top of page
Search

Why SharePoint Needs to Be Secured on Day 1

  • Writer: Kyle Cira
    Kyle Cira
  • Sep 24
  • 2 min read
Data leak
Data leak

SharePoint and OneDrive are powerful tools for collaboration, but they come with risks if left in their default state. Too often, organizations roll out Microsoft 365 and focus on productivity first—leaving security as an afterthought. Unfortunately, this creates a perfect window of opportunity for attackers.


Here’s why securing SharePoint from day one is critical.


Default Sharing Settings Are Too Permissive

By default, both SharePoint and OneDrive are configured with “Anyone” sharing enabled. This is the most permissive setting, allowing users to generate links that grant access to files or entire directories without any authentication.


That means:


  • Anyone with the link can access your data.

  • You have no visibility into who actually opens it.

  • Sensitive files can leave your control instantly.


How Attackers Exploit These Settings

Leaving “Anyone” links in place isn’t just a theoretical risk—it’s actively exploited by attackers:

  • If a link gets stolen during a Business Email Compromise (BEC) or is posted online by a malicious insider, the public can gain unrestricted access to sensitive organizational data.

  • An attacker who compromises a single account can upload a malicious payload to OneDrive or SharePoint and share it via an “Anyone” link, tricking others into downloading and executing it.


What CIS Recommends

The CIS Microsoft 365 Security Benchmark provides clear guidance for mitigating this risk:

  • Set SharePoint external sharing to “New and Existing Guests”

  • Set OneDrive external sharing to “No External Sharing Allowed”

  • Create both Internal and External versions of each SharePoint site to separate sensitive internal data from external collaboration.

  • Use OneDrive primarily for internal short-term collaboration and workstation backup—not as an external sharing tool.


Additionally, CIS recommends enabling automatic expiration for guest access:

  • Configure “Guest access to a site or OneDrive will expire automatically after this many days” to 30 days or fewer.


This ensures access doesn’t linger indefinitely, reducing the risk of forgotten or orphaned links.


Final Thoughts

SharePoint and OneDrive can be incredible enablers of productivity—but only when secured properly from the start. Leaving default “Anyone” sharing enabled exposes your organization to unnecessary risks that attackers can and do exploit.


At Redeemer Cyber, we specialize in aligning Microsoft 365 environments with the CIS Microsoft 365 Security Benchmark. From day-one configurations to ongoing security reviews, we help organizations close gaps before attackers can exploit them.


👉 Book a Microsoft 365 Security Assessment with Redeemer Cyber to protect your sensitive data today

📩 Contact us at www.redeemercyber.com


 
 
 

Comments

Commenting on this post isn't available anymore. Contact the site owner for more info.
bottom of page