ShareGate makes it easy to ensure external users have access to the right things in Microsoft 365. We walk you through how to set up automated external sharing reviews in-app—so you can sit back and relax.
Sharing content is an important piece of the collaboration puzzle—especially when working with clients, vendors, and other people outside your organization. Microsoft 365 enables you to easily share files with people from outside your organization, but it still does have its risks.
Although it might sound tempting to disable external sharing entirely, this could end up making the problem worse; if you get in the way of employees being able to their work, they’ll just go around you and use other, unapproved tools.
But the convenience of self-service means you need to make sure you’re keeping track of what’s been shared and who has access. With ShareGate—our automated governance tool—you can proactively engage with owners to make sure they’re reviewing their group’s external sharing links regularly. That way, you’re sure your data stays secure on an ongoing basis. Explore our solution for staying on top of Microsoft Teams security here.
Do you know how many files are shared outside your organization?
Should those budget spreadsheets still be shared with your organization’s former accounting firm? Who still has access to last quarter’s user research reports?
Even with all the right settings configured, securing content is a lot easier when you can see everything that’s been shared externally.
Consider the following:
- When contracts come to an end, how do you make sure former collaborators no longer have access to your content?
- As employees move between project-based teams or leave the company, how do you ensure their old access is removed?
According to McAfee’s 2020 Cloud Adoption and Risk Report, 49% of cloud-based files are eventually shared—whether to a colleague, a client, or the whole world.
You don’t want to hinder productivity with too many restrictions, but excessive access rights indicate a lack of control and can lead to audit findings and compromises.
Ensure accountability with regular external sharing reviews
According to Microsoft MVP Joanne Klein, one of the best ways to approach data security at scale is from the perspective of container governance: security and compliance policies applied at the level of Microsoft teams and Microsoft 365 groups.
She breaks down container governance into the following best practices:
- Empower employees: Enable self-service site creation and lifecycle management so users don’t turn to shadow IT.
- Identify valuable content: Define a data classification scheme and require classification for containers.
- Protect valuable assets: Put policies in place to control access to sensitive data.
- Ensure accountability: Manage group/team ownership and review external sharing and guest access.
ShareGate’s “Group sensitivity” feature enables you to apply custom group sensitivity labels that control each team’s privacy status, external sharing settings, and guest access permissions from the get-go. But even with all of the right security settings configured, it’s important to regularly review external access to ensure sensitive data stays secure on an ongoing basis.
Within the scope of this blog post, we’re going to show you how ShareGate’s automated external sharing reviews engage with owners you trust—ensuring someone is always accountable for keeping sensitive data secure.
Start today with a step-by-step guide: 3 ways to enable secure collaboration with external sharing reviews ( with pictures)
How users share files and folders in Microsoft 365
Depending on your organization’s sharing settings, users have two options if they want to share a file or folder with an external user. They can either:
- Share via anonymous link (Anyone with the link setting)
- Share with authenticated external users (Specific people setting)
The external sharing capabilities in Microsoft 365 make it easier than ever to collaborate with people outside your organization. But sharing content still poses a business risk.
According to the same McAfee report mentioned earlier, nearly one in 10 files shared in the cloud with sensitive data use an anonymous public access link.
To protect your sensitive content on an ongoing basis, you need to regularly review all of your organization’s active sharing links.
Manage external sharing in Microsoft 365 with ShareGate
ShareGate helps you ensure that external users have the appropriate access to content through the External shares feature.
You can manage external sharing:
- Directly in the app
- Through an automated external sharing policy
Manage external sharing directly in-app
ShareGate gives you full visibility into what’s been shared by each of your groups or teams. Even better, as an IT admin you can revoke access to sensitive files yourself in one click—without having to be an owner of the group.
In the ShareGate app, click Groups to view a list of all your groups and teams. Then, filter your groups to see which ones have shared content externally.
And see a complete list of files shared externally by each group or team by clicking on an individual group, then selecting the External shares tab:
From here, you can see which content is being shared by that group, and the external user it’s currently being shared with—and you can revoke access to sensitive files with just one click.
Having better visibility—and the ability to take action yourself if you need to—is a huge step towards improving your data security. But manually reviewing every single external sharing link isn’t just time-consuming; it’s next to impossible for someone in IT.
That’s because the hardest part of a review is actually figuring out if those files should be shared, or in some cases should still be shared. As an IT admin, you’re going to have to ask the people who know best: the owners of each group or team. They know who their team needs to collaborate with on a regular basis, meaning they’re the ones who can validate their group’s external sharing links.
But asking every owner directly is a ton of work—not to mention extremely time-consuming for IT. And by the time you make it through one review, get ready to start the whole process over; to keep data secure on an ongoing basis, you need to repeat this process regularly.
Schedule automatic external sharing reviews in ShareGate
Instead of reaching out to each owner manually, set up ShareGate’s external sharing policy to ask owners for validation automatically. Our automated external sharing reviews save you time and provide you peace of mind.
Here’s how it works: You set a time interval at which you’d like external sharing reviews to take place and schedule a start date.
When the time interval you selected has passed, we contact owners directly by email and ask them to confirm whether the links shared by their team should still be shared.
Owners can delete links to sensitive files through our easy-to-use interface instead of having to go each of their SharePoint team sites to revoke access.
ShareGate automates this complex, multi-step process for you—so you can perform reviews more regularly and keep your data secure on an ongoing basis.
Setting up ShareGate’s external sharing policy
In the ShareGate UI, click on Settings and select the Policies tab in the left-hand navigation. Then, scroll down to the “Security” section and slide the toggle next to Review external sharing.
Then, choose how frequently you want reviews to take place (say, every 30 days), set a start date, and you’re ready to go!
Once your external sharing policy is activated and set up, owners you’ve entrusted will receive an automatic email asking them to review all of their group’s external shares as of the date you set.
Track each review’s progress to ensure everyone stays on top of security
On your end, you can track the progress of each external sharing review once it’s started in the ShareGate app.
After 14 days have passed, or when all of your teams have been reviewed, you’ll receive an email with stats from the review.
You can also see the review’s stats in-app.
And click on See more details for a detailed breakdown of the actions taken (or click on the Activity tab at the top of the screen):
You can also filter all your groups on the Groups page to check which owners haven’t completed their reviews so you can follow up with them if you need to.
And ShareGate logs every action taken during those reviews—so you can easily perform internal audits.
Automatic external sharing review: Use case
Let’s say Emily Brown needs to share a content brief with Evan Fisher, a new freelancer she’s trying out.
Because this is a trial assignment, Emily only wants to share the document with the content brief—she doesn’t want to invite Evan to join the marketing department’s team in Teams just yet. So, she goes to the marketing department’s SharePoint site, selects the file with the content brief, and clicks Share.
Because she’s only sending the file to one person, she selects People you specify can edit from the dropdown menu, enters Evan’s email address, and clicks Send.
On his end, Evan receives an email invitation that contains a link to the shared document:
Because Evan is using a Gmail account, he is asked to enter a verification code to access the content brief (if he had a Microsoft account he would have been prompted to sign in that way).
Once he inputs the verification code, he can access the document Emily sent him.
But, because he’s not using a Microsoft account (or a work or school account in Azure AD), he has to use a code every time he accesses the file—and he isn’t added to Emily’s organization’s Azure AD.
Some time passes, and ultimately Emily decides to hire an in-house writer instead of renewing Evan’s freelance contract. There’s some confidential information about upcoming product releases in the content brief she sent him. But with so many other projects on the go, Emily forgets to manually remove Evan’s access.
Even if her IT admin happened to be running regular Azure AD access reviews, the link shared with Evan wouldn’t show up because his Gmail account was never added to the organization’s directory.
Luckily, Emily’s IT admin (yours truly) scheduled external sharing reviews in ShareGate. And since Emily is the entrusted owner of the marketing department’s Microsoft 365 group, she receives an automatic email notification to review her group’s external sharing links after the scheduled time interval has passed:
In just a few clicks, she can make decisions about which links should still be shared…
…and which ones should be deleted. In this case, she revokes Evan’s access directly through our easy-to-use interface—without having to go to the Marketing SharePoint team site—then clicks Confirm review.
In ShareGate, I can see that Emily completed her external sharing review—and can also see that she deleted the “Content brief – news series” link as part of that review:
With ShareGate’s automated external sharing reviews, you’re sure your data stays secure on an ongoing basis.
ShareGate is easy to setup and even easier to manage—no clunky interface, no coding, and no Azure AD premium subscription required.
If you’re a ShareGate customer, then we have great news! Your subscription now gives you full access to ShareGate at no extra charge! Activate your ShareGate account by signing in here. Make sure to have your ShareGate license key handy—you’ll need it complete your activation.
If you’re ready to get started with external sharing reviews in ShareGate, take a look at our documentation to learn how to set it up!