How Better Audit Settings and PowerShell Reporting Catch Risky SharePoint and OneDrive Links Before They Become Disasters

How Better Audit Settings and PowerShell Reporting Catch Risky SharePoint and OneDrive Links Before They Become Disasters

Stop Blind External Sharing in Microsoft 365

You can spend years hardening identities, tweaking conditional access, and locking down SharePoint—and still lose critical data because of one blind external share that nobody saw coming. A single folder link from a busy project owner, a guest invited “just for a week,” or a forwarded OneDrive link to a personal mailbox can quietly punch a hole through all your carefully designed controls. In this episode, you learn how to stop blind external sharing in Microsoft 365 by combining the right audit settings, scripts, and alerts so you finally see what is leaving your tenant before it becomes a disaster.

We start with the most dangerous feeling in security: false confidence. Many admins check the audit box in the compliance portal, skim a few logs, and assume “we’re covered” for SharePoint and OneDrive. Months later, when finance, HR, or legal ask for a full story of who accessed a sensitive folder via guest links, everyone discovers the same painful truth—key sharing events were never logged, anonymous link usage is barely visible, and the retention window quietly ate the evidence. You will hear how default settings, incomplete audit policies, and short retention quietly turn your environment into a place where you only see clean stories, never the near misses.

From there, we dig into how to fix the foundations before you even think about fancy dashboards. You will learn which advanced auditing switches to flip for SharePoint and OneDrive, how to make sure external and anonymous link usage is actually recorded, and why extending retention is not a nice-to-have but a survival requirement for real investigations. We show how, with the right configuration, your logs move from Swiss-cheese gaps to a complete trail of who shared what, when, and with which external identities.

Then we turn to the second half of the problem: noise. Once logging works, the firehose starts—thousands of events, most of them benign internal collaboration. You will hear why generic export scripts are not enough and what a good PowerShell-based reporting and alerting layer needs to do differently: enrich events with sensitivity, flag non-corporate domains, separate partner traffic from true risk, and surface only the handful of shares and domains that warrant human attention.

By the end of this episode, you will have a clear path from “we hope nothing bad is being shared” to “we know exactly which external shares matter today, and we can prove it.” If you are tired of waking up to surprise sharing incidents or realizing too late that your audit trail is useless, this conversation gives you the framework to see and stop risky external sharing before it turns into your next breach headline.

WHAT YOU LEARN
  • Why default SharePoint and OneDrive audit settings miss critical external sharing events.
  • How to enable advanced auditing and longer retention so key sharing and link usage is actually recorded.
  • How to use PowerShell to pull, filter, and enrich audit data instead of drowning in raw logs.
  • How to distinguish normal collaboration from truly risky external and anonymous sharing.
  • How to build alerts and reviews that catch dangerous shares before they become incidents.
CORE INSIGHT

The core insight of this episode is that external sharing risk is not just a policy issue—it is a visibility issue. Once your audit configuration and PowerShell reporting are designed to highlight real external exposure, you stop guessing where your data is going and start catching problems while there is still time to fix them.

WHO THIS IS FOR
  • Microsoft 365 and SharePoint/OneDrive admins responsible for external sharing controls.
  • Security and compliance teams who need reliable evidence of who shared what, when, and with whom.
  • Governance owners designing policies for guest access, anonymous links, and partner collaboration.
  • Architects and automation specialists building reporting and alerting on top of M365 audit logs.
ABOUT THE HOST

This episode is hosted by Mirko Peters, a Microsoft 365 consultant focused on turning vague “we should be secure” intentions into concrete controls and visibility. He helps organizations harden their external sharing story using the right mix of audit configuration, PowerShell, and practical governance so teams can collaborate with partners without flying blind on where critical documents are going.

Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support.

Det här avsnittet är hämtat från ett öppet RSS-flöde och publiceras inte av Podme. Det kan innehålla reklam.

Avsnitt(702)

Beyond Prompt a Page: Building Enterprise-Ready AI Experiences in Power Apps with Sara Lagerquist [MVP]

Beyond Prompt a Page: Building Enterprise-Ready AI Experiences in Power Apps with Sara Lagerquist [MVP]

Artificial Intelligence is changing how organizations build business applications, but moving beyond simple demos requires much more than adding a chatbot or generating code with AI. In this episode o...

9 Juli 45min

ARM Templates Were a Mistake: Lessons from the Bicep Shift

ARM Templates Were a Mistake: Lessons from the Bicep Shift

Infrastructure as Code transformed cloud computing by replacing manual portal clicks with version-controlled, repeatable deployments. But while Azure Resource Manager (ARM) templates represented a maj...

9 Juli 1h 19min

Can Google Sheets Beat Excel: Microsoft MVP David Benaim Settles the Debate

Can Google Sheets Beat Excel: Microsoft MVP David Benaim Settles the Debate

For decades, Microsoft Excel has been the undisputed king of spreadsheets. It powers everything from personal budgets to enterprise reporting, financial modeling, and business intelligence. But Google...

8 Juli 52min

LinkedIn + Dynamics 365: The Architecture of Modern Selling

LinkedIn + Dynamics 365: The Architecture of Modern Selling

Modern B2B sales is undergoing a fundamental transformation. For years, organizations have treated LinkedIn and Dynamics 365 as separate systems. One platform managed relationships and professional ne...

8 Juli 1h 14min

Azure Networking Unlocked: Secure Azure Functions, Virtual Network Manager & Infrastructure as Code with Rex de Koning [MVP-MCT]

Azure Networking Unlocked: Secure Azure Functions, Virtual Network Manager & Infrastructure as Code with Rex de Koning [MVP-MCT]

Cloud adoption has accelerated at an incredible pace, but modern cloud infrastructure is no longer just about deploying virtual machines or Azure services. Networking has become the backbone of every ...

7 Juli 54min

The PowerShell Ceiling: Why You Need Bicep

The PowerShell Ceiling: Why You Need Bicep

Every IT professional eventually reaches a point where automation stops feeling like freedom and starts becoming a burden. What begins as a handful of PowerShell scripts quickly grows into dozens of a...

7 Juli 1h 9min

Beyond the Prompt: Architecting Multi-Agent AI Solutions with Microsoft Copilot & SharePoint with Reshmee Auckloo [MVP]

Beyond the Prompt: Architecting Multi-Agent AI Solutions with Microsoft Copilot & SharePoint with Reshmee Auckloo [MVP]

Artificial Intelligence is rapidly moving beyond simple chatbots and prompt engineering. Today's enterprise AI solutions must reason, collaborate, orchestrate multiple agents, securely access business...

6 Juli 1h

How To Trick Microsoft Graph Into Securing Your Entire Tenant

How To Trick Microsoft Graph Into Securing Your Entire Tenant

Most Microsoft 365 administrators believe their tenant is secure because every dashboard is green, policies are enabled, and alerts appear to be flowing normally. Unfortunately, modern security doesn'...

6 Juli 1h 12min

Populärt inom Politik & nyheter

svenska-fall
tv4-nyheterna-story
aftonbladet-krim
p3-krim
aftonbladet-daily
rss-krimstad
flashback-forever
motiv
de-fyras-gang
spar
rss-sanning-konsekvens
rss-krimreportrarna
rss-flodet
mannen-utan-spar
rss-expressen-dok
rss-aftonbladet-krim
rss-frandfors-horna
olyckan-inifran
rss-vad-fan-hande
krimmagasinet