Release 2026.01.1

New Feature

Collaboration Attack Surface Reports for Email

Email remains the #1 collaboration channel for organizations, and a major vector for unmonitored data exfiltration. Security teams need visibility not only into what sensitive data leaves the organization, but also how, to whom, and under what controls. To close the visibility gaps left by DSPM-at-rest reports, we are introducing the Collaboration Attack Surface Reports for Email.

The report structures its insights around the contextual signals of Zero Trust, giving organizations a comprehensive view of email sharing risk:

• Who: Identifies the internal senders and external recipients of shared data, including recipient counts and domains. This reveals the full scope of third parties with access to sensitive information.

• What: Surfaces classification labels and sensitive information types (SITs) associated with shared content. This allows teams to pinpoint high-risk data leaving the organization and prioritize remediation.

• Where: Shows which external organizations have received data. This identifies concentration risk and highlights partner or vendor relationships with the greatest exposure.

• When: Provides timestamps for each email and attachment share. This enables trend analysis and helps identify spikes in sharing activity tied to specific events or time periods.

• How: Distinguishes between files shared as attachments versus links. Attachments represent permanent data loss and can be quantified by size, showing exactly how much data has left the organization. Links offer potential for continued control. This distinction is critical to understanding true risk exposure.

• Attack Surface KPI: Quantifies how the collaboration attack surface grows through file duplication. Every attachment multiplies by the number of recipients, creating copies beyond the organization's control. This KPI provides a baseline to measure improvement, benchmark an organization against its industry peers, and demonstrates how eSHARE file links, in lieu of attachments, can reduce the attack surface significantly.

  The report requires that admins register an eSHARE scanning app in their Microsoft Entra Admin Center. This app collects email meta data from your organization’s tenant from which eSHARE’s Power BI based reports are created. The analysis period is presently limited to 10-days. Please contact your Customer Success Manager for further details on setting up and accessing the report.

  This is the first release of the Collaboration Attack Surface Report for Email; its capabilities will expand rapidly in future iterations.

  Enhancements

  Improved Support Ticket Quality Controls

  With the goal of providing a faster response to support requests, we have introduced a set of ticket quality improvements when tickets are created via https://support.e-share.us/. These include:

• Better validation to prevent non‑actionable or erroneous tickets from being submitted,

• Updated prompts guiding users to provide all necessary diagnostic information, and

• Clearer error categorization to reduce false‑positive issue reports.

  These enhancements ensure that support teams receive only meaningful, well‑formed tickets, reducing triage noise and improving resolution times.

  External Link Not Working on Registered SharePoint Sites in the M365 Trusted Sharing Application

  Resolved an issue where the M365 App sent only group_id (without site_id), preventing proper validation, especially for sites owned by security groups. The app now includes site_id, and backend logic correctly identifies registered sites. Issue fully resolved.

  Users Unable to Enter OTP

  Resolved an issue where users were unable to enter their OTP when accessing a Trusted Share, affecting both email‑ and phone‑based delivery methods. The problem was reproducible even in incognito mode and impacted multiple users. The OTP entry flow has been corrected, and the issue is now fully resolved.

  SharePoint Sites with Spaces in URL Could Not Be Linked

  Resolved an issue where SharePoint sites containing spaces in their URL could not be linked in the eShare Admin Console. The system now automatically URL‑encodes pasted site URLs, eliminating the need for admins to manually encode them.

Bug Fixes

External Link Not Working on Registered SharePoint Sites in the M365 Trusted Sharing Application

Resolved an issue where the M365 App sent only group_id (without site_id), preventing proper validation, especially for sites owned by security groups. The app now includes site_id, and backend logic correctly identifies registered sites. Issue fully resolved.

Users Unable to Enter OTP

Resolved an issue where users were unable to enter their OTP when accessing a Trusted Share, affecting both email‑ and phone‑based delivery methods. The problem was reproducible even in incognito mode and impacted multiple users. The OTP entry flow has been corrected, and the issue is now fully resolved.

SharePoint Sites with Spaces in URL Could Not Be Linked

Resolved an issue where SharePoint sites containing spaces in their URL could not be linked in the eShare Admin Console. The system now automatically URL‑encodes pasted site URLs, eliminating the need for admins to manually encode them.