This post is part our #M365SecurityShorts series, created to highlight some of Microsoft 365’s security orientated functionality that’s likely going to be useful to many organisations.
In this short we’ll be using Microsoft Purview to identify files that have been shared with external users.
More detail on content search and related functionality can be found here.
In this example, the following KQL is used within the query editor:
More posts from the #M365SecurityShorts series:
- M365 Security Shorts Part 6: Identifying Inactive Accounts Through Access Reviews
- M365 Security Shorts Part 5: Office 365 Message Encryption
- M365 Security Shorts Part 4: Block Legacy Authentication Through Conditional Access Policies
- M365 Security Shorts Part 3: Log Analytics & AAD Logs
- M365 Security Shorts Part 2: Alert Policies