Sharing links are one of the most convenient features in SharePoint Online. They are also one of the most common sources of unintended data exposure. A link created for a quick file transfer can remain active for years after the recipient has left the organisation. This guide walks through auditing all active sharing links in your SharePoint Online tenant and removing the ones that should no longer exist.
Why sharing link audits matter
Unlike permissions assigned through site membership or Microsoft 365 groups, sharing links operate outside the normal permission model. A user who holds a sharing link can access the item the link points to regardless of whether they are a member of the site. Links shared externally bypass the site's guest access list. Links with "Anyone" scope require no sign-in at all.
Over time, an unaudited SharePoint environment accumulates hundreds or thousands of active sharing links. Most were created for legitimate short-term purposes. Very few have been revoked when no longer needed, because SharePoint does not send reminders when a shared link is no longer being accessed, and there is no native alert for links that have existed past a reasonable time threshold.
A sharing link audit answers two questions: which content is accessible to people outside the expected permission model, and which of those links should be revoked now?
Understand SharePoint sharing link types
SharePoint Online creates three categories of sharing link. Knowing which type a link is tells you immediately how broad the exposure is.
| Link type | Who can use it | Sign-in required? | Risk level |
|---|---|---|---|
| Anyone link | Anyone who has the URL, including people outside your organisation | No | High. No authentication barrier. Can be forwarded freely. |
| People in your organisation | Any signed-in user with an account in your tenant | Yes (tenant account required) | Medium. Limited to tenant users, but broader than intended if content is sensitive. |
| Specific people | Only the named recipients listed when the link was created | Yes | Low. Scoped to named individuals. |
When prioritising a cleanup, Anyone links with no expiry date deserve the most attention. People in your organisation links covering sensitive libraries are the next priority. Specific people links are generally low risk unless the named recipient is an external user who should no longer have access.
Check tenant sharing settings in the SharePoint admin center
Before auditing existing links, understand what your current sharing policy allows. This context helps you interpret the audit results and decide which policy changes will prevent new oversharing after the cleanup.
- Sign in to the SharePoint admin center.
- Go to Policies > Sharing.
- Under External sharing, note the tenant-level setting. The options range from "Anyone" (most permissive) to "Only people in your organisation" (most restrictive).
- Under File and folder links, check the default link type and the default permission level. The default link type controls what SharePoint presents as the default option when a user shares an item.
- Check the expiration setting for Anyone links. If "Anyone links must expire within this many days" is not enabled, links created without an explicit expiry date never expire.
For site-level sharing settings that differ from the tenant default, go to Active sites, select a site, and check the Sharing tab. Sites can be configured more restrictively than the tenant default, but they cannot be more permissive.
Run a sharing links report
Native SharePoint admin center (limited)
The SharePoint admin center does not provide a comprehensive cross-site view of active sharing links. You can review sharing on individual files or folders by opening the item in the browser and checking the sharing status from the details pane, but there is no built-in report that lists all active sharing links across all sites in a single view.
For a single, small site with a handful of shared documents, manual review through the browser is workable. For a tenant with tens of thousands of documents shared across many sites, manual review is not practical.
Using ShareMaster to generate a tenant-wide report
ShareMaster's Shared Links and Permissions tool connects to your tenant and audits sharing links across your SharePoint sites. It produces a report covering each active sharing link: the link type, the item it covers (file, folder, or library), when the link was created, whether it has an expiry date, and the scope of access the link grants.
With this report in hand, you have a complete picture of sharing link exposure that would otherwise require scripting or site-by-site manual review to assemble.
Review and prioritise links for removal
Once the report is generated, prioritise using the following criteria:
High priority: Anyone links with no expiry
These links allow anyone with the URL to access the item indefinitely with no authentication. Filter the report to surface these first. For each, ask: is external access to this item still needed? If the answer is no, the link should be revoked immediately.
Particular attention should be paid to Anyone links covering folders or entire libraries rather than individual files. A folder-level Anyone link can expose an entire directory tree to unauthenticated access.
Medium priority: People in your organisation links on sensitive content
These links allow any authenticated tenant user to access the item. If the item is a budget document, an HR folder, or any content that should not be accessible to all staff, a broad organisation link is a problem even though it requires a sign-in.
Lower priority: expired links and specific-people links
Expired links are no longer functional and do not need to be revoked as an urgent security action, though cleaning them up keeps the sharing report tidy. Specific-people links to current employees or partners who still need access can generally be left in place.
Remove sharing links
Removing individual links through the browser
For a small number of links, revocation through the SharePoint browser interface is straightforward:
- Navigate to the file or folder in SharePoint.
- Open the item's details pane (select the item and choose the information icon).
- In the details pane, click Manage access.
- Under Links giving access, locate the sharing link you want to revoke.
- Select the link and click Remove link.
The link is deactivated immediately. Anyone who attempts to use the URL after revocation will receive an access denied error.
Bulk removal using ShareMaster
When the audit report surfaces dozens or hundreds of links to revoke, removing them one by one through the browser is impractical. ShareMaster's Shared Links and Permissions tool supports bulk removal: select the links to revoke from the audit report and execute the removal in a single operation. This is the most efficient approach for post-audit cleanup and for regular scheduled reviews on large tenants.
For context on how unique permissions (distinct from sharing links) interact with the access model, see the SharePoint permissions audit guide.
Set sharing policies to prevent recurrence
Revoking existing links addresses today's exposure. Policy changes prevent the same accumulation from happening again over the next 12 months.
Set an expiry on Anyone links
In the SharePoint admin center under Policies > Sharing, enable the "Anyone links must expire within this many days" option. A limit of 14 to 30 days is common for organisations that use external sharing for time-limited purposes like vendor reviews or client deliveries.
Change the default link type
Set the default link type to "Specific people" rather than "Anyone" or "People in your organisation." This makes the safe choice the default, and broad sharing requires a deliberate selection from the user rather than accepting the pre-set option.
Restrict Anyone links to specific sites
If your organisation only needs external anonymous sharing on a small number of sites (a public-facing extranet or a client delivery site, for example), you can set the tenant-level sharing policy to "New and existing guests" and override to "Anyone" only on the specific sites that genuinely require it. This contains the anonymous sharing footprint to where it is actually needed.
Schedule regular audits
Sharing links accumulate quickly on active sites. A quarterly audit using the same ShareMaster report process described above surfaces new oversharing before it becomes a compliance or security incident. The audit itself takes a fraction of the time once the process is established, because you are reviewing only the delta since the last audit rather than the full history from day one.
Summary
A SharePoint sharing link audit has two phases: discovering what exists and removing what should not. The native admin center provides limited cross-site visibility; ShareMaster's Shared Links and Permissions tool closes that gap with a tenant-wide audit report. After an initial cleanup, the highest-return action is configuring an expiry on Anyone links and changing the default link type to Specific people, which ensures that new sharing defaults to the least-broad option rather than the most permissive one.
For a broader look at the full permission model in SharePoint Online, see the SharePoint permissions audit guide, which covers site membership, group inheritance, and unique permission assignments alongside sharing links.