Attackers will often research your organization to prepare targeted attacks. A person's calendar is a great source of such information and should not be shared externally.


By enabling this setting, users in your organization will no longer be able to share their calendars with people outside of your organization.


You can configure one of the following options when you apply Settings:

  • Disabled: Users cannot share any calendar information.
  • Authenticated Only: Your user can share their calendar with authenticated users in Exchange/Microsoft 365 outside of your organization.
  • Public: Anyone invited to a meeting can read user’s calendar.
  • Do not modify (Ignore): We will not monitor nor attempt to modify the organization’s calendar settings. We recommend using this in cases where you prefer using a customized Sharing Policy in Exchange, so Office Protect does not overwrite your customization.

 

Calendar Sharing policies are available in the Microsoft Admin Center, in Settings/Org settings. Although, it is also possible to configure user-specific calendar settings per users directly into the Exchange Admin Center in the Organization/Sharing section. If you choose to do so, we recommend that you set this setting to “Ignore” so Office Protect does not block your custom configuration.


You can find the setting in the Microsoft Admin Center, in the Settings/Org Settings/Service/Calendar section.


Operation to look for in the Unified Audit Logs: Set-SharingPolicy


Microsoft’s Documentation on Exchange Sharing Policies: https://docs.microsoft.com/en-us/exchange/sharing/sharing-policies/modify-a-sharing-policy