An account was seen sharing files and/or folders at a volume that is higher than is normal for both the environment and for the account.
Possible Root Causes
Attackers may use SharePoint/OneDrive sharing functions to exfiltrate data and enable ongoing access to data over extended periods of time.
Use of sharing enables attackers to maintain access to data after an a compromised account is remediated
Users who rarely share files may periodically share more files than most other users in the environment as part of their job function.
Business Impact
While some level of sharing may be normal for an environment or user, those users who emerge as sharing unusual amounts of data should be reviewed to validate the sharing is legitimate and does not pose a risk.
Sharing of a large volume or breadth of files or folders exposes the organization to an increased risk of data theft or loss.
Steps to Verify
Review the data being shared to determine if the information should be exposed to external parties.
Review the sharing permissions to ensure the least possible data is exposed. • Validate with the user that the sharing was intended and follows organizational policies on data sharing with external parties.
M365 Suspicious Sharing Activity
Possible root causes
Malicious Detection
Benign Detection
M365 Suspicious Sharing Activity
Example scenarios
M365 Suspicious Sharing Activity
Business impact
If this detection indicates a genuine threat, the organization faces significant risks:
Our interactive demo provides a deep dive into the advanced capabilities of our cybersecurity platform, showcasing real-time detection, comprehensive analysis, and proactive threat mitigation.
Don't just read about the possibilities – experience them.