Detections
Analytics

7.2.11 (L1) Ensure the SharePoint default sharing link permission is set

Information

This setting configures the permission that is selected by default for sharing link from a SharePoint site.

The recommended state is View.

Setting the view permission as the default ensures that users must deliberately select the edit permission when sharing a link. This approach reduces the risk of unintentionally granting edit privileges to a resource that only requires read access, supporting the principle of least privilege.

Solution

To remediate using the UI:

 - Navigate to SharePoint admin center https://admin.microsoft.com/sharepoint
 - Click to expand Policies > Sharing.
 - Scroll to File and folder links.
 - Set Choose the permission that's selected by default for sharing links to View.

To remediate using PowerShell:

 - Connect to SharePoint Online service using Connect-SPOService.
 - Run the following cmdlet:

Set-SPOTenant -DefaultLinkPermission View

Impact:

Not applicable.

See Also

https://workbench.cisecurity.org/benchmarks/24619

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-2

Plugin: microsoft_azure

Control ID: 1413a1742da87dc153f389ddcda65eee29c8c151b58996e7a966bb3b8eba1f0d