ONEDRIVE SECURITY ISSUE for 70,000 PEOPLE
ONEDRIVE SECURITY ISSUE: Every OneDrive sites is open to "Everyone Except External Users". The Document Library in the OneDrive site has restricted permissions to provide access only to OneDrive owner (unless they choose to share). If a OneDrive owner creates a subsite or other Document Libraries, that data is exposed to everyone in the company as it is inheriting permissions from the main OneDrive site. Microsoft states they do not support creation of subsites and Document Libraries in OneDrive, but they give us no way to prevent it. Our users expect their OneDrive contents to be private unless shared. This is adds significant security risk to our data as search will expose the data in search results within minutes. Help us fix this problem!
Srinu Tamada commented
Some extend I agree with this issue. Microsoft should either block creating new libraries or subsites or by default entire onedrive is restricted to the user other than shared folder.
stephen velasco commented
I agree as our C-levels need to be able to trust this platform for their business sensitive information at all times. Our support desk shouldn't have to answer emergency calls because our CEO's documents are exposed "by default".