 Security & Compliance Center: The Security & Compliance Center offers advanced tools to discover, analyze, and manage open shares across the entire M365 environment. Using tools like eDiscovery, administrators can search for open shares based on specific criteria, such as users or date ranges.

PowerShell Example: Exporting Open Shares to CSV

Below is an example of a PowerShell script to export all open shares to a CSV file:

# Connect to SharePoint Online and OneDrive for Business

Connect-SPOService -Url https://yourtenant-admin.sharepoint.com

# Get all sites in SharePoint Online

$allSites = Get-SPOSite -Limit All

# Initialize an array to store results

$openShares = @()

# Loop through each site to find open shares

foreach ($site in $allSites) {

    $siteUrl = $site.Url

    $siteTitle = $site.Title

    # Get external sharing settings for the site

    $sharingSettings = Get-SPOSiteSharingCapability -Identity $siteUrl

    if ($sharingSettings -ne "Disabled") {

        $externalUsers = Get-SPOSiteUser -Site $siteUrl -Limit All | Where-Object { $_.SharingRole -ne "None" }

        foreach ($user in $externalUsers) {

            $userEmail = $user.Email

            $sharingRole = $user.SharingRole

            $openShares += New-Object PSObject -Property @{

                "SiteUrl" = $siteUrl

                "SiteTitle" = $siteTitle

                "UserEmail" = $userEmail

                "SharingRole" = $sharingRole

            }

        }

    }

}

# Export the results to a CSV file

$openShares | Export-Csv -Path "OpenShares.csv" -NoTypeInformation

Remember!! to test the script in a non-production environment and thoroughly review before running it in production.

Security thought for the week

As businesses increasingly embrace cloud-based collaboration, identifying, evaluating, and tracking open shares for external users becomes crucial for data security and compliance. Microsoft M365 E3 offers a set of tools and features to help administrators identify these open shares effectively. By proactively addressing the risks associated with open shares, organizations can protect their sensitive data, maintain compliance, and foster a secure collaborative environment for both internal and external users.

Till then, stay secure.

Adrian