File events that show a username urn:spo:anon# or anonymous are examples of an external user accessing a SharePoint file that was shared without any restrictions (expiration date, restricted users, etc.) and the username represents a user value Microsoft creates so that these events have an associated user even though it is technically anonymous.
In event of these alerts our suggestion is to reach out to the affected organization to inform them of the publicly shared file and that removing the share is the most secure option to prevent anonymous access.
Comments
0 comments
Please sign in to leave a comment.