EXT-06: External Sharing Visibility

Frequently asked questions about implementing and managing the EXT-06 security control in Microsoft 365 and Entra ID.

Q
What is EXT-06 (External Sharing Visibility)?
A

EXT-06 is a security control that external sharing is the most common data leakage vector. without visibility into what is shared externally, you cannot assess your data exposure risk or detect sensitive data being shared inappropriately. It requires that external sharing links in sharepoint/onedrive are tracked and anonymous "anyone with the link" shares are identified, external sharing activity is reviewed regularly.

Related controls:EXT-06
Q
Why is External Sharing Visibility important for Microsoft 365 security?
A

External sharing is the most common data leakage vector. Without visibility into what is shared externally, you cannot assess your data exposure risk or detect sensitive data being shared inappropriately.

Related controls:EXT-06
Q
How do I implement EXT-06 in my tenant?
A

EXT-06 requires manual implementation. Requires SharePoint admin access or audit log analysis

Related controls:EXT-06
Q
What license do I need for EXT-06?
A

This control can be implemented with any Microsoft 365 subscription, including free Azure AD.

Related controls:EXT-06
Q
Which security baseline includes EXT-06?
A

EXT-06 is included in the TrueConfig Recommended Secure baseline (Level 1). This is the foundation level suitable for most organizations.

Related controls:EXT-06

5

Questions

1

Related Controls

Categorized

Related Resources

EXT-06 Control Reference

Detailed documentation and implementation guidance

Guest & External Access Controls

All controls in the Guest & External Access category

Security Glossary

Definitions of security and Microsoft 365 terms

Still have questions?

Our security experts are here to help. Start a free trial and get personalized guidance for your Microsoft 365 environment.

Start Free Trial
All FAQsBrowse Controls →