Re: OneDrive for Business "feature"

[Michael Schalip <MSchalip () SALUD UNM EDU>]

I'm not sure that's going to qualify as a "bug".  That capability has been available in O365/OneDrive for quite some 
time now.  However - I believe there are ways to control that behavior through the central console....

M

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Menne, 
Michael S
Sent: Monday, August 27, 2018 10:53 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] OneDrive for Business "feature"


[[-- External - This message has been sent from outside the University --]]

FYI ... I just stumbled across a wonderful "helpful feature" in Office 365 OneDrive for Business.

Right click on a file in the web interface and select "Copy Link." Voila, that file has now been shared with anyone 
that can discover the link.  Unless you explicitly remove the link or change the sharing properties of the link, it has 
now been shared with the world.  I submitted a Service Request to Microsoft on this as a bug report.

Michael Menne, CISSP
Chief Information Security Officer
IT Solutions Information Security
Minnesota State University, Mankato
Phone:  (507) 389-5705
www.mnsu.edu/its/security<applewebdata://E5E98DA9-AEBC-4104-AA47-742D8C5F4644/www.mnsu.edu/its/security>

[cid:image001.png@01D341A0.236300E0]

Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended 
recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or 
distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and 
destroy all copies of the original message.