Network share configuration assessment

Applies to:

Important

Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Note

Want to experience Microsoft Defender Vulnerability Management? Learn more about how you can sign up to the Microsoft Defender Vulnerability Management public preview trial.

The ability to share files and folders over a network allows users to provide access to resources like files, documents, and media to other people on the network. As network shares can be easily accessed by network users, some common weaknesses exist that can cause network shares to be vulnerable.

When vulnerable network share configurations are identified, they're mapped to actionable security recommendations in the Security recommendations page. The following recommendations can help protect against vulnerabilities in network shares that could be exploited by attackers:

  • Disallow offline access to shares
  • Remove shares from the root folder
  • Remove share write permission set to 'Everyone'
  • Set folder enumeration for shares

Find information about exposed network shares

To see security recommendations addressing network share configurations:

  1. Go to Vulnerability management > Recommendations.
  2. Select Filters and choose Related component > OS > Shares.

Options for filtering on network shares

  1. Select Apply.

If there are network shares with vulnerabilities to address, they'll appear in the list of recommendations

Network shares configuration recommendations

Select a recommendation to see a flyout with information on the vulnerable network share configuration:

Network shares configuration recommendation details

Explore the Exposed devices and Exposed shares tabs for details of the exposed entities in your organization.

Request remediation for the network share configuration

You can view and submit a remediation request from the remediation options tab:

Network shares configuration remediation options

View configuration remediation activities

Go to Vulnerability management > Remediation and filter by the remediation type, "configuration change" to see the activity item related to this change.