Audit External User File Access in SharePoint Online

Native Solution

Microsoft 365 Permission Required

High

Global Admin, Compliance Admin, Audit Manager, Global Reader, or Audit Reader.

Option 1 Using PowerShell Script

The "Search-UnifiedAuditLog" cmdlet helps you find all the file access activities in your organization. However, it can be tricky and time-consuming to find activities, specifically by external users, because you need to use many filters.
To simplify this process, we've developed a PowerShell script that effortlessly exports file access activities by external users in SharePoint Online.
Download and run the script below in the Administrator PowerShell.

ExternalUserFileAccessReport.ps1

Option 2 Using Microsoft Purview Compliance Portal

Login to the Audit page in the Microsoft Purview Compliance Portal.
Click on Activities-friendly names drop-down and select Accessed file activity.
If required, customize the date and time range.
You can specify the external user by entering the name in the Users field.
Click on Search. Once the search is completed, you can export the SharePoint file access activities for the specified external user.

In Purview portal, it is not possible to directly export file access activities exclusively for all the external users. Instead, you must export the file access activity for all users and then filter out the activities of external users.

AdminDroid Solution

More than 150 reports are under the free edition.

AdminDroid Permission Required

Delegated

Any user with report access delegated by the Super Admin.

StepsUsing AdminDroid

Open AdminDroid Office 365 reporter.
Navigate to the File/Folder Accesses by External Users report under Audit»General»Sharing and Access.

Apart from access events, this report provides detailed insights into related activities such as file/folder creation, modification, deletion and more. With these comprehensive details, you can easily monitor and understand all actions taken by external users on your SharePoint files/folders.

AdminDroid's built-in graphs reveal the top file/folder accessed by external users. This helps you easily identify which files need the most attention to ensure that sensitive data is accessed only by authorized users.

Explore a full range of reporting options

Monitor External User Activities in SharePoint Files!

Ensure your sensitive data remains secure. Gain crucial insights into external user file access in SharePoint Online and strengthen your data protection with AdminDroid effectively!

Witness the report in action using the

Live Demo

Important Tips

Keep an eye on external user activities to avoid potential security issues within your Microsoft 365 environment.

Monitor anonymous link creations in SharePoint to prevent unauthorized access to your organization contents.

Set expiration dates for links when sharing files with external users to ensure access is automatically revoked after a designated timeframe.

SharePoint OnlineMonitor External User File Access to Prevent Data Leaks in SharePoint Online

Showing 1 of 4

What are the best practices for managing external user access in SharePoint Online? How to revoke file access given to external users in SharePoint Online? How to recover files deleted by external users in SharePoint sites? How to automate external user file access auditing with PowerShell?

What are the best practices for managing external user access in SharePoint Online?

Managing external users' access in SharePoint Online is crucial for maintaining data security and compliance. Here are some SharePoint permission best practices to follow:

Limit External Sharing: Carefully evaluate whether an external user needs access to specific files or folders, and only allow sharing in those cases. Limiting external sharing in this way minimizes the risk of unauthorized access.
Use Secure Links: Always use secure links that require authentication and avoid using anonymous access links to reduce the risk of data breaches. Regularly audit anonymous link accesses to ensure your shared content's security.
Set Expiration Dates for Shared Links: When sharing files with external users, set expiration dates for the links. This ensures that access is temporarily given and revoked automatically, helping to improve access management. Regularly review external sharing reports and maintain control over shared files.
Regularly Review and Update Permissions: Periodically review access permissions to confirm that external users still need access to the shared files. Adjust or revoke permissions as needed and implement security best practices to keep your SharePoint environment secure.
Manage Permissions Carefully: Be mindful of the permissions you grant to external users. Avoid giving them high-level permissions like file deletion or editing unless absolutely necessary. Grant only the permissions required for their tasks to minimize risks and maintain control over your SharePoint environment.
Monitor External User Activities: Auditing external user activities helps in identifying any unusual or suspicious actions promptly, ensuring file security and proper access management.

Real-Time External User Activity Dashboard

AdminDroid's dedicated dashboard offers detailed insights into external user activities in Microsoft 365 through visually appealing charts. This enables you to quickly identify unusual behavior and ensure your data remains secure.

How to revoke file access given to external users in SharePoint Online?

Ensuring the security of your SharePoint Online files is crucial, especially when sharing with external users. Over time, you may need to revoke access to maintain control and manage access effectively. SharePoint admins and site owners are responsible for revoking external user access when an external collaborator has finished their work, ensuring the SharePoint environment remains secure and well-managed.

Follow the given steps to revoke external user's access to SharePoint files.

Navigate to SharePoint site»Documents and locate the file for which you want to revoke access.
Right click on the file and select Manage access.

Select the Links tab to view all links created for this file.
Here you can revoke access to external users by removing their name.

Managing access in SharePoint is crucial, but monitoring exactly which files are shared with whom can be difficult.

Fortunately, AdminDroid's exclusive report provides a streamlined overview of externally shared SharePoint files and folders, making it easy to decide which file access should be removed.
With this report, admins can effortlessly monitor various details, such as file name, external user name, user who shared the file, site URL, etc.

How to recover files deleted by external users in SharePoint sites?

There are several scenarios where you might need to recover files deleted by external users in SharePoint sites, such as accidental deletions during collaboration or intentional removals after a project is completed. Properly recovering these files is crucial to ensure data integrity, maintain project continuity, and protect valuable information from being permanently lost.

Follow the given steps to recover files deleted by external users in SharePoint sites:

Navigate to the SharePoint site from where the file is deleted.
Click on the Settings icon and choose Site Contents.
Click on the Recycle Bin in the top banner of the Site Contents page.
Select the items you want and click Restore.

How to automate external user file access auditing with PowerShell?

Automating the external user file access audit in SharePoint Online is both feasible and highly beneficial for maintaining security throughout the organization.

ExternalUserFileAccessReport.ps1

You can schedule this script to run at regular intervals using PowerShell. It involves the following steps:

1. Define time for scheduler:
```
Time=New-ScheduledTaskTrigger -At hh:mmAM/PM -Daily
```
Run this cmdlet to create a scheduled task that triggers at your desired time (hh:mmAM/PM) daily.
2. Set Actions to be executed:
```
Action=New-ScheduledTaskAction -Execute PowerShell.exe -WorkingDirectory D:\ -Argument “D:\ExternalUserFileAccessReport.ps1 -AdminName <usermailid> -Password <password>
```
This command opens a PowerShell window, changes the directory to D:\, and then runs the ExternalUserFileAccessReport.ps1 script from the specified path.
Warning: Including passwords directly in scripts poses a significant security risk. It's strongly advised to avoid this practice and instead use more secure methods such as certificate-based authentication.

3. Save scheduler:

Register-ScheduledTask -TaskName "External User File Access Report" -Trigger $Time -Action $Action -RunLevel Highest

This cmdlet saves a scheduled task named "External User File Access Report" in the root folder.

The script is now scheduled to run at the specified time at regular intervals.
The "external user file access" report will be generated after each schedule and will be stored in the specified working directory in CSV format, making it easy to open and analyse using Microsoft Excel.

Automate external user file access reviews with AdminDroid just like a PRO!

Scheduling automated reports for external user file access activities ensures consistent and thorough monitoring. With AdminDroid, you can schedule these reports to get up-to-date insights on file access by external users, reducing manual efforts.
This automation not only saves time but also enhances your ability to quickly identify and address unauthorized access, ensuring a secure and well-managed SharePoint Online environment.

AdminDroid SharePoint Online Auditing ToolStay informed about unauthorized file access by external users in SharePoint Online.

AdminDroid's SharePoint Online reporting and auditing tool offers a comprehensive solution for Microsoft 365 admins. It provides extensive information and a variety of reports specifically tailored to auditing external user file access in SharePoint Online.

A Quick Summary

Export External Users Report Effortlessly

Easily export the list of external users in SharePoint Online for effective monitoring and remove them when they don’t need access to your SharePoint sites or their contents.

Audit SharePoint Site Invitations to External Users

Review site invitations sent to external users in SharePoint Online. Ensure only authorized users access the resources and reduce the risks of data breaches.

Real-Time Alerts for Access Policy Changes

Set up real-time alerts with AdminDroid for auditing changes in file access policies. Receive instant notifications to manage external user access to sensitive data.

Analyze External File Sharing Summary

Access AdminDroid's daily external file sharing summary report to monitor and manage SharePoint sharing activities effectively.

Effective Monitoring of External User Activities in SharePoint Online Pages

Track external user SharePoint activities like viewing, moving, deleting, and restoring. Admins can detect suspicious activities and safeguard sensitive data.

Monitor File Deletion Activities Effectively

AdminDroid’s All File Deletions in SharePoint and OneDrive report enables admins to audit all file deletion activities, including those by external users, ensuring that no important files are inadvertently deleted.

By leveraging AdminDroid’s advanced functionalities, you can efficiently audit external user file access in SharePoint Online, ensuring robust data security and compliance.

Kickstart Your Journey with AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities!

Download

Common Errors and Resolution Steps related to external user file access in SharePoint online.

The following are the possible errors and troubleshooting hints while dealing with external user file access in SharePoint.

Error: ./ExternalUserFileAccessReport.ps1 cannot be loaded because running scripts is disabled on this system.

This error occurs because the current PowerShell script execution policy is set to restricted by default, preventing script execution.

Troubleshooting hint :To resolve this error, run the below cmdlet to set the execution policy as Unrestricted and run the script.

Set-ExecutionPolicy –ExecutionPolicy Unrestricted

Error: The term "Connect-ExchangeOnline" is not recognized as the name of a cmdlet, function, script file, or operable program.

This error occurs when attempting to run the PowerShell cmdlet without the Exchange Online module installed.

Troubleshooting hint :Run the below cmdlet for installing Exchange Online module.

Install-Module –Name ExchangeOnlineManagement

Error: The term "Search-UnifiedAuditLog" is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

This error occurs when you try to run the PowerShell cmdlet without connecting to Exchange online.

Troubleshooting hint :First connect to Exchange Online before running the "Search-UnifiedAuditLog" command.

Connect-ExchangeOnline

Error: Cannot process argument transformation on parameter "EndDate". Cannot convert value "15/05/2024" to type "Microsoft.Exchange.ExchangeSystem.ExDateTime".

This error occurs when the start and end dates are not correctly specified while performing an audit log search in PowerShell.

Troubleshooting hint :Specify the start and end dates using the format that matches your PowerShell settings, like "MM/DD/YYYY".

Search-UnifiedAuditLog -StartDate MM/DD/YYYY -EndDate MM/DD/YYYY

Error: Authorization_RequestDenied.

This error occurs when a user attempts to run the PowerShell cmdlet or script without the required permissions to retrieve audit logs.

Troubleshooting hint :Ensure that the user has the necessary permissions, such as global admin or Compliance admin permissions, to execute the PowerShell script successfully.

Delivering Reports on Time

Want a desired Microsoft 365 reports every Monday morning? Ensure automated report distribution and timely delivery with AdminDroid’s Scheduling to your email anytime you need.

Schedule tailored reports to execute automatically at the time you set and deliver straight to the emails you choose. In addition, you can customize report columns and add intelligent filtering to the activities just from the previous day to suit your Microsoft 365 report requirements.

Set It, Schedule It, See Results - Your Reports, Your Way, On Your Time!

Time Saving Automation Customization Intelligent Filtering

Give Just the Right Access to the Right People

Grant fine-tuned access to any Microsoft 365 user with AdminDroid’s Granular Delegation and meet your organization’s security and compliance requirements.

Create custom roles loaded with just the right permissions and give access to admins or normal users within AdminDroid. The result? A streamlined Microsoft 365 management experience that aligns your organization's security protocols and saves your invaluable time and effort.

Give Just the Right Access to the Right People

Align, Define, Simplify: AdminDroid's Granular Delegation

Smart Organizational Control Effortless M365 Management Simplified Access

Advanced Alerts at a Glance

Receive quick notifications for malicious Microsoft 365 activities. Engage with the AdminDroid’s real-time alert policies crafted to streamline your security investigations.

Stay informed of critical activities like suspicious emails and high-risk logins, bulk file sharing, etc. Through creating and validating ideal alert policies, AdminDroid provides a comprehensive approach to real-time monitoring and management of potential threats within your organization.

AdminDroid Keeps You Always Vigilant, Never Vulnerable!

Proactive Protection Real-time Monitoring Security Intelligence Threat Detection

Merge the Required Data to One Place

Combine multiple required columns into one comprehensive report and prioritize the information that matters most to you with AdminDroid’s Advanced Column Customization.

This column merging capability offers a flexible way to add different columns from various reports and collate all the essential data in one place. Want to revisit the customized report? Save it as a 'View’, and your unique report is ready whenever you need it.

Merge with Ease and Save as Views!

Custom Reporting Unique View Desired Columns Easy Data Interpretation

Insightful Charts and Exclusive Dashboards

Get a quick and easy overview of your tenant's activity, identify potential problems, and take action to protect your data with AdminDroid’s Charts and Dashboards.

With AdminDroid charts and dashboards, visualize your Microsoft 365 tenant in ways you've never thought possible. It's not just about viewing; it's about understanding, controlling, and transforming your Microsoft 365 environment.

Insightful Charts and Exclusive Dashboards

Explore Your Microsoft 365 Tenant in a Whole New Way!

Executive overviews Interactive insights Decision-making Data Visualization

Efficient Report Exporting for Microsoft 365

Downloading your reports in the right file format shouldn’t be a hassle with AdminDroid’s Report Export. Experience seamless report exporting in various formats that cater to your needs.

Navigate through diverse options and export Microsoft 365 reports flawlessly in your desired file format. Tailor your reports precisely as you need them and save them directly to your computer.

Efficient Report Exporting for Microsoft 365

Take Control, Customize and Deliver- Your Office 365 Data, Exported in Your Way!

Easy Export Seamless Downloading Data Control Manage Microsoft 365

How to Audit Files Accessed by External Users in SharePoint Online