🎉 Our Office 365 Reporting Tool is now available in Azure Marketplace 🚀
This website uses cookies to improve your experience. We'll assume you're ok with this. Know more.
SharePoint Online

How to Audit Files Accessed by External Users in SharePoint Online

Are you concerned about external users accessing your SharePoint Online files without proper oversight? Unmonitored access to your SharePoint Online files can lead to significant risks, including data breaches and compliance issues. So, take control today! Learn how to audit external user file access in SharePoint Online and effectively maintain your data security.

Option 1
Option 2
Option 3
Important Tips
Errors and Resolution Steps
FAQs

Using PowerShell Script

Microsoft 365 Permission Required
Global Admin, Compliance Admin, Audit Manager, Global Reader, or Audit Reader.
  • The "Search-UnifiedAuditLog" cmdlet helps you find all the file access activities in your organization. However, it can be tricky and time-consuming to find activities, specifically by external users, because you need to use many filters.
  • To simplify this process, we've developed a PowerShell script that effortlessly exports file access activities by external users in SharePoint Online.
  • Download and run the script below in the Administrator PowerShell.
Using PowerShell Script
ExternalUserFileAccessReport.ps1

Using Microsoft Purview Compliance Portal

Microsoft 365 Permission Required
Global Admin, Compliance Admin, Audit Manager, Global Reader, or Audit Reader.
  • Login to the Audit page in the Microsoft Purview Compliance Portal.
  • Click on Activities-friendly names drop-down and select Accessed file activity.
  • If required, customize the date and time range.
  • You can specify the external user by entering the name in the Users field.
  • Click on Search. Once the search is completed, you can export the SharePoint file access activities for the specified external user.
Using Microsoft Purview Compliance Portal
Note: In Purview portal, it is not possible to directly export file access activities exclusively for all the external users. Instead, you must export the file access activity for all users and then filter out the activities of external users.
AdminDroid SharePoint Online Auditing Tool

Stay informed about unauthorized file access by external users in SharePoint Online.

AdminDroid's SharePoint Online reporting and auditing tool offers a comprehensive solution for Microsoft 365 admins. It provides extensive information and a variety of reports specifically tailored to auditing external user file access in SharePoint Online.

Export External Users Report Effortlessly

Easily export the list of external users in SharePoint Online for effective monitoring and remove them when they don’t need access to your SharePoint sites or their contents.

Audit SharePoint Site Invitations to External Users

Review site invitations sent to external users in SharePoint Online. Ensure only authorized users access the resources and reduce the risks of data breaches.

Real-Time Alerts for Access Policy Changes

Set up real-time alerts with AdminDroid for auditing changes in file access policies. Receive instant notifications to manage external user access to sensitive data.

Analyze External File Sharing Summary

Access AdminDroid's daily external file sharing summary report to monitor and manage SharePoint sharing activities effectively.

Effective Monitoring of External User Activities in SharePoint Online Pages

Track external user SharePoint activities like viewing, moving, deleting, and restoring. Admins can detect suspicious activities and safeguard sensitive data.

Monitor File Deletion Activities Effectively

AdminDroid’s All File Deletions in SharePoint and OneDrive report enables admins to audit all file deletion activities, including those by external users, ensuring that no important files are inadvertently deleted.

By leveraging AdminDroid’s advanced functionalities, you can efficiently audit external user file access in SharePoint Online, ensuring robust data security and compliance.

Explore a full range of reporting options
Download Live Demo

Important Tips

Keep an eye on external user activities to avoid potential security issues within your Microsoft 365 environment.

Monitor anonymous link creations in SharePoint to prevent unauthorized access to your organization contents.

Set expiration dates for links when sharing files with external users to ensure access is automatically revoked after a designated timeframe.

Common Errors and Resolution Steps

The following are the possible errors and troubleshooting hints while dealing with external user file access in SharePoint.

Error ./ExternalUserFileAccessReport.ps1 cannot be loaded because running scripts is disabled on this system.

This error occurs because the current PowerShell script execution policy is set to restricted by default, preventing script execution.

Fix To resolve this error, run the below cmdlet to set the execution policy as Unrestricted and run the script. 
Set-ExecutionPolicy –ExecutionPolicy Unrestricted

Error The term "Connect-ExchangeOnline" is not recognized as the name of a cmdlet, function, script file, or operable program.

This error occurs when attempting to run the PowerShell cmdlet without the Exchange Online module installed.

Fix Run the below cmdlet for installing Exchange Online module. 
Install-Module –Name ExchangeOnlineManagement

Error The term "Search-UnifiedAuditLog" is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

This error occurs when you try to run the PowerShell cmdlet without connecting to Exchange online.

Fix First connect to Exchange Online before running the "Search-UnifiedAuditLog" command. 
Connect-ExchangeOnline

Error Cannot process argument transformation on parameter "EndDate". Cannot convert value "15/05/2024" to type "Microsoft.Exchange.ExchangeSystem.ExDateTime".

This error occurs when the start and end dates are not correctly specified while performing an audit log search in PowerShell.

Fix Specify the start and end dates using the format that matches your PowerShell settings, like "MM/DD/YYYY". 
Search-UnifiedAuditLog -StartDate MM/DD/YYYY -EndDate MM/DD/YYYY

Error Authorization_RequestDenied.

This error occurs when a user attempts to run the PowerShell cmdlet or script without the required permissions to retrieve audit logs.

Fix Ensure that the user has the necessary permissions, such as global admin or Compliance admin permissions, to execute the PowerShell script successfully.
SharePoint Online

Frequently Asked Questions

Monitor External User File Access to Prevent Data Leaks in SharePoint Online

What are the best practices for managing external user access in SharePoint Online?

What are the best practices for managing external user access in SharePoint Online? +

Managing external users' access in SharePoint Online is crucial for maintaining data security and compliance. Here are some SharePoint permission best practices to follow:

  • Limit External Sharing: Carefully evaluate whether an external user needs access to specific files or folders, and only allow sharing in those cases. Limiting external sharing in this way minimizes the risk of unauthorized access.
  • Use Secure Links: Always use secure links that require authentication and avoid using anonymous access links to reduce the risk of data breaches. Regularly audit anonymous link accesses to ensure your shared content's security.
  • Set Expiration Dates for Shared Links: When sharing files with external users, set expiration dates for the links. This ensures that access is temporarily given and revoked automatically, helping to improve access management. Regularly review external sharing reports and maintain control over shared files.
  • Regularly Review and Update Permissions: Periodically review access permissions to confirm that external users still need access to the shared files. Adjust or revoke permissions as needed and implement security best practices to keep your SharePoint environment secure.
  • Manage Permissions Carefully: Be mindful of the permissions you grant to external users. Avoid giving them high-level permissions like file deletion or editing unless absolutely necessary. Grant only the permissions required for their tasks to minimize risks and maintain control over your SharePoint environment.
  • Monitor External User Activities: Auditing external user activities helps in identifying any unusual or suspicious actions promptly, ensuring file security and proper access management.

Real-Time External User Activity Dashboard

AdminDroid's dedicated dashboard offers detailed insights into external user activities in Microsoft 365 through visually appealing charts. This enables you to quickly identify unusual behavior and ensure your data remains secure.

external-user-activities-dashboard

How to revoke file access given to external users in SharePoint Online?

How to revoke file access given to external users in SharePoint Online? +

Ensuring the security of your SharePoint Online files is crucial, especially when sharing with external users. Over time, you may need to revoke access to maintain control and manage access effectively. SharePoint admins and site owners are responsible for revoking external user access when an external collaborator has finished their work, ensuring the SharePoint environment remains secure and well-managed.

Follow the given steps to revoke external user's access to SharePoint files.

  • Navigate to SharePoint site»Documents and locate the file for which you want to revoke access.
  • Right click on the file and select Manage access.

managing-file-access

  • Select the Links tab to view all links created for this file.
  • Here you can revoke access to external users by removing their name.

revoking-external-users-access

Managing access in SharePoint is crucial, but monitoring exactly which files are shared with whom can be difficult.

  • Fortunately, AdminDroid's exclusive report provides a streamlined overview of externally shared SharePoint files and folders, making it easy to decide which file access should be removed.
  • With this report, admins can effortlessly monitor various details, such as file name, external user name, user who shared the file, site URL, etc.
file-shared-to-external-user-admindroid

How to recover files deleted by external users in SharePoint sites?

How to recover files deleted by external users in SharePoint sites? +

There are several scenarios where you might need to recover files deleted by external users in SharePoint sites, such as accidental deletions during collaboration or intentional removals after a project is completed. Properly recovering these files is crucial to ensure data integrity, maintain project continuity, and protect valuable information from being permanently lost.

Follow the given steps to recover files deleted by external users in SharePoint sites:

  • Navigate to the SharePoint site from where the file is deleted.
  • Click on the Settings icon and choose Site Contents.
  • Click on the Recycle Bin in the top banner of the Site Contents page.
  • Select the items you want and click Restore.
sharepoint-site-recycle-bin
restore-deleted-sharepoint-file

How to automate external user file access auditing with PowerShell?

How to automate external user file access auditing with PowerShell? +

Automating the external user file access audit in SharePoint Online is both feasible and highly beneficial for maintaining security throughout the organization.

ExternalUserFileAccessReport.ps1

You can schedule this script to run at regular intervals using PowerShell. It involves the following steps:

  • 1. Define time for scheduler: 
    Time=New-ScheduledTaskTrigger -At hh:mmAM/PM -Daily
    Run this cmdlet to create a scheduled task that triggers at your desired time (hh:mmAM/PM) daily.
  • 2. Set Actions to be executed: 
    Action=New-ScheduledTaskAction -Execute PowerShell.exe -WorkingDirectory D:\ -Argument “D:\ExternalUserFileAccessReport.ps1 -AdminName <usermailid> -Password <password>
    This command opens a PowerShell window, changes the directory to D:\, and then runs the ExternalUserFileAccessReport.ps1 script from the specified path.

    Warning: Including passwords directly in scripts poses a significant security risk. It's strongly advised to avoid this practice and instead use more secure methods such as certificate-based authentication.

  • 3. Save scheduler: 
    Register-ScheduledTask -TaskName "External User File Access Report" -Trigger $Time -Action $Action -RunLevel Highest
    This cmdlet saves a scheduled task named "External User File Access Report" in the root folder.
  • The script is now scheduled to run at the specified time at regular intervals.
  • The "external user file access" report will be generated after each schedule and will be stored in the specified working directory in CSV format, making it easy to open and analyse using Microsoft Excel.

Automate external user file access reviews with AdminDroid just like a PRO!

  • Scheduling automated reports for external user file access activities ensures consistent and thorough monitoring. With AdminDroid, you can schedule these reports to get up-to-date insights on file access by external users, reducing manual efforts.
  • This automation not only saves time but also enhances your ability to quickly identify and address unauthorized access, ensuring a secure and well-managed SharePoint Online environment.
admindroid-scheduling
+

Kickstart Your Journey With
AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities

Download Now
Browse All Guides
User Help Manuals Compliance Docs
All Guides 99+
SharePoint Online
How to Audit Files Accessed by External Users in SharePoint Online
SharePoint Online Guides
x
Delivering Reports on Time
Delivering Reports on Time
Want a desired Microsoft 365 reports every Monday morning? Ensure automated report distribution and timely delivery with AdminDroid's Scheduling to your email anytime you need.
Delivering Reports on Time
Schedule tailored reports to execute automatically at the time you set and deliver straight to the emails you choose. In addition, you can customize report columns and add inteligent filtering to the activities just from the previous day to suit your Microsoft 365 report requirements.
Set It, Schedule It, See Results- Your Reports, Your Way, On Your Time!
Time Saving
Automation
Customization
Intelligent Filtering
Give Just the Right Access to the Right People
Give Just the Right Access to the Right People
Grant fine-tuned access to any Microsoft 365 user with AdminDroid’s Granular Delegation and meet your organization’s security and compliance requirements.
Give Just the Right Access to the Right People
Create custom roles loaded with just the right permissions and give access to admins or normal users within AdminDroid. The result? A streamlined Microsoft 365 management experience that aligns your organization's security protocols and saves your invaluable time and effort.
Align, Define, Simplify: AdminDroid's Granular Delegation
Smart Organizational Control
Effortless M365 Management
Simplified Access
Advanced Alerts at a Glance
Advanced Alerts at a Glance
Receive quick notifications for malicious Microsoft 365 activities. Engage with the AdminDroid’s real-time alert policies crafted to streamline your security investigations.
Advanced Alerts at a Glance
Stay informed of critical activities like suspicious emails and high-risk logins, bulk file sharing, etc. Through creating and validating ideal alert policies, AdminDroid provides a comprehensive approach to real-time monitoring and management of potential threats within your organization.
AdminDroid Keeps You Always Vigilant, Never Vulnerable!
Proactive Protection
Real-time Monitoring
Security Intelligence
Threat Detection
Merge the Required Data to One Place
Merge the Required Data to One Place
Combine multiple required columns into one comprehensive report and prioritize the information that matters most to you with AdminDroid’s Advanced Column Customization.
Merge the Required Data to One Place
This column merging capability offers a flexible way to add different columns from various reports and collate all the essential data in one place. Want to revisit the customized report? Save it as a 'View’, and your unique report is ready whenever you need it.
Merge with Ease and Save as Views!
Custom Reporting
Unique View
Desired Columns
Easy Data Interpretation
Insightful Charts and Exclusive Dashboards
Insightful Charts and Exclusive Dashboards
Get a quick and easy overview of your tenant's activity, identify potential problems, and take action to protect your data with AdminDroid’s Charts and Dashboards.
Insightful Charts and Exclusive Dashboards
With AdminDroid charts and dashboards, visualize your Microsoft 365 tenant in ways you've never thought possible. It's not just about viewing; it's about understanding, controlling, and transforming your Microsoft 365 environment.
Explore Your Microsoft 365 Tenant in a Whole New Way!
Executive overviews
Interactive insights
Decision-making
Data Visualization
Efficient Report Exporting for Microsoft 365
Efficient Report Exporting for Microsoft 365
Downloading your reports in the right file format shouldn’t be a hassle with AdminDroid’s Report Export. Experience seamless report exporting in various formats that cater to your needs.
Efficient Report Exporting for Microsoft 365
Navigate through diverse options and export Microsoft 365 reports flawlessly in your desired file format. Tailor your reports precisely as you need them and save them directly to your computer.
Take Control, Customize and Deliver- Your Office 365 Data, Exported in Your Way!
Easy Export
Seamless Downloading
Data Control
Manage Microsoft 365

Get AdminDroid Office 365 Reporter Now!

Free Download Live Demo