Forum Discussion
Shared files of former employees
It seems that files that have been shared from OneDrive by former employees (whose accounts have been disabled, not deleted) are still shared and accessible by those with whom the files were shared. This is not optimal in our opinion. Are there any tools, tricks etc. we can use to keep track of files shared by former employees?
- The problem with Chris's method is that you are restricted to the timeframe of the audit log. Which depending on license will only be up to a year in most cases. You'll want to leverage DLP content searches in this case: https://docs.microsoft.com/en-us/office365/securitycompliance/keyword-queries-and-search-conditions?redirectSourcePath=%252fen-us%252farticle%252fkeyword-queries-and-search-conditions-for-content-search-c4639c2e-7223-4302-8e0d-b6e10f1c3be3
SharedWithUsersOWSUser (internal) or the ViewableByExternalUsers (external) keywords is what you want to look into. Then you can scan that onedrive URL for these and you should get the content that is shared.
- Hi Jakob,
You could use sharing auditing from the audit log
https://docs.microsoft.com/en-us/office365/securitycompliance/use-sharing-auditing#how-to-identify-resources-shared-with-external-users
You can also see the Onedrive activity report to see if the users have shared files
https://docs.microsoft.com/en-us/office365/admin/activity-reports/onedrive-for-business-activity?view=o365-worldwide
You should be able to control external sharing for individual users too
https://docs.microsoft.com/en-us/onedrive/user-external-sharing-settings
Hope that answers your question!
Best, Chris - The problem with Chris's method is that you are restricted to the timeframe of the audit log. Which depending on license will only be up to a year in most cases. You'll want to leverage DLP content searches in this case: https://docs.microsoft.com/en-us/office365/securitycompliance/keyword-queries-and-search-conditions?redirectSourcePath=%252fen-us%252farticle%252fkeyword-queries-and-search-conditions-for-content-search-c4639c2e-7223-4302-8e0d-b6e10f1c3be3
SharedWithUsersOWSUser (internal) or the ViewableByExternalUsers (external) keywords is what you want to look into. Then you can scan that onedrive URL for these and you should get the content that is shared.
