SharePoint Invites Verification [CHK-1524]
This check ensures that SharePoint is configured to require guest users to log in with the email address to which the invitation was sent.
Rationale
Invitation emails can be forwarded to other addresses, potentially falling into the wrong hands. Requiring authentication with the original email address increases control and security.
Fix
An automated fix is available through Attic.
Manual steps:
- Navigate to SharePoint admin center at https://admin.microsoft.com/sharepoint
- Go to Policies > Sharing
- Under "Choose the type of link that's selected by default when users share files and folders in SharePoint and OneDrive", select "Specific people (only the people the user specifies)"
- Click "Save"
Alternatively, this setting can be changed using PowerShell by setting the following value: isRequireAcceptingUserToMatchInvitedUserEnabled = true
Impact
This fix ensures that SharePoint sharing invites are bound to the email address of the recipient, enhancing security.