Calendar details SHALL NOT be shared with all domains.

Why This Matters

When calendar details are shared with all domains, sensitive information such as meeting titles, attendee names, and appointment times can be exposed to external parties. This increases the risk of social engineering attacks, targeted phishing, and corporate intelligence gathering by bad actors. Administrators should restrict calendar sharing to maintain confidentiality and reduce the organizational attack surface.

What Aether365 Checks

This check verifies that calendar sharing policies are not configured to expose calendar details to all external domains. In the Aether365 dashboard under microsoft-365 checks, this assessment evaluates the relevant Exchange Online sharing policy to ensure it restricts detailed availability to only authenticated users or specific external organizations.