Hey fellow Microsoft 365 admins! I'm wondering if there's a straightforward way to identify **all files shared externally or publicly** in OneDrive and SharePoint across our tenant? Currently, I find myself sifting through Graph queries and audit logs whenever security asks for these details. I'm also thinking about developing a small internal tool that would:
- Alert us when files become publicly accessible
- Show exact permissions and sharing links
- Keep a timeline of when the exposure started
In short, I need a report detailing "who exposed what and when." How are you all handling this?
6 Answers
I recently made a report tool for this using Claude. It caches results in a little database, and works pretty quick. If you want, I can share the repo link once I clean it up!
There's actually a PowerShell script you can use to scan through files in a specified scope and print out sharing info. It's surprising that Microsoft doesn't have more straightforward options given the size of the platform!
Have you checked out Sharegate? It can generate sharing reports and even schedule them, though it doesn't have alerting features yet. Might work for your needs!
I'd love to know more about how it works!
Netwrix can do the job as well! It's specifically designed for this kind of monitoring and reporting. Might be worth looking into.
You can check out the sharing reports in SharePoint. Microsoft provides a built-in GUI report that shows external sharing activity. Just go to the SharePoint admin center, expand Reports, and look for Data access governance. You can generate reports specifically for 'Anyone links.' It's pretty handy!
Thanks for the tip! I'll check that part of our licensing.
Have you considered tools like Varonis? It's great for tracking external links and provides a lot of visibility into user actions across OneDrive and SharePoint. It can help find files that might have been 'deleted' but were just moved. Definitely worth the investment if your budget allows!
I know about Varonis, but I'm not sure we can afford it right now.
Totally agree, it feels like admins get pushed into using their tools without proper visibility.