Information
The external sharing features of Microsoft SharePoint let users in your organization share content with people outside the organization (such as partners, vendors, clients, or customers). External sharing in SharePoint is part of secure collaboration with Microsoft 365.
Rationale:
An attacker can compromise a user account for a short period of time, send anonymous sharing links to an external account, then take their time accessing the data. They can also compromise external accounts and steal the anonymous sharing links sent to those external entities well after the data has been shared. Restricting how long the links are valid can reduce the window of opportunity for attackers.
Impact:
Enabling this feature will ensure that link expire within the defined number of days. This will have an affect on links that were previously not set with an expiration.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
To set expiration for anonymous access links, use the Microsoft 365 Admin Center
Select Admin Centers and SharePoint
Expand Polices then click Sharing
Under Choose expiration and permissions options for Anyone links. check the These links must expire within this many days
Set to the desired number of days, such as 30
Click Save
To set expiration for anonymous access links, you can also use SharePoint Online PowerShell:
Connect to SharePoint Online using Connect-SPOService
Run the following PowerShell command:
set-SPOTenant -RequireAnonymousLinksExpireInDays 30
Default Value:
Anonymous Sharing - On
Sharing Links Expiration - Off