v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/microsoft365_compliance
Overview
4Dashboards
80Controls
21Queries
2Variables
GitHub

Control: 2.3 Ensure 'External sharing' of calendars is not available

Description

External calendar sharing allows an administrator to enable the ability for users to share calendars with anyone outside of the organization. Outside users will be sent a URL that can be used to view the calendar.

Attackers often spend time learning about organizations before launching an attack. Publicly available calendars can help attackers understand organizational relationships and determine when specific users may be more vulnerable to an attack, such as when they are traveling.

Remediation

To disable calendar details sharing with external users:

  1. Navigate to Microsoft 365 admin center https://admin.microsoft.com.
  2. Click to expand Settings select Org settings.
  3. In the Services section click Calendar.
  4. Uncheck Let your users share their calendars with people outside of your organization who have Office 365 or Exchange.
  5. Click Save.

To disable calendar details sharing with external users policy, use the Exchange Online PowerShell Module:

  1. Connect to Exchange Online using Connect-ExchangeOnline.
  2. Run the following Exchange Online PowerShell command:
Set-SharingPolicy -Identity "Name of the policy" -Enabled $False

Default Value: On.

Usage

Run the control in your terminal:

powerpipe control run microsoft365_compliance.control.cis_v200_2_3

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run microsoft365_compliance.control.cis_v200_2_3 --share

SQL

This control uses a named query:

microsoft365_calendar_sharing_disabled

Tags

category = Compliance
cis = true
cis_item_id = 2.3
cis_level = 2
cis_section_id = 2
cis_type = automated
cis_version = v2.0.0
microsoft_365_license = E3
plugin = microsoft365
service = Azure/ActiveDirectory