Microsoft OneDrive, MS Teams, and SharePoint provide powerful collaboration features that are commonly used among PolyU users. However, it's crucial to exercise caution and follow best practices to prevent any unintended data exposure or security breaches.
To ensure a secure and controlled sharing environment, you must pay special attention to the following sharing scenarios:
- Sharing Within the Organization
When sharing files or folders within our organization (PolyU staff tenant / PolyU Connect tenant), avoid sharing sensitive or confidential information. Ensure access is restricted to individuals with a legitimate need and grant only the minimum necessary privileges.
- External Sharing
When collaborating with external partners, always double-check the sharing settings to ensure that you are granting the appropriate level of access. Take a moment to review the permissions granted when sharing files or folders externally. Consider using the "Specific people" option when sharing externally, as it provides more granular control over who can access the shared content.
- Anonymous Sharing
Anonymous sharing poses a higher risk, as it allows anyone with the link to access the content. Before enabling anonymous sharing, carefully evaluate the sensitivity of the information being shared and consider alternative methods, such as sharing with specific individuals or using secure file transfer methods.
Here are some best practices to keep in mind:
- Review and update the sharing permissions for your files periodically.
- Remove the shared files or revoke access permission once the collaboration or sharing is no longer requested.
- Avoid sharing sensitive information externally unless absolutely necessary.
- Use anonymous sharing sparingly and with caution.
- Always double-check the email address or name of the person with whom you're sharing files.
Take advantage of the reporting features available in OneDrive and SharePoint to monitor sharing activities and identify any abnormalities.
With the introduction of Copilot for Microsoft 365, any users who subscribe to captioned product will be able to crawl across all shared resources on the Microsoft O365 Cloud, including third-party OneDrive, SharePoint and Teams site folders, as long as users have been granted access right - whether explicitly granted or implicitly obtained through anonymous sharing.
For more details about file sharing reporting in OneDrive and SharePoint, click here.
If you have any questions or require assistance with reviewing your sharing settings, please contact the IT HelpCentre (Tel: 2766 5900, WhatsApp / WeChat: 6577 9669) or reach out to us via the IT Online ServiceDesk.