Ensure 'External sharing' of calendars is not available
Why This Matters
External calendar sharing can inadvertently expose sensitive organizational information to attackers. Publicly accessible calendars reveal employee relationships, meeting patterns, and travel schedules, which attackers can exploit to time phishing campaigns or identify high-value targets. Disabling this feature reduces your organization’s attack surface without significant user impact.
What Aether365 Checks
Aether365 verifies that the “External sharing” setting for calendars is disabled in your Microsoft 365 tenant. This check appears in the Aether365 dashboard under the Microsoft 365 checks section.
How to Fix
Complete either of the following methods, then run a new scan to confirm compliance.