Reading time:
3 min

When External Users Become an Internal O365 Threat


External users, those non-employees invited to be part of the Office 365, may not have as many rights as full timers, but the bad or negligent ones can quickly become a dangerous internal security threat.

The current business environment makes this threat a bigger deal. Today digital interactions between different companies is the core of productivity. Employees share files with external users, invite them to share in Teams chat or meetings, and add them to distribution groups every day.

Usually these interactions are limited in time, and the external user accesses a resource for a specific project or moment in time and then goes back to his normal activity. Unfortunately, this guest account is still active in the tenant and he can log-in whenever he wants.

What happens if his account is breached several months after invitation? The attacker will be able to access shared resources, read emails exchanged, and act on behalf of the real users.

What happens if the employee who invited him leaves the company? Who is responsible for removing the guest user from the tenant? Probably it will remain there forever.

The actions that external users can perform is what makes them so dangerous. “An external user is authenticated when they have an identity account that can be Microsoft 365, or a different provider like Gmail. These people can work on your documents as well as be part of your M365/O365 groups. An anonymous user can access a folder or document through a shareable link, and view these documents without logging in with a user name and password,” explained David Mascarella, CoreView Chief Global Strategist. “That makes this kind of collaboration very dangerous. External user accounts, for instance, cannot match your password security policy. And those credentials can be used to log in to multiple end user cloud services that are easier to hack.”

How CoreView Secures External Users

CoreView addresses all these problems through a workflow that can be used to force users to add detailed information when an external user is invited such as department, company, manager, country and a validity. CoreView will take care of removing the invited user or renew it based on a customizable approval process.

CoreView automation can also be used to identify external users inactive in the last 60 days and automatically start a process of cleanup with approval.

Any external user is an additional endpoint to your tenant – keeping them active indefinitely is a common bad practice that can be easily addressed with CoreView.


Office 365 is an amazing productivity platform both internally and externally for your company. It helps remove barriers and simplifies interactions between people, empowering them to achieve more. This is amazing but…

  • Are you aware of how many external users you have in your tenant?
  • How many of them have been inactive in the last 90 days?
  • Who is taking care of removing them?
  • Are you monitoring external account activities?
  • Do you have you an automated process notifying external users that all activities are tracked, a log of accesses that is kept for several years, and that employees are responsible for keeping confidential information protected?
  • Are you aware of files accessed by external users? Downloaded? Synchronized on their computers?
  • What happens if an external account is breached?
  • Do you have a log of all activities performed by each external user?

If you answered no to more than one of these questions — you really need CoreView.

Even IT should fall under strict data access privilege policies, and all network activity, including activity from IT, should be tracked for security threats.

Meanwhile, CoreView maintains an immutable log of every administrative action, from the time the platform is put in place, for regular review by IT Security. By watching and reviewing, CoreView positively influences behavior. It is the same reason Wal-Mart and public schools have so many cameras. Not just to capture events, but to influence behavior through diligence.

Protect Your O365 Tenant With CoreView

Get your O365 security profile FREE with our new CoreDiscovery solution. You can get your free software now at the CoreDiscovery sign up page:

Or sign up for a personalized CoreView demo.


See how CoreView can help you with this

Learn more about securing and optimizing your M365 and other SaaS applications.