SharePoint & OneDrive management policies

  • Last update on September 26th, 2024

The remediation action for SharePoint & OneDrive policies is NOT available in the Essentials solution.

 

These policies aid in data security and compliance. They help manage inactive sites, control sharing, set link expiration policies, and monitor external file sharing. They underscore the need for regular alerts and reports for informed decision-making.

The list below provides an overview of the SharePoint out-of-the-box policies, what type of remediation action they are set to execute, and which remediation settings you can configure.


Inactive SharePoint sites

Show more

Description

This policy helps you identify SharePoint sites that have been inactive for at least 30 days. 

It provides the site URL, the site's title, the last activity date, and the names of the site owners. Additionally, it shows the primary administrator and whether the site is marked for deletion, along with the site template type.

It's a practical tool for managing and reviewing the usage of SharePoint sites within your organization.

Remediation action

  1. Send attestation to a specified recipient (optional)
  2. Execute the action “Delete SharePoint site”

What you can configure

  • Change the recipient of the attestation to either the site owners, a custom address, or choose not to send the attestation
  • Insert an additional message
  • Set time-out days (min: 1 day – max: 180 days)
  • Enable/disable the email alert if the workflow fails
  • Schedule the recurrence of the remediation action
 
 

SharePoint sites with anonymous sharing

Show more

Description

This policy is designed to identify SharePoint sites that allow anonymous sharing. 

It lists the URL of each site and provides the title, along with the sharing capability setting that permits anonymous access. 

This tool aids administrators in overseeing site-sharing settings to ensure compliance with company policies on data security and privacy.

Remediation action

  1. Send attestation to a specified recipient (optional)
  2. Execute the action "Manage SharePoint external sharing" to disable external and anonymous sharing

What you can configure

  • Change the recipient of the attestation to either the site owners, a custom address, or choose not to send the attestation
  • Insert an additional message
  • Set time-out days (min: 1 day – max: 180 days)
  • Enable/disable the email alert if the workflow fails
  • Schedule the recurrence of the remediation action
 
 

SharePoint sites with anonymous sharing and a certain sensitivity label

Show more

Description

This policy is designed to monitor SharePoint sites that have enabled anonymous sharing and are tagged with a certain sensitivity label. 

It lists files with non-empty sensitivity labels, the site URL, the primary administrator, site owners, the site title, and the sharing capability settings. Additionally, it includes the expiration settings for external users. 

This tool is essential for managing data protection policies and controlling external access to sensitive information.

Remediation action

  1. Send attestation to a specified recipient (optional)
  2. Execute the action "Manage SharePoint external sharing" to disable external and anonymous sharing

What you can configure

  • Change the recipient of the attestation to either the site owners, a custom address, or choose not to send the attestation
  • Insert an additional message
  • Set time-out days (min: 1 day – max: 180 days)
  • Enable/disable the email alert if the workflow fails
  • Schedule the recurrence of the remediation action
 
 

SharePoint sites with anonymous sharing and no expiration policy

Show more

Description

This policy targets SharePoint sites that permit anonymous sharing and do not have a link expiration policy.

It provides the site URL, the primary administrator, the site owners, and the date when the anonymous link was created or shared. It also lists the files involved, confirms that there is no expiration set for the anonymous links, and outlines the sharing capability settings. 

This tool is crucial for managing access control and ensuring that anonymous sharing does not compromise the organization's data security.

Remediation action

  1. Send attestation to a specified recipient (optional)
  2. Execute the action "Set expiration policy for anonymous links" to set a customizable expiration policy

What you can configure

  • Change the recipient of the attestation to either the site owners, a custom address, or choose not to send the attestation
  • Insert an additional message
  • Set time-out days (min: 1 day – max: 180 days)
  • Define the number of days after which the links expire
  • Enable/disable the email alert if the workflow fails
  • Schedule the recurrence of the remediation action
 
 

SharePoint sites with external sharing and no expiration policy

Show more

Description

This policy identifies SharePoint sites that allow external sharing without an expiration policy.

It lists the files shared, the site URL, the primary administrator, the site owners, the site title, and the sharing capability settings. 

It also shows that there is no set expiration for external users, which is important for administrators to review to ensure that sharing practices align with the organization's security policies.

Remediation action 

  1. Send attestation to a specified recipient (optional)
  2. Execute the action "Set expiration policy for external links" to set a customizable expiration policy

What you can configure

  • Change the recipient of the attestation to either the site owners, a custom address, or choose not to send the attestation
  • Define the number of days after which the links expire
  • Enable/disable the email alert if the workflow fails
  • Schedule the recurrence of the remediation action
 
 

SharePoint sites with files shared externally

Show more

Description

This policy tracks OneDrive accounts where files have been shared externally over the last 30 days.

It displays the UPN, the date when the last file was shared, the most recent activity on the account, and the licenses assigned to the user. 

Additionally, it provides insights into the number of active files, synced files, files shared internally, and crucially, files shared outside the organization during that timeframe. 

This tool enables monitoring and governance of external file sharing activities, helping maintain data security and compliance within the organization.

Remediation action

  1. Generate a report containing the list of SharePoint sites that have been shared externally in the last 30 days
  2. Send the report to the designated recipients

What you can configure

  • Define when to send the report
  • Choose the report format (Excel, CSV, PDF)
  • Insert an additional message
  • Choose the report recipient(s)
  • Schedule the recurrence of the remediation action
 
 

SharePoint external invitations alert

Show more

Description

This event-based policy is set up to alert administrators about external invitations sent from SharePoint. 

It filters events by the SharePoint workload and specific operations related to invitations. The playbook also tracks the creation time of the invitation, the user ID of the person who sent it, and the object ID involved. 

This tool is crucial for monitoring and securing external access to SharePoint resources.

Remediation action

Send a notification to a custom email whenever a new event related to external invitations and access requests is recorded 

What you can configure

  • Choose the alert recipient(s)
 
 

OneDrive accounts with files shared externally

Show more

Description

This policy is tailored to track OneDrive accounts with files that have been shared with external parties. 

It displays the UPN, the date when the file was shared, the last activity date on the account, and the licenses associated with the user. It also shows the number of active files, files synced, and files shared both internally and externally over the last 30 days. 

This tool is crucial for overseeing external file sharing and maintaining data security.

Remediation action

  1. Generate a report containing the list of OneDrive accounts that have been sharing files externally in the last 30 days
  2. Send the report to the designated recipients

What you can configure

  • Define when to send the report
  • Choose the report format (Excel, CSV, PDF)
  • Insert an additional message
  • Choose the report recipient(s)
  • Schedule the recurrence of the remediation action