SOLVED

Shared files of former employees

Iron Contributor

It seems that files that have been shared from OneDrive by former employees (whose accounts have been disabled, not deleted) are still shared and accessible by those with whom the files were shared. This is not optimal in our opinion. Are there any tools, tricks etc. we can use to keep track of files shared by former employees?  

2 Replies
Hi Jakob,

You could use sharing auditing from the audit log

https://docs.microsoft.com/en-us/office365/securitycompliance/use-sharing-auditing#how-to-identify-r...

You can also see the Onedrive activity report to see if the users have shared files

https://docs.microsoft.com/en-us/office365/admin/activity-reports/onedrive-for-business-activity?vie...

You should be able to control external sharing for individual users too

https://docs.microsoft.com/en-us/onedrive/user-external-sharing-settings

Hope that answers your question!

Best, Chris
best response confirmed by Jakob Rohde (Iron Contributor)
Solution
The problem with Chris's method is that you are restricted to the timeframe of the audit log. Which depending on license will only be up to a year in most cases. You'll want to leverage DLP content searches in this case: https://docs.microsoft.com/en-us/office365/securitycompliance/keyword-queries-and-search-conditions?...

SharedWithUsersOWSUser (internal) or the ViewableByExternalUsers (external) keywords is what you want to look into. Then you can scan that onedrive URL for these and you should get the content that is shared.
1 best response

Accepted Solutions
best response confirmed by Jakob Rohde (Iron Contributor)
Solution
The problem with Chris's method is that you are restricted to the timeframe of the audit log. Which depending on license will only be up to a year in most cases. You'll want to leverage DLP content searches in this case: https://docs.microsoft.com/en-us/office365/securitycompliance/keyword-queries-and-search-conditions?...

SharedWithUsersOWSUser (internal) or the ViewableByExternalUsers (external) keywords is what you want to look into. Then you can scan that onedrive URL for these and you should get the content that is shared.

View solution in original post