Reading time:
2 min

Get a Handle on OneDrive Data Leakage


Get a Handle on OneDrive Data Leakage with CoreView

Office 365 provides users with a powerful collaboration platform for sharing content and information.  With that power comes the risk of someone in your organization intentionally or unintentionally sharing OneDrive content anonymously, creating a risk of unauthorized data access.

In this blog, we’ll review how you can leverage CoreView’s powerful auditing features to both identify anonymously shared OneDrive content and how to drill into and identify who has accessed the content.


CoreView offers you several different ways to identify anonymously shared OneDrive content.  In this blog, we’ll look at one such method.

  1. Log into your organization’s CoreView portal (
  2. From the CoreView landing page, click on the Audit tab, as in the example below
CoreView Main menu
  1. From the Audit tab, navigate over to the left side navigation menu, and locate the topic titled OneDrive Reports.
  2. From this selection, you then want to select the report titled Audit Events, as in the example below.

OneDrive Report

At this point, you will see a report of OneDrive activity.  A sample of this view can be seen below.

OneDrive Data Leakage

Sample OneDrive Audit Report view. 

You can quickly and easily identify anonymous access to OneDrive content by performing the following steps.

  1. Change the filter for the Operation column to AnonymousLinkUsed. This will reduce the scope of the report to only where the link to OneDrive content was used.
  2. Next, you can examine the data found in the ClientIp column to look for suspect IP addresses. Internet domain tools, such as ARIN, can help you narrow down on IP ownership.
  3. As needed, you can add or remove columns by clicking on the Columns button to adjust the report’s content.

By clicking on the “hamburg” icon to the right of the Columns button, you will have the option to Save, Schedule, Print or Export the report’s content.


CoreView’s Audit capabilities are extremely powerful and would be of interest to an organization’s Chief Security Officer, Chief Compliance Office, Data Loss Prevention Specialist or other individuals in your organization who are responsible for content management or content security.

If you are interested in finding out more about our CoreView solution and how you can leverage its powerful reporting and analytics features for your organization, please visit us at, or sign-up for a free demo at

See how CoreView can help you with this

Learn more about securing and optimizing your M365 and other SaaS applications.