This how-to will show you how to check if your SharePoint sites or objects have been shared externally using CoreView. By following this procedure, you can identify external sharing activity and take action if needed.
- Navigate to “Audit” in the side panel menu, select “SharePoint” and then “Sharing operations”.

- To check if your SharePoint sites or objects have been shared externally, apply a filter to the “Target user or group type” column. Simply type “Guest” into the filter.
See the key terms of the report
- Target User or group name: this allows you to see with whom the file was shared.
- Target User or group type: this identifies the type of the target user or group, which could be a Member, Guest, SharePointGroup, SecurityGroup, or Partner.
- Object Id: this column pinpoints the resource that the target user was granted access to.
- Additionally, you can refine your search by setting a specific timeframe. Simply select the desired number of days from the dropdown menu located in the top right corner.

For more information on SharePoint audit activities, see the article “Use sharing auditing in the audit log” in the Microsoft documentation.
Please be aware that Microsoft promises to retain your audit logs for either 30 or 90 days, depending on your license. However, CoreView extends this period by keeping your audit logs for a full year (12 months).