Thursday, April 30, 2020

Governance tip on finding overshared content in O365/SharePoint


Unless you have put in place the right governance measures you might at some point experience content showing up in search which shouldn't be there. A common problem are items overshared to the Everyone except external users group. Using search itself, you can easily find these items and put in place the right measures to remedy any oversharing.

When someone creates a sharing link on a document in SharePoint Online today, the sharing information is stored in a searchable managed property in the search index named SharedWithUsersOWSUSER. The same information is stored in the internal SharePoint item field named SharedWithUsers.

By issuing the query below as any user (as it’s explicitly shared with everyone and everyone has access) you can find all documents with an everyone sharing link attached to them.


The same approach can be used with any claim/user/group as documented in the official eDiscovery documentation.

You can also try the below query to find items which are shared:

ViewableByExternalUsers:1 OR ViewableByAnonymousUsers:1

If you get the refiner values from SPSiteURL, you can aggregate all sites which have shared content.

If you want to remedy oversharing to everyone, you can turn off the showing the Everyone claim with SharePoint Online PowerShell:

Set-SPOTenant -ShowEveryoneExceptExternalUsersClaim $false

or with PnP PowerShell:

Set-PnPTenant -ShowEveryoneExceptExternalUsersClaim $false

This merely hides the claim from showing, so you might still want to run scheduled reports to find items which are shared with everyone in case you want to prevent this behavior.

Happy sharing!

Image by Markus Winkler @ Unsplash