SharePoint Online allows you to modify the document library by adding additional fields to expand the view for the library. One of these is called “Shared With.” If you wonder what it shows, look no further: here is a detailed explanation.
Using the Shared With field functionality, do you think you will be able to see which users can access a document? Well, no, not everyone.
The Shared With field in SharePoint Online is closely related to the document-sharing functionality. From what we gathered, Shared With field is populated when an email address which is explicitly provided during sharing (except for 'People with existing access', for whom Shared With is not populated).
If the resulting sharing link (for anonymous links or organization links) is used by third user, they will not show up in the Shared With column. If you just use the copy link functionality and send the link via, e.g., Slack, then again, this user will not show up in the Shared With field. However, in both of these cases, they will still show up in the Permission details for the created link.
From the screenshot above, it is clear that Adele used the organization sharing link, but she is nowhere to be found in the Sharing With field. So, if your want to see which internal users were sent a link to a document through the built-in mail functionality then, yes, Shared With is what you are looking for. If you are trying to identify all the users who have used the sharing link and can access the document, then no, this field does not provide enough information. And, of course, there is a problem since anonymous and organizational links can be freely shared. This means that a document could potentially be shared with anybody, but this will not be reflected in the Shared With field.
Moreover, for external users, there is an additional condition for them to show up in this field. They will be present there when they have an associated external account in your organization’s Azure Active Directory.
For reference, here is a handy table that shows how Shared With is populated when you specify an email address in the share functionality.
The Shared With field will also be populated when you grant permissions on the advanced permissions page. However, if you remove the permissions for a user or group with whom you previously shared a document, the user or group will still be displayed in the Shared With column. This behavior is "by design". The Shared With column displays any accounts that a document has ever been shared with.
In conclusion, the Shared With field is probably populated through an event receiver when a user makes an effort to share a file, but it does not in any way reflect which users actually have access to the file.
Security is crucial. With all the sharing options, your Office 365 environment can easily become vulnerable. SysKit Security Manager can easily detect external users throughout an environment. It can pinpoint externally shared content down to individual items. It will help you to stop the wrong people from getting access to your highly sensitive information and ensure your environment maintains its compliance with your organization’s governance policies.