This post is part our #M365SecurityShorts series, created to highlight some of Microsoft 365’s security orientated functionality that’s likely going to be useful to many organisations.
In this short we’ll be using Microsoft Purview to identify files that have been shared with external users.
More detail on content search and related functionality can be found here.
In this example, the following KQL is used within the query editor:
More posts from the #M365SecurityShorts series:
- M365 Security Shorts Part 6: Identifying Inactive Accounts Through Access Reviews
- M365 Security Shorts Part 5: Office 365 Message Encryption
- M365 Security Shorts Part 4: Block Legacy Authentication Through Conditional Access Policies
- M365 Security Shorts Part 3: Log Analytics & AAD Logs
- M365 Security Shorts Part 2: Alert Policies
In.security was formed by Will and Owen, two cyber security specialists driven to help other organisations stay safe and secure against cyber threats and attacks. After having worked together since 2011 in several former companies, they each gained considerable experience in system/network administration, digital forensics, penetration testing plus training. Based in Cambridgeshire, but operating nationally, we can provide a range of services and training for businesses and individuals alike. Read more about our services below:
- Penetration testing
- Vulnerability assessments
- Build reviews
- Red team testing
- Phishing assessments
- Password auditing
- Cloud security auditing