6.1 Ensure SharePoint external sharing is managed through domain whitelist/blacklists

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version


Control sharing of documents to external domains by either blocking domains or only allowing sharing with specific named domains.


Attackers will often attempt to expose sensitive information to external entities through sharing, and restricting the domains that users can share documents with will reduce that surface area.


Enabling this feature will prevent users from sharing documents with domains outside of the organization unless allowed.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.


To configure document sharing restrictions:

Navigate to SharePoint admin center https://admin.microsoft.com/sharepoint.

Expand Policies then click Sharing.

Expand More external sharing settings and check Limit external sharing by domain.

Select Add domains to add a list of approved domains.

Click Save at the bottom of the page.

To configure document sharing restrictions using PowerShell:

Connect to SharePoint Online using Connect-SPOService.

Run the following PowerShell command:

Set-SPOTenant -SharingDomainRestrictionMode AllowList -SharingAllowedDomainList 'domain1.com domain2.com'

Default Value:

Limit external sharing by domain is not checked

See Also