Guest links are a bit more secure now

​Being able to share data in today’s world is vital and being able to share it securely even more so. Office 365 and SharePoint Online in particular have offered this functionality for years now, both with internal users, external users and guests. If you don’t know the difference between those types of users/sharing, read here.

Recently, Microsoft made a small but important improvement to the service: you can configure the tenant settings so that only the owner of the address to which the sharing invitation was sent to can accept it. Before you say “duuuh”, this was previously not the case, and the article above warns you about the possible implications:

Only one person may log in to access your site or document using an invitation you send. However, the person who gets your invitation may decide to not use it, and instead forward the invitation to someone else who can then log in using their Microsoft account or work account to access the site or document.

Now, with the use of a simple PowerShell cmdlet, we can ensure that only the owner will have access:

Set-SPOTenant -RequireAcceptingAccountMatchInvitedAccount $true

The cmdlet of course requires the SPO PowerShell module, so make sure you have it installed. And to check whether this option is configured, you can use:

Get-SPOTenant | fl RequireAcceptingAccountMatchInvitedAccount

Few things to note: the setting is OFF by default; it will NOT affect sharing invitations that are already sent; the invitation must be sent to an OrgID or MicrosoftID account.

This entry was posted in Office 365, OneDrive for Business, PowerShell, SharePoint Online. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *