IronSights

Microsoft 365 & cloud

SharePoint Online

Microsoft's cloud-based collaboration and document management platform included in Microsoft 365, used for storing, sharing, and co-authoring files across teams and organisations.

Also known asSharePoint

In plain English

SharePoint Online is where most Microsoft 365 organisations store and share files. It powers the "Files" tab in Microsoft Teams, provides intranet sites, and enables document co-authoring. From a security perspective, SharePoint permissions and external sharing settings are one of the most common sources of data exposure — files shared with "anyone with the link" create significant data governance risk.

Full definition

SharePoint Online is where most file storage actually lives, whether users know it or not. Every Teams channel has a SharePoint document library behind it. Every account is technically a personal SharePoint site. Files shared in Teams, stored in OneDrive, or attached to a SharePoint intranet all sit in the same underlying platform, which means SharePoint security controls apply broadly across your M365 environment.

External sharing is the most common misconfiguration. By default, SharePoint Online allows sharing with anyone who has a link, including people outside your organisation, with no expiry. can restrict what files can be shared externally and with whom. policies can block documents containing tax file numbers or Medicare numbers from being emailed or downloaded to unmanaged devices. scans files stored in SharePoint for .

The 's restrict administrative privileges and application control mitigations both have SharePoint implications. Who can create new sites, change sharing settings, or add external users are administrative actions that should be restricted to specific roles. In practice, many organisations find these settings wide open during an IronSights security assessment, with dozens of sites sharing files externally and no audit log review in place.

Keep learning

More terms in the IronSights Glossary.