Ensure reauthentication with verification code is restricted
Why This Matters
Unchecked guest reauthentication can leave your organization exposed to prolonged data access by external users. If a guest’s verification code remains valid indefinitely, a compromised or forgotten session could allow unauthorized access to sensitive documents. By enforcing periodic reauthentication, you reduce the window of risk and ensure guest access expires after a reasonable time.
What Aether365 Checks
This check verifies that the SharePoint external sharing setting requiring guests to reauthenticate with a verification code is set to 15 days or fewer. In the Aether365 dashboard under Microsoft 365 checks, this is flagged as M365.2195 with Medium severity.