Microsoft Viva: Viva Learning - Private thumbnail using SharePoint links for courses

🚨 The Signal: Viva Learning now supports private thumbnails for courses hosted on SuccessFactors via SharePoint links. This change could expose internal learning content metadata if SharePoint sharing controls are not correctly configured, increasing the risk of information disclosure.

The Impact

Admins and Security Teams are affected by the potential for unintended information disclosure if SharePoint sharing is misconfigured.

• Admins: Must verify SharePoint sharing settings to prevent unintended access.
• Security Teams: Risk of metadata exposure for internal learning content.
• End Users: Improved experience with private thumbnails, but no direct security impact.

The Action

1. Review SharePoint site permissions for all sites hosting Viva Learning content.
2. Ensure external sharing is disabled or tightly controlled for sensitive learning content libraries.
3. Verify 'Who can share' settings in SharePoint Admin Center for relevant sites.
4. Implement Data Loss Prevention (DLP) policies for SharePoint sites containing learning content.

Domain: SharePoint · Impact: medium · Workload: SharePoint