Ensure external content sharing is restricted
Why This Matters
Unrestricted external content sharing exposes your organization to data leakage and unauthorized access. When guests can share without authentication, you lose visibility and control over who accesses sensitive files, making it easier for malicious actors or negligent users to exfiltrate data. Enforcing guest authentication creates an auditable identity for every external collaborator, enabling oversight through conditional access and group-based restrictions.
What Aether365 Checks
Aether365 verifies that your external sharing setting is not more permissive than "New and existing guests" (or a less permissive option) at the organization level. This check appears in the Aether365 dashboard under Microsoft 365 checks, aligned with CIS Microsoft 365 Foundations Benchmark control 7.2.3.