How to configure expiration and permissions options for Anyone links in SharePoint Online
I blogged previously about the Anyone Link in SharePoint and OneDrive. It is a convenient way for users to share content (files, folders, list items) since the recipient does not need to authenticate to access shared documents and list items, thus reducing friction. However, this also opens up a security risk as you never really know who clicked and looked at the content or even modified it.
In that same article, I did provide a few tips on how users can add “additional security mechanisms” on Anyone Link when sharing. However, the problem with that approach is that we are relying on end-users to do so.
In today’s article, I would like to share a few ways SharePoint Administrators can “secure” those Anyone Links from the SharePoint Admin Center by altering expiration and permissions options for Anyone links.
Step 1: Disable Anyone Links
By default, at the tenant level, Anyone links are allowed in SharePoint and OneDrive for Business.
This allows anonymous sharing of content from OneDrive for Business, which is just a personal user’s drive. However, in SharePoint, at the Site level, the default is set to Authenticated sharing.
If you want to allow Anonymous Sharing (Anyone Links) at the site level, you must explicitly configure it for every site within the SharePoint Admin Center.
Disable Anonymous links
If you want to totally prevent any possibility of anonymous sharing for any SharePoint site or OneDrive for Business, you would need to disable it at the tenant level. Here is how to achieve this.
- Click on App Launcher > Admin
- Under Admin centers, click SharePoint
- Under Policies, click Sharing
- Drag the toggle from the top position (Anyone), one step down to New and existing guests
- This will set the toggle as shown below and will disable Anonymous sharing for both SharePoint and OneDrive. Click Save at the bottom of the page to save the settings.
Step 2: Configure expiration and permissions options for Anyone links
If you decide to allow Anyone Links (essentially leaving the defaults in place), you can add additional security and configure the behavior of those links from within the SharePoint Admin Center. Here is what you can do.
Expire anonymous links
This setting will allow you to expire anonymous links after a certain number of days, so that guests (anonymous users) lose access to the content after that.
- On that same Sharing settings page, scroll down to the bottom of the page, and under Choose expiration and permissions options for Anyone links, check the box next to These links must expire within this many days
- Set the number of days and click the Save button (as in the image above)
Set View or Edit permissions for anonymous links
This setting will allow you to limit what anonymous users can do when files and folders are shared with them. By default, when users share files and folders externally using the Anyone link, they can choose between View and Edit link options. You can prevent the ability for users to select the Edit option, essentially making Anonymous links view only. This setting can be set on both files and folders.
- Don’t forget to click Save at the bottom of the page to save the settings.