Introduction #
By default, guest users can share items that they don’t own with other users or guests. Guest users can always share items for which they have full control.
We recommend you do not “Allow guests to share items they don’t own” to prevent company IP from being re-shared by guests users.
User Impact #
Medium
By enabling this setting, guest users will not be able to re-share items they did not create.
Admin Portal Reference #
In the Microsoft 365 Admin Center;
- Go SharePoint Admin Center > Policies > Sharing > Advanced settings for external Sharing.
- Uncheck “Allow guest users to share items they don’t own”
If Action is set to Notify #
We report the setting is compliant if “Allow guest users to share items they don’t own” is unchecked, disabling guests users ability to re-share items they do not own.
We report the setting is non-compliant if “Allow guest users to share items they don’t own” is checked, allowing guest users to re-share items they do not own.
If Action is set to Enforce #
We report the setting is compliant if “Allow guest users to share items they don’t own” is unchecked, disabling guests users ability to re-share items they do not own.
We report the setting is compliant-fixed if “Allow guest users to share items they don’t own” was checked but MSPMagic removed the check, disabling guests users ability to re-share items they do not own.
