Control: 7.2.6 Ensure SharePoint external sharing is managed through domain whitelist/blacklists
Description
Control sharing of documents to external domains by either blocking domains or only allowing sharing with specific named domains.
Attackers will often attempt to expose sensitive information to external entities through sharing, and restricting the domains that users can share documents with will reduce that surface area.
Remediation
To remediate using the UI:
- Navigate to
SharePoint admin centerhttps://admin.microsoft.com/sharepoint. - Expand
Policiesthen clickSharing. - Expand
More external sharing settingsand checkLimit external sharing by domain. - Select
Add domainsto add a list of approved domains. - Click
Saveat the bottom of the page.
To remediate using PowerShell:
- Connect to SharePoint Online using
Connect-SPOService. - Run the following PowerShell command:
Set-SPOTenant -SharingDomainRestrictionMode AllowList -SharingAllowedDomainList "domain1.com domain2.com"
Default Value
Limit external sharing by domain is unchecked
SharingDomainRestrictionMode: None
SharingDomainRestrictionMode: <Undefined>
Usage
Run the control in your terminal:
powerpipe control run microsoft365_compliance.control.cis_v500_7_2_6Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run microsoft365_compliance.control.cis_v500_7_2_6 --shareSQL
This control uses a named query:
select tenant_id as resource, case when jsonb_array_length(sharepoint_settings -> 'sharing_allowed_domain_list') > 0 then 'ok' else 'alarm' end as status, case when jsonb_array_length(sharepoint_settings -> 'sharing_allowed_domain_list') > 0 then title || ' sharepoint external sharing is managed through domain whitelist/blacklists.' else title || ' sharepoint external sharing is not managed through domain whitelist/blacklists.' end as reason , tenant_id as tenant_idfrom microsoft365_organization;