Skip to main content
  • Our service may detect external sharing even though your Google Drive policy prohibits it
  • The cause is that the Google Drive API returns per-file sharing settings without considering the applied policy
  • Two solutions are available:
    • Option 1: Bulk-fix permissions in Google Drive
    • Option 2: Limit the drives our service inspects

Background

The externally shared file detection feature plays an important role in managing your organization’s security. However, false positives can occur in certain situations.

When This Issue Occurs

This issue affects organizations that meet all of the following conditions:
  1. External sharing was permitted at some point in the past
  2. External sharing is now blocked at the Google Drive policy level
  3. Files exist that are no longer accessible from outside the organization
Under these conditions, our service still detects those files as externally or publicly shared.

Root Cause

Google Drive API Limitation

The root cause lies in how the Google Drive API works:
ItemDescription
Google Drive APIReturns the sharing settings configured per file or folder as-is
Actual accessRestricted by the organization’s policy settings
ResultThe API reports “external sharing allowed,” but access is actually blocked
In other words, the Google Drive API does not interpret the applied policy — it only reads per-file permission settings. This means files that are no longer accessible externally still appear as “shared.”

Impact in Our Service

Because our service retrieves file sharing status via the Google Drive API, it is affected by this limitation:
  • Files blocked at the policy level are still detected as externally shared
  • Files that are not actually accessible externally are flagged as risks
  • IT administrators find it harder to identify genuine risks

Solutions

Solution 1: Bulk-Fix Permissions in Google Drive

To resolve this issue, clear the legacy sharing settings in Google Drive.

Overview

  1. Use Google Drive’s search filter to identify externally shared files
  2. Select all matching files
  3. Update the sharing settings to restrict access to your organization

Detailed Steps

Step 1: Set the Search Filter

  1. Open Google Drive and click the filter icon at the right end of the search bar at the top of the screen
  2. When the “Search options” dialog appears, click the dropdown under “Location”
  3. Select the target location:
    • Shared drive: select a specific shared drive
    • My Drive: target files in a personal drive
  4. After selecting the target, click “Select” and then click “Search”

Step 2-A: Search for Externally Shared Files

  1. Type sharedwith:external in the search bar and press Enter
    • Files shared with specific external users or domains appear.
    • Files set to “anyone with the link” also appear.
  2. Review the results to get an overview of externally shared files

Step 2-B: Check Publicly Shared Files

  1. Replace the search bar content with sharedwith:public and press Enter
    • Files set to “anyone” appear
  2. Review the publicly shared files and take notes as needed

Step 3: Bulk-Update Sharing Settings

  1. Reset the search bar to sharedwith:external to display the externally shared file list
  2. Select all target files
  3. Click the share icon (person icon with a plus sign) in the top menu bar
  4. When the “Share X files” dialog appears, click the dropdown under “General access”
  5. Select your organization name
    • This restricts access to members within your organization
  6. Click “Done”

Step 4: Verify the Result

  1. Confirm that the message “Access updated” appears at the bottom left of the screen
  2. Type sharedwith:public in the search bar and press Enter
  3. If “No results found” appears, public sharing has been successfully removed
  4. Repeat the same check with sharedwith:external to confirm external sharing has been removed

When Multiple Shared Drives Exist

If your organization has multiple shared drives, repeat the steps above for each shared drive:
  1. Select the target shared drive in the search options
  2. Search with sharedwith:external and sharedwith:public
  3. Update the sharing settings for the matching files

Post-Task Verification

Verification in Our Service

Changes are reflected in our service after the next sync following completion (up to 7 days):
  • The number of detected externally shared files decreases
  • Only files that are genuine risks appear

Solution 2: Limit the Drives Our Service Inspects

In addition to the bulk fix in Google Drive, you can work around the issue by limiting the drives our service inspects.

When This Approach Is Appropriate

  • You can identify which shared drives have external sharing blocked by policy
  • You prefer adjusting the inspection scope going forward rather than fixing past files
  • You need a faster, more immediate solution

Configuration Steps

  1. Log in to our service and open “Services” > “Google Drive” > “Files” tab
  2. Click the “Change synced files” button
  3. Under Shared drive settings, enter the Drive IDs of the shared drives you want to inspect in the “Drive IDs” field
    Reference: Specifying the conditions for files our service detects (Google Drive)
  4. Click Save to apply the settings
  5. Use the Sync button to run a manual sync and confirm the settings take effect

How to Find a Drive ID

You can find a shared drive’s Drive ID in the URL when you open the drive in your browser:
https://drive.google.com/drive/folders/[Drive ID]
                                        ^^^^^^^^^^
                                        This part is the Drive ID

Solution Comparison

SolutionAdvantageDisadvantageBest For
Bulk fix in Google DriveResolves the root causeTakes more timeWhen a complete fix is required
Limit our service’s inspection scopeTakes effect immediatelyDoes not fix the root causeWhen a quick fix is needed
Recommendation: Exclude shared drives where external sharing is blocked by policy from inspection. This is an efficient approach.
Last modified on July 7, 2026