Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

SharePoint Secure Collaboration Use Cases

Limited Availability: This is a Limited Availability feature. To enable this feature, contact Skyhigh Support.

Supported Features

Skyhigh CASB for SharePoint supports these features for the secured collaboration of users.

Identify and Remove External Users from SharePoint sites

Skyhigh CASB for SharePoint allows security admins to define the DLP policies to identify and remove external users from SharePoint sites. External users added to SharePoint sites are identified and removed. 


  • If the external user belongs to an O365 group, Skyhigh CASB removes that group from the SharePoint site default groups (Members, Visitors, Owners).
  • This feature does not support O365 Security groups (found in Microsoft 365 admin center > Active teams and groups > Security).





For example, say your organization has a SharePoint site ( and the organization wants to prevent external users from being added to this SharePoint site. When this site is shared with an external user (via Settings > Site permissions > Add Members > Share site only), the external user is added to the SharePoint site group. The security admin can define a DLP policy, which detects and removes external users from the SharePoint site. The DLP policy is triggered when an external user is added to this SharePoint site.

Rule Group

To create a DLP rule:

  1. Go to Policy > DLP Policies
  2. Click Actions > Sanctioned Policy > Create New Policy
  3. On the Description page, enter a name, description, and deployment type. For Services, select Microsoft SharePoint. Then select the users the policy will apply to.
  4. On the Rules page, select Collaboration
  5. For Sharing From, select Anyone
  6. For Sharing To, select Anyone
  7. For Sharing Permission, make a selection.
  8. Click Next.

Response Action

To add a response action to a policy:

  1. On the Responses page, click AND and select Revoke Sharing for and Remove External Collaborators from Groups to remove the external user.
    1. Also select Send Email Notification To, and enter the SharePoint User Email to notify the user about the DLP policy violation, or add a comma-separated list of email addresses. 
  2. Select an Email Template.
  3. Click Next.
  4. Review your policy, and click Save
  • Was this article helpful?