CLOUD SERVICES
      Back to home
      1. Safetica
      2. MANAGEMENT: Manage your environment
      3. CLOUD SERVICES

      SharePoint protection: How to protect file sharing

      SharePoint protection helps you protect Microsoft 365 files by either automated or manual sharing control.

      In this article, you will learn more about:

       

      Introduction

      To protect file sharing, you must first activate SharePoint protection. Learn more about it here.

       Learn how policies and data classification work in Safetica Cloud Protection here.

       

      How M365 file sharing protection works

      Safetica enables you to control the sharing of sensitive files within Microsoft 365 by creating policies for M365 file sharing. Here's how it works:

      • Blocking policies
        • File sharing is automatically canceled if it violates a blocking policy.
        • If an end user shares a file that violates a policy that blocks file sharing, the sharing will be automatically canceled, and the user will receive an email notification about this cancellation.

      Processing of the blocking operation may take some time. For this reason, the file sharing will not be canceled immediately but in up to 5 minutes.

      • Non-blocking policies
        • File sharing can be canceled manually if it violates a non-blocking policy.
        • If an end user shares a file that violates a policy that logs or notifies file sharing, the sharing will only be logged.
        • The sharing will not be canceled, and no email notification will be sent to the end user.
        • Admins will have the option to manually cancel specific file-sharing operations in the Safetica console. The Cancel this sharing button can be found in the respective operation detail.

      There is also always a link to the file in the operation detail, so that admins can review it.

      Example 1: Sharing violates a blocking policy

      The admin decides that @safetica.com is a safe domain and adds it into the Safe destinations column in Data destinations. Then the admin creates a policy that blocks Email and M365 file sharing to All except safe destinations:An end user then shares a company file using an anonymous link (the Anyone option). What will happen with the file?

      The anonymous link can be used by anyone – even people outside the safe @safetica.com domain. Therefore, the blocking policy is violated, and the sharing will be canceled. The end user will receive an email notification about this.

       

       

      Example 2: Sharing to specific addresses violates a non-blocking policy

      The admin has a logging policy for M365 file sharing. An end user shares a file to 2 people. One of them has an @safetica.com email address and the other an @seznam.cz address. How can the admin cancel the sharing to the @seznam.cz address?

      The admin will see 2 records in Safetica console related to the sharing operation – one for each person. The admin can then manually cancel the sharing to @seznam.cz by opening the operation detail and clicking the Cancel this sharing button. The sharing to @safetica.com will be unaffected by the cancellation and will keep working.

       

       

      Example 3: Sharing to anonymous link violates a non-blocking policy

      The admin has a logging policy for M365 file sharing. An end user shares a file via anonymous link. What will happen when the admin cancels such sharing?

      The admin will see a record in Safetica console with the destination type Anyone with the link. When the admin decides to manually cancel the sharing, they open the operation detail and click the Cancel this sharing button. The anonymous link will be canceled for all users.

       

       

      What the admin sees in records

      Admins can view M365 file sharing operations by using the Operation > M365 external sharing and Operation > M365 internal sharing filters in the Data section of Safetica console.

       

      Example: The screenshot below displays an M365 external sharing operation that was blocked based on the Block sensitive data policy. The sharing was done via an anonymous link (Destination is Anyone with the link).

       

      How to View actions performed by external users

      In the user tree under Cloud users > External users team, the External user entity represents anonymous and guest users that are not part of your M365 tenant.

      All file operations, such as file sharingdownloads, or uploads performed by these users are recorded under it (e.g., downloading a file shared via an anonymous link will be recorded under the External user entity). 

      You can learn more about users and teams synced from your Microsoft 365 tenant here.

       

      Read next

      SharePoint protection: How to unsubscribe from emails about canceled file sharing

      SharePoint protection: How to activate and deactivate it

      Outlook protection: How to activate and deactivate it

      Outlook protection: Block (with override) in Outlook

      Exchange protection: How to activate and deactivate it

      How to add your Microsoft 365 tenant