How to Prevent Oversharing Sensitive Data in SharePoint Using PowerShell

By /

Listen to this Post

Featured Image
In many organizations, users inadvertently create company-wide sharing links instead of specific people links, exposing sensitive content to unintended audiences. This can lead to data leaks and compliance violations.

You Should Know: PowerShell Commands to Secure SharePoint Sharing

To disable company-wide sharing links in SharePoint Online, use the following PowerShell command:

Set-SPOSite -Identity "<SiteURL>" -DisableCompanyWideSharingLinks Disabled

Steps to Implement This Securely:

1. Connect to SharePoint Online via PowerShell:

Connect-SPOService -Url https://yourdomain-admin.sharepoint.com -Credential (Get-Credential)

2. Verify Current Sharing Settings:

Get-SPOSite -Identity "<SiteURL>" | Select DisableCompanyWideSharingLinks

3. Disable Broad Sharing:

Set-SPOSite -Identity "<SiteURL>" -DisableCompanyWideSharingLinks Disabled

4. Enforce Strict Access Controls (Optional):

Set-SPOSite -Identity "<SiteURL>" -SharingCapability ExternalUserAndGuestSharing

Additional Security Measures:

  • Audit Existing Shares: 
    Get-SPOSite -Identity "<SiteURL>" | Get-SPOUser -Limit All | Where-Object { $_.IsSiteAdmin -eq $false }

  • Revoke Unnecessary Access: 

    Set-SPOUser -Site "<SiteURL>" -LoginName "[email protected]" -IsSiteCollectionAdmin $false

  • Enable SharePoint Audit Logging: 

    Set-SPOSite -Identity "<SiteURL>" -AuditLogRetentionPeriod 365

What Undercode Say

Preventing accidental oversharing in SharePoint is crucial for maintaining data security. PowerShell provides powerful automation to enforce strict sharing policies.

Related Linux & Windows Security Commands:

  • Linux (For SMB/CIFS Shares): 
    chmod 700 /path/to/confidential-folder  Restrict access
auditctl -w /path/to/folder -p wa -k sensitive_access  Monitor changes

  • Windows (File Server Auditing): 

    Auditpol /set /subcategory:"File Share" /success:enable /failure:enable

  • Microsoft 365 Compliance: 

    Get-RetentionCompliancePolicy -Identity "Strict Data Policy"

Expected Output:

A locked-down SharePoint site where sensitive data is only shared with explicitly authorized users, reducing the risk of internal breaches.

For further reading:

References:

Reported By: Jake Admindroid – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram

Related Posts: