3.6 Ensure that SharePoint guest users cannot share items they don't own

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version


SharePoint gives users the ability to share files, folder, and site collections. Internal users can share with external collaborators, who with the right permissions, could share those to another external party.


Sharing and collaboration are key; however, file, folder, or site collection owners should have the authority over what external users get shared with to prevent unauthorized disclosures of information.


Impact associated with this change is highly dependent upon current practices. If users do not regularly share with external parties, then minimal impact is likely. However, if users do regularly share with guests/externally, minimum impacts could occur as those external users will be unable to 're-share' content.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.


To set SharePoint sharing settings:

Navigate to SharePoint admin center https://admin.microsoft.com/sharepoint

Click to expand Policies then select Sharing.

Expand More external sharing settings, uncheck Allow guests to share items they don't own.

Click Save.

Remediate using PowerShell:

Connect to SharePoint Online service using Connect-SPOService.

Run the following SharePoint Online PowerShell command:

Set-SPOTenant -PreventExternalUsersFromResharing $True

See Also