External sharing SHALL be restricted to approved external domains and/or users in approved security groups per interagency collaboration needs.

Why This Matters

Unrestricted external sharing in SharePoint can expose sensitive data to unauthorized users or malicious actors. Without domain or group restrictions, attackers may exploit sharing policies to exfiltrate information or gain lateral access. Restricting sharing to approved domains and security groups ensures collaboration only occurs with authorized external parties, reducing the risk of data breaches.

What Aether365 Checks

Aether365 verifies that SharePoint external sharing is limited to approved external domains or users in approved security groups. This check appears in the Aether365 dashboard under the microsoft-365 checks category.