First download the script to a convenient location, this will also be the location the reports are saved to, once done change the extension from .txt to .ps1
External Sharing Report – Script Execution Steps:
To run this script, you can choose any one of the below methods.
Method 1: Execute script with MFA and non-MFA account
| 1 | ./ExternalSharingReport.ps1 |
Method 2: Execute script by explicitly mentioning credential
| 1 | ./ExternalSharingReport.ps1 -AdminName Admin@contoso.com -Password xxxx |
If the admin account has MFA, then you need to plan a workaround for this, “trusted location”… I would avoid at all cost simple disabling MFA for the account, as the account required to run this should have all the security possible. However, for a test, disable MFA for the account would prove if it works.
The error I received was due to Azure MDM policy. The resolution for this in case you have the same was to set the MDM baseline security policy for Remote Management Service “Client basic authentication” to Not Configured.
Output report:
The exported external sharing report contains the following attributes: Shared Time, Shared By, Shared With, Shared Resource Type, Shared Resource, Site URL, Sharing Type, Workload, and Audit Info.
More Use-cases of ‘Office 365 External Sharing report’
With this script, you can export more granular reports by using in-built filtering options.
OneDrive External Sharing Report:
Like SharePoint Online, OneDrive for Business also allows users to share files and folders with external users. As earlier said, our script tracks both SharePoint Online and OneDrive for Business external sharing activities.
If you want to get OneDrive external sharing activities, please run the script with ‘OneDrive’ switch param.
./ExternalSharingReport.ps1 -OneDrive
With this report, you can identify OneDrive files and folders shared with external users.
Track SharePoint Online External Sharing:
To audit external sharing activities in SharePoint online, you can run the script with ‘SharePoint’ switch param.
./ExternalSharingReport.ps1 -SharePointOnline
By referring to this report, you can protect your organization’s resources by changing external sharing settings.
Export External Sharing Activities for a Custom Period:
If you want to get a list of resources shared with external users for a specific time range, you can run the script with ‘StartDate’ and ‘EndDate’ param.
./ExternalSharingReport.ps1 -StartDate 4/01/21 -EndDate 5/01/21The exported report contains list of files and folders that are shared with external users from April 13, 2021 to May 14, 2021.
Schedule ‘External Sharing Report’:
Since the ‘Search-UnifiedAuditLog’ can take external file/folder sharing activities for the last 90 days, you may require old data for analysis. In that case, scheduling will help you to keep the audit log for more than 90 days.
To run a PowerShell script from Task Scheduler, you can use the below format:
./ExternalSharingReport.ps1 -AdminName Admin@contoso.com -Password xxxx
If the admin account has MFA, then you need to plan a workaround for this, “trusted location”… I would avoid at all cost simple disabling MFA for the account, as the account required to run this should have all the security possible.
Get a Monthly External Sharing Report:
To get a monthly report on files and folder sharing, you can run the script as follows,
./ExternalSharingReport.ps1 -StartDate ((Get-Date).AddDays(-30)) -EndDate (Get-Date)
The exported report has the last 30 days of external file sharing audit data.
