With the External sharing review policy, you can set a start date and review recurrence so owners can validate the external sharing links and guest access in their teams and groups as needed.
Based on your default and custom review cycles, the app will automatically send a Teams chatbot or email notification to team and group owners. From these notifications, owners can review and remove any external sharing links that are no longer needed and guests that no longer require access.
- Add teams and groups to the review
- The External sharing review policy is enabled, as in step (4) below.
- Owners are not automatically added when the default policy is turned on. You must add team and group owners to the review.
- Teams and groups with external sharing links and/or guests are present in your environment.
- The Microsoft external sharing policy for your teams and groups is set to Site content can be shared with: Anyone.
Create a default External sharing review policy
The default policy is used for all teams and groups that do not have a sensitivity tag.
To activate your default External sharing review policy:
- Select the Settings tab.
- Select Policies from the menu.
- Scroll to the Security section.
- Toggle on External sharing review.
- In the From field, set the date (date format is DD/MM/YYYY) that you want the external sharing review to start.
- Click in the Every X days field. Use the up and down arrows or enter the number of days. This number must be at least 16 days, but not over 999 days.
- Click anywhere outside the field to save your choice.
- Use the radio buttons to set Microsoft Teams chatbot or Email as your preferred Communications method.
Tip: Select Preview email sent to owners to see an example notification. Review the External sharing review notifications article for information on how the app communicates with your owners.
Create an external sharing review for sensitivity tags
Using sensitivity tags, you can set a custom start date and review recurrence based on the security needs of a team or group.
For example, a team or group categorized with a Confidential sensitivity tag may share highly sensitive information and should be reviewed more often than your default policy allows.
To set a custom policy for sensitivity tags that allow external sharing and guest access:
- Select the Settings tab.
- Select Categorization from the menu.
- Scroll to Sensitivity tags.
- Set the Start date of external sharing review and Recurrence of review.
Add teams and groups to the review
Teams and groups are not automatically included in the default external sharing review.
For more information, see How do I add a team or group to an external sharing review?