Similar with google docs, if you share a link to a doc, even if the doc is restricted access, anyone can see the thumbnail icon with the contents of page 1.
In this particular issue, MS has an opposite problem: you grab a document link, grant a permission to someone, and they still can't access the document through the original link (you need to fetch a new link just for them).
Kind of. The default behavior is to create a new link. So when you grant someone access you are actually creating a new link. However, you can find the buried manage access settings and change the permissions on the original link. If you do that then they can use the original link.
(Teams makes this Byzantine in the extreme to accomplish as you have to go find the folder it drops all shared files in to gain access to manage access settings. But it does allow you to retro change access even for things shared in Teams)
Product managers will decide to show the thumbnail in situations because it results in more click throughs. In many cases they'll have done their research to know that many customers take steps to restrict what they share (think profitable but conservative companies) but will choose to show the thumbnails anyway.
Some customers will push back and have enough leverage to get an exception, but the default answer will be that this can't be disabled. You'll have some sales engineer challenged about the product behavior as part of an RFP and they'll try to convince you that nothing is leaked while knowing the financial opportunity would be much larger with these customers, if there was more concern for the customer.
Possibly they refer to this: https://news.ycombinator.com/item?id=39172527“I received a link to a Google doc on slack recently, but the owner had forgotten to share permissions with me. Though I couldn't view the doc when I clicked it, I did notice that I could view the first page of the doc in the link preview. It was very high res and I could view the text clearly.”.
If so, pasting that link into Slack may reveal its first page.
(Not the same guy but) I've definitely heard about this bug in the past, but I assume it is fixed now. I can't actually find a reference for it. If I find one within the hackernews comment edit window I'll add it here.
harrall|10 months ago
necovek|10 months ago
antgiant|10 months ago
(Teams makes this Byzantine in the extreme to accomplish as you have to go find the folder it drops all shared files in to gain access to manage access settings. But it does allow you to retro change access even for things shared in Teams)
zerkten|10 months ago
Some customers will push back and have enough leverage to get an exception, but the default answer will be that this can't be disabled. You'll have some sales engineer challenged about the product behavior as part of an RFP and they'll try to convince you that nothing is leaked while knowing the financial opportunity would be much larger with these customers, if there was more concern for the customer.
jkaptur|10 months ago
Someone|10 months ago
If so, pasting that link into Slack may reveal its first page.
Spare_account|10 months ago
SonOfLilit|10 months ago