Management of SharePoint permissions often falls behind. Files shared with “anyone with the link.” Former employees who still show up in site permissions. A SharePoint site someone created for a project in 2022 that's now accessible to half the company for no reason.
Nobody set out to create this mess. It accumulated. Every time someone clicked “share” and picked the easiest option, or every time a new starter was added to the wrong group, or every time a guest account was created for a one-off collaboration and never removed.
We go through your SharePoint and OneDrive, find every overshared file, every stale permission, every open sharing link. Then we can help you fix it by providing a permissions discovery report, as well as doing it with/for you.
For years, messy SharePoint permissions were just an annoyance, and someone quietly fixed it, or turned a blind eye. Not sustainable.
Two things have changed the seriousness of SharePoint security.
If you've enabled Microsoft 365 Copilot, or if you're planning to, note: Copilot sees everything each user can see. It uses the same permissions your staff already have. It just searches faster and more thoroughly than any human would.
So when a staff member asks Copilot to find information about a client, and Copilot pulls up a salary spreadsheet, a board paper, or a confidential contract from a SharePoint site they technically had access to but never would have found by browsing — that's your permissions problem becoming visible in the worst possible way.
A file with overly broad access used to sit unnoticed in a library. Now Copilot can find it, summarise it, and serve it up in seconds. That changes the stakes of every permission you've left too open.
We also offer a broader Copilot readiness engagement that includes permissions cleanup plus identity controls, content hygiene, and Copilot configuration.
If your business holds client data — financial records, tax file numbers, health information, legal documents — the Privacy Act requires you to take reasonable steps to protect it from unauthorised access. “Everyone in the organisation” having access to a SharePoint site full of client files doesn't meet that test.
Insurers are asking more specific questions about data access controls, file sharing policies, and who can see what. A documented permissions audit is a strong answer to those questions.
We work through your SharePoint Online and OneDrive environment systematically. Every site, library, and every sharing configuration. Here's what we look at and fix.
This is usually where the worst problems live.
We identify all of them, review them with you, and remove the ones that shouldn't exist. For the ones that should, we set appropriate expiry dates and permission levels.
SharePoint permissions are built on inheritance. Site permissions flow down to libraries, libraries to folders, folders to files.
Except that the moment someone breaks inheritance to give a specific person access to a specific folder, the system starts to fragment. Over time, you end up with individual files that have completely different permissions from the folder they sit in, and nobody can explain why.
A SharePoint audit involves:
Guest accounts accumulate. Someone invites an external accountant to collaborate on a file. Someone shares a project folder with a contractor. Someone sends a link to a client so they can upload a document. Each of these creates a guest account or external access path in your tenant.
We find every guest account, check what they have access to, and flag the ones that should be removed. For guests that still need access, we make sure the scope is appropriate and the access has an expiry.
OneDrive is often overlooked because people think of it as personal storage. It isn't.
In M365, OneDrive is just SharePoint with a different interface. Everything shared from OneDrive follows the same sharing mechanics, and files shared from OneDrive are just as accessible (and just as searchable by Copilot) as files in SharePoint.
We review OneDrive sharing across all users and clean up external shares, broad internal shares, and orphaned sharing links.
When people leave your organisation their OneDrive stays. Their name stays in SharePoint groups. Their permissions persist in site collections they were added to individually.
If you haven't been running a proper offboarding process (most businesses with 10–25 staff haven't), there are probably former employees with active permissions across your environment right now.
We cross-reference your current user list against your SharePoint and OneDrive permissions and clean out anyone who shouldn't be there.
After cleaning up the individual sites and files, we configure your tenant-level settings to stop the permissions chaos from rebuilding.
These are the policies that control what options your staff see when they click “Share.” Getting them right means less cleanup next time.
What we found: overshared sites, open links, stale guests, former employee access, broken inheritance.
Links removed. Permissions tightened. Guest accounts cleaned up. Policies configured.
What we changed and what it means for your staff in practice.
Content to restructure, sites to archive, guests to keep or remove.
So your team knows how to share properly going forward.
This is exactly the cleanup you need before enabling Copilot licences. It also connects directly to our Copilot readiness engagement if you want the full package.
Someone found something they shouldn't have. A client document surfaced in the wrong place. A former employee's name appeared on a shared file. You want to know the full picture and get it fixed.
Audits, privacy reviews, cyber insurance questionnaires. All of them are asking more pointed questions about who can access what. The permissions audit report answers those questions with evidence.
You've been meaning to sort out SharePoint for years. This is the engagement that actually gets it done, without you having to learn SharePoint administration.
We audit the current state, clean it up, and hand you a documented baseline. Whether we continue as your IT provider or not.
We manage M365 tenants for a living. We know the difference between a sharing link that's a legitimate business need and one that's been sitting there since 2021 because nobody remembered to turn it off. We also know that Microsoft's native admin tools for permissions reporting are limited for smaller tenants, so we use a combination of admin centre reports, PowerShell, and manual inspection to get the full picture.
You get a report and optionally engage Internacious to do the SharePoint/OneDrive permissions remediation.
The biggest fear with permissions work is losing access to something people need access to. Everything we change is documented and reversible.
You've been meaning to do this for a while. We can have it done in a couple of weeks.
The full Copilot readiness engagement, including permissions cleanup, identity controls, content hygiene, and Copilot configuration.
Learn moreQuick self-serve check of your M365 security posture.
Take assessmentUrgent containment if a mailbox or account has been compromised.
Learn moreOngoing Microsoft-first IT support, including regular permissions hygiene.
Learn moreReady to Talk About Your IT?Book a call