004: Identify sharing with customers
Overview
List all known and approved scenarios required by business functions that involve sharing sensitive data with customers of the organization or non-affiliated external persons. These scenarios might be general in nature (e.g. employee sending a customer files that contain the same customer's PII) or specific (e.g. billing data is shared on a monthly basis by the Finance department with customers as PDF attachments). Initial identification of common sharing patterns can be done by using tools like Activity Explorer and through analysis of the Unified Audit Log's SharePoint and OneDrive sharing logs, as well as Exchange audit logs.
Reference
- Activity Explorer: https://learn.microsoft.com/en-us/purview/data-classification-activity-explorer
- SharePoint sharing logs schema: https://learn.microsoft.com/en-us/purview/audit-log-activities#sharing-and-access-request-activities