Requirement: Monitor SharePoint Online and OneDrive external sharing invitations.
SharePoint Online: Configure External Sharing Alert
When external sharing is enabled, users share files stored in SharePoint or OneDrive for Business site securely with team members, colleagues, external vendors, or partners. You can audit the external user invitations in SharePoint Online and OneDrive for Business by using the Set-SPOTenant cmdlet with the “BccExternalSharingInvitations” parameter to “$True” and providing a list of email addresses to “BccExternalSharingInvitationsList”. By default, this configuration is set to False – meaning BCC for external sharing is disabled. You can turn it ON and configure the Email address to receive a notification when external sharing invitations are sent.
#Parameters $TenantAdminURL = "https://crescent-admin.sharepoint.com" #Connect to Admin Center Connect-SPOService -Url $TenantAdminURL -Credential (Get-Credential) #enable alert for external user invitation Set-SPOTenant -BccExternalSharingInvitations $True -BccExternalSharingInvitationsList "Admin@Crescent.com"
This will blind-copy (BCC) the email messages to the Email IDs listed in the BccExternalSharingsInvitationList parameter. You can specify either a single email address or multiple addresses by creating a comma-separated list with no spaces.
Set-SPOTenant -BccExternalSharingInvitations $True -BccExternalSharingInvitationsList "Admin@Crescent.com,helpdesk@Crescent.com"
As a result, a copy of every external user invitation will be sent to the specified Emails and remain available for later auditing or review. This can be a PowerShell way of Monitoring External Sharing Invitations if needed.
Disable BCC External Sharing Invitations
To disable the BCC external sharing invitations, just set the flag to False.
Set-SPOTenant -BccExternalSharingInvitations $False
Check Existing Settings using Get-SPOTenant cmdlet
You can check the existing setting for the tenant using:
Get-SPOTenant | Select BccExternalSharingInvitations, BccExternalSharingInvitationsList
Monitor External User Sharing using Compliance Center Alerts
External sharing report is a common requirement in organizations. We can either search Audit logs and get a list of all the externally shared resources, or create an alert policy to get Email notifications as and when it happens. To monitor external content sharing using Microsoft 365 compliance center,
- Navigate to compliance center alert policies at https://protection.office.com/alertpolicies
- Click on New alert policy >> Provide name and other parameters.
- Choose the activity as “Shared File Externally” and create the policy.
More information here: https://docs.microsoft.com/en-us/microsoft-365/compliance/alert-policies?view=o365-worldwide