Workspaces with Shadow Users

This article provides information on the Workspaces with Shadow Users report.

Syskit Point detects users who have access to specific content on the SharePoint site but are not members of the Microsoft 365 Group or Team associated with it, which could lead to security risks and cause oversharing.

The Workspaces with Shadow Users policy cannot have task delegation enabled. That means that no tasks are created to resolve this policy vulnerability, and no emails are sent to collaborators.

The shadow users are still detected and shown on the Security and Compliance dashboard. This means that Syskit Point detects a vulnerability on a workspace based on the applied policy, but it does not create tasks or send any emails to collaborators.

The purpose of this is to assist Syskit Point admins by bringing awareness of potential issues in their Microsoft 365 environment.

On the Security & Compliance dashboard, click the Workspaces with Shadow Users button to see the report.

The Workspaces with Shadow Users screen opens, showing a list of all *workspaces that have content shared with users that are not part of the workspace.

The report itself provides information on:

  • Workspace (1) name of the workspace

  • Detected (2) - when the policy vulnerability was detected

  • Shadow Users (3) - the number of shadow users that have access to content from the workspace

  • Policy (4) - the policy vulnerability that has been detected

  • Rule (5) - the rule that has been assigned, if any

  • Status (6) - the status of the policy vulnerability

You can complete the following actions for the policy vulnerability:

  • Accept Risk (7) - this means you will close the policy vulnerability without making any changes to the current state of the workspace for the specified time period

  • View Users (8) - this generates the list of shadow users that have access to this workspace

Clicking the Accept Risk button opens the Accept Risk pop-up. To delay this violation, complete the following:

  • Select the number of days (1) this policy vulnerability should be delayed for.

    • Once you accept the risk, this vulnerability is moved to the Govern > Security & Compliance > History section, and you can undo the action there.

  • Click the Accept Risk button (2) to finalize your decision.

To view and manage the shadow users for this workspace, click the View Users button or the name of the workspace.

This opens the Remove Access for Shadow users screen, where you can:

  • Click the View Access button (1) to see the access the user has in the workspace.

    • This opens the User Access report that shows a list of all workspaces where this user has access and shows the level of access they have per workspace.

  • Click the Remove Access button (2).

    • This opens the Remove User Access button

    • To remove access type REMOVE (3) in the designated space and click the Remove Access button (4) to finalize your choice.

Last updated