Audit Anonymous Access in Sharepoint Online

Native Solution

Microsoft 365 Permission Required

High

Least Privilege

Audit Reader

Most Privilege

Global Admin

Option 1 Using Microsoft Purview Compliance Portal

Login to the Microsoft Purview compliance portal.
Under the Solutions section, select Audit.
Select the date and time range.
On the Activities - friendly names drop-down, search for and select the Used an anonymous link activity.
Click Search. Once the search is complete, you can export the report.

Option 2 Using Windows PowerShell

Connect to the Exchange Online module using the below cmdlet.
Windows PowerShell
```
 Connect-ExchangeOnline
```
Run the below cmdlet to retrieve all anonymous access in SharePoint Online with CreationDate, Operations, and AuditData such as SiteUrl, SourceFileName, etc.

Windows PowerShell

 Search-UnifiedAuditLog -StartDate "yyyy-mm-dd" -EndDate "yyyy-mm-dd" -Operations "AnonymousLinkUsed" -ResultSize 5000

Option 3 Using PowerShell Script

Though the PowerShell cmdlet provides detailed insights of anonymous file access, sorting and filtering the specific operations can be time-intensive.
We've crafted a unified script to simplify the process, enhancing the tracking and management of all anonymous activities within SharePoint Online.
Additionally, you can customize the date range and export the results as a CSV file.

AnonynousLinkActivityReport.ps1

AdminDroid Solution

More than 150 reports are under the free edition.

AdminDroid Permission Required

Delegated

Any user with report access delegated by the Super Admin.

StepsUsing AdminDroid

Login to the AdminDroid Office 365 reporter.
Navigate to the Anonymous Link Accessed report under Audit»SharePoint»Links and Invitations»Anonymous Links.

The anonymous link access report details the access time, file name, file type, shared item's URL, and user's IP address for all anonymous access in a single report.

Monitor trends and manage anonymous access easily with AdminDroid's interactive dashboard. Gain insights into top users & access patterns for better control and security.

Explore a full range of reporting options

Enhance Anonymous Link Access Control in SharePoint Online!

Track and manage anonymous link access effortlessly with AdminDroid, ensuring security & accountability within your SharePoint environment.

Witness the report in action using the

Live Demo

Important Tips

Enable sensitivity labels in SharePoint Online to ensure data protection and controlled access to documents within or outside your organization.

Enable Safe Attachments in SharePoint Online to automatically scan and block malicious files before sharing with external users.

Configure DLP policy for SharePoint to prevent unauthorized sharing of sensitive information.

SharePoint OnlineManage Anonymous Link Sharing in SharePoint Online

Showing 1 of 6

How to create and share an anyone link in SharePoint online securely? How to configure 'Anyone with the link' in SharePoint Online? How to prevent users from generating anonymous links in SharePoint? How to extract all the anonymous link activities in SharePoint Online? Can anonymous users delete files or folders uploaded via SharePoint 'Anyone' link? What are the other better options for external file sharing in SharePoint Online?

How to create and share an anyone link in SharePoint online securely?

Anonymous links are useful to share specific documents, folders, or files for collaboration with external partners, clients, or anyone who doesn't have direct access to your SharePoint site. To create an anyone link in SharePoint Online,

Navigate to the Documents section of the desired SharePoint site and select the file. Click Share and choose the Anyone option.
You can set the permissions to view or edit as per your requirement, generate the link, and share it with recipients.

Follow these essential steps to enhance security for your anonymous links.

Select Can View so others can't make changes to the file.
Set an Expiry Date for the links. Once the purpose is completed, the link will expire.
Set a Password so that only those with the password can access the file.

Note: Users can generate 'anyone' links only if their organization has enabled this feature. otherwise, the option will be greyed out.

Get a list of shared anyone links in SharePoint using Admindroid in a single report.

Admins need to monitor any anonymous links created for confidential files.
This report lists all anonymous links generated in SharePoint Online, offering detailed information such as creation time, file name, and the user who created the link.

How to configure 'Anyone with the link' in SharePoint Online?

Anonymous links in SharePoint Online facilitate quick and secure sharing of documents and files with external users without requiring them to sign in. You can set anyone links at two levels in SharePoint Online.

Set anyone links in SharePoint at the organization level:

By setting 'Anyone' link permissions at the organization level, users can share all file and folder with anyone without any restrictions.
Follow the below steps to enable the anyone link at the organization level.

#Connect to SharePoint Online
Connect-SPOService -Url https://<yourtenant>-admin.sharepoint.com
# Enable anonymous link sharing for the entire tenant
Set-SPOTenant -SharingCapability ExternalUserAndGuestSharing

Note : One drawback of using anonymous links at the organization level in SharePoint Online is reduced visibility and control over external access. This can pose security and compliance risks.

Set anyone links in SharePoint at the site level:

To enhance security measures, grant anonymous access to specific sites in SharePoint Online. This approach allows for controlled sharing of sensitive documents with external users, ensuring security while facilitating collaboration.

Connect-SPOService -Url https://<yourtenant>-admin.sharepoint.com
# Enable anonymous link sharing for the for an individual site collection
Set-SPOSite -Identity <Site URL> -SharingCapability ExternalUserAndGuestSharing

Note: In SharePoint Online, you can share individual files and folders using an Anyone link for easy access. However, sharing entire sites or pages with an 'Anyone' link is not supported due to security and access control limitations.

Track File and Folder Sharing configurations with AdminDroid's SharePoint Site Configurations Report.

Tracking file and folder sharing configurations in SharePoint is crucial for security and prevents unauthorized external sharing of sensitive documents.

Open the AdminDroid Office 365 reporter.
Go to Site Sharing Configurations report under Reports»SharePoint»Site»Sharing Configs.

In a single report, you can view the site owner, external sharing capability, number of site users, and additionally you can see member permissions.

How to prevent users from generating anonymous links in SharePoint?

If you want to restrict users from creating anonymous links, the only option is to reduce the privilege level in the SharePoint admin center, which affects your entire tenant. There is no other option to restrict this capability for a particular user or group.

Use the below cmdlet to disable anyone links in SharePoint Online.

Connect-SPOService -Url https://<yourtenant>-admin.sharepoint.com
# Disable anonymous link sharing for Entire Tenant
Set-SPOTenant -Identity SharingCapability ExternalUserOnly

Reducing the privilege level in the SharePoint admin center to restrict users from creating anonymous (unauthenticated) links can impact external collaboration. Additionally, it may pose difficulties for users who do not have a Microsoft account.

Get instant alerts and detailed reports with AdminDroid whenever anonymous links are created.

AdminDroid's report on anonymous link creations in SharePoint Online provides a list of all generated anonymous links, including the creation time, file name, and the user responsible for each link.

AdminDroid automatically analyses the recent possible alerts for the alert policy using your organization audit data and creates a 'Alert Preview Console' on the retreived data.
With the 'Preview & Deploy' feature, you shall view the recent possible alerts and deploy the alert policy to receive alert on the anonymous link creations.

Pro Tip: AdminDroid provides predefined alert policies on anonymous link creation, resources accessed using anonymous links, and unusual volume of anonymous link creation.

You can easily 'Preview & Deploy' to receive alerts on the anonymous link activites.

How to extract all the anonymous link activities in SharePoint Online?

Within SharePoint Online, users can easily share files and folders by creating an 'Anyone link' which allows anonymous access without requiring sign-in.

So monitoring 'Anyone link' usage helps you spot unauthorized access to sensitive documents and maintain compliance with data protection regulations and security policies.

Use the below cmdlet to extract all anonymous link activities in SharePoint Online.

Connect-ExchangeOnline
$RetriveOperation = "AnonymousLinkRemoved", "AnonymousLinkCreated", "AnonymousLinkUpdated", "AnonymousLinkUsed"
Search-UnifiedAuditLog -StartDate "yyy-mm-dd" -EndDate "yyyy-mm-dd" -Operations $RetriveOperation -ResultSize 5000

Effortlessly track anonymous access and spot security threats in a flash with AdminDroid’s graphical view.

Tracking anonymous activities in SharePoint Online helps you to protect your organization's data from unauthorized access and enhance data security.

Get a list of all anonymous activities with AdminDroid's "All sharepoint events related to anonymous links" report.
This report provides detailed data about the user who created the link, operations performed, filename, file permissions, and expiration date.

Can anonymous users delete files or folders uploaded via SharePoint 'Anyone' link?

No, it's not possible for an anonymous (unauthenticated) user to remove files and folders shared through an Anyone link. Only the owner of the site has the permission to delete the files.

When you share an 'Anyone' link with edit permissions, anonymous users can edit, modify, upload, and download the files, but they cannot remove them.
With view-only permissions, users can view and download the files.
With can't download permissions, users can view but not download or modify the files and folders.

Note : Above conditions are applicable to anyone links only.

Use the below cmdlet to audit file deletions in your SharePoint environment.

Connect-ExchangeOnline
Search-UnifiedAuditLog -StartDate <mm/dd/yyyy> -EndDate <mm/dd/yyyy> -Operations FileDeleted,  FileDeletedFirstStageRecycleBin, FileDeletedSecondStageRecycleBin | Format-Table -Property RecordType, CreationDate, UserIds, Operations

AdminDroid ensures your important files are never lost by tracking deletions.

Keep track of file deletions in your SharePoint environment to prevent unauthorized or accidental loss of important files and to ensure sensitive information is protected.

Navigate to All File Deletions in SharePoint and OneDrive report under Audit»General»File/Folder Deletion Tracking»File Deletions.
This report provides detailed information on deleted files, including deletion timestamps, device info, URL's of the deleted items, the operations performed, and the result status.

What are the other better options for external file sharing in SharePoint Online?

Yes, in addition to anonymous links, SharePoint offers more secure external file sharing options with better control. These include specific people links that requires recipients to login with a Microsoft account to access the files.

Share with Specific Users: Share files and folders directly with specific external users by using their email addresses. Customize permission levels (view, edit, download) for each user to suit your needs.
Guest Access (if enabled): Invite external users as guests to your SharePoint site. Guests require approval and have controlled access based on the permissions you set.
Control External Sharing by Domain: This allows you to share SharePoint links only with the specific domains you have selected.

By implementing the above changes, you can more effectively manage external sharing in SharePoint Online.

Keep your SharePoint sharing in check - AdminDroid monitors every external file handshake.

A detailed report on file and folder sharing activities with external users in SharePoint Online is available through AdminDroid.
This report includes event time, workload, type of operation, operation performer’s email, target user or group's email, shared file or folder name.

Pro Tip: AdminDroid supports scheduling external file activities, enabling automated tasks such as downloading and emailing reports on a weekly or monthly basis for efficient management and timely updates.

AdminDroid SharePoint Online ReporterMaster your SharePoint Online security by managing anonymous links effortlessly!

The AdminDroid's SharePoint Online auditing tool helps you stay informed about all anonymous link activities in your organization.It offers detailed reports to monitor the creation, usage, and modification of anonymous links, ensuring you can effectively manage access to confidential sites.

Shine a Light on Anonymous Links in SharePoint Online with AdminDroid and See Who's Accessing Your Data!

Gain in-depth insights on anonymous link activity with the All SharePoint events related to anonymous links report. This comprehensive report details the creation, usage and modifications of each anonymous link and ensure you have a complete picture of anonymous access to your SharePoint data.

A Quick Summary

Audit All Events Related to Anonymous Links

Easily access detailed information on the creation, usage, and modification of anonymous links within your organization.

Keep Guests and External Members in Control

To protect sensitive files in a SharePoint environment, manage and monitor permission levels for external and guest users.

Automate External File Summaries

Automating detailed summaries for external file sharing events to enhance oversight and restrict sensitive file sharing.

Interactive Dashboard for all SharePoint Events

Use AdminDroid’s dashboard to easily access SharePoint site trends and sharing patterns, improving visibility and strengthening security.

Delegate Access for SharePoint Online Activity Monitoring

Empower selected Microsoft 365 users with granular access controls, enabling them to exclusively monitor detailed activity reports within SharePoint Online.

Receive Alert Notifications for Anonymous Link Usage

Receive real-time alert notifications whenever anonymous links are used within your organization, coupled with robust usage reports to enhance monitoring and security measures.

Overall, AdminDroid provides powerful features that enable you to efficiently manage and track the details of SharePoint Online anonymous link shares. You can also monitor SharePoint site activities, security, and permissions, ensuring comprehensive oversight of all anonymous link shares in your SharePoint Online environment.

Kickstart Your Journey with AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities!

Download

Common Errors and Resolution Steps When Tracking Anonymous Link Access in SharePoint Online

The following are the possible errors and troubleshooting hints while auditing anonymous links in SharePoint Online.

Error: Get-SPOTenant : The term 'SPOTenant' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

This error occurs because the module containing the cmdlet is absent, or the cmdlet/function may not exist in the current environment.

Troubleshooting hint :Install and Import the SharePoint module using the below cmdlet.

Install-Module -Name Microsoft.Online.SharePoint.PowerShell -Force
Import-Module Microsoft.Online.SharePoint.PowerShell

Error: The audit search returned no results.

This error will occur in both PowerShell and the Compliance Center Audit Log search if auditing is not enabled.

Troubleshooting hint :In Microsoft Purview Audit, you should enable audit search by clicking Start recording user and admin activity. If you are using PowerShell, you need to enable it using the following cmdlet:

Set-AdminAuditLogConfig -UnifiedAuditLogIngestionEnabled $true

Error: Connect-SPOService : The remote server returned an error: (401) Unauthorized.

This error occurs due to incorrect credentials, insufficient permissions, or the need for Multi-Factor Authentication (MFA).

Troubleshooting hint :Ensure that you are using the correct credentials, permissions, and URL, while also considering MFA requirements, network connectivity, and account status.

Error: Search-UnifiedAuditLog : The browser-based authentication dialog failed to complete. Reason: The download has failed the connection was interrupted.

This error typically occurs when the connection is disrupted during the download process.

Troubleshooting hint :Close the current PowerShell session and start a new one.

Error: 'Anyone' sharing options is greyed out in SharePoint Online.

This is because your organization is preventing you from selecting this option.

Troubleshooting hint :Please check the external sharing settings for your organization and enable the most Permissive level in SharePoint admin center.

Delivering Reports on Time

Want a desired Microsoft 365 reports every Monday morning? Ensure automated report distribution and timely delivery with AdminDroid’s Scheduling to your email anytime you need.

Schedule tailored reports to execute automatically at the time you set and deliver straight to the emails you choose. In addition, you can customize report columns and add intelligent filtering to the activities just from the previous day to suit your Microsoft 365 report requirements.

Set It, Schedule It, See Results - Your Reports, Your Way, On Your Time!

Time Saving Automation Customization Intelligent Filtering

Give Just the Right Access to the Right People

Grant fine-tuned access to any Microsoft 365 user with AdminDroid’s Granular Delegation and meet your organization’s security and compliance requirements.

Create custom roles loaded with just the right permissions and give access to admins or normal users within AdminDroid. The result? A streamlined Microsoft 365 management experience that aligns your organization's security protocols and saves your invaluable time and effort.

Give Just the Right Access to the Right People

Align, Define, Simplify: AdminDroid's Granular Delegation

Smart Organizational Control Effortless M365 Management Simplified Access

Advanced Alerts at a Glance

Receive quick notifications for malicious Microsoft 365 activities. Engage with the AdminDroid’s real-time alert policies crafted to streamline your security investigations.

Stay informed of critical activities like suspicious emails and high-risk logins, bulk file sharing, etc. Through creating and validating ideal alert policies, AdminDroid provides a comprehensive approach to real-time monitoring and management of potential threats within your organization.

AdminDroid Keeps You Always Vigilant, Never Vulnerable!

Proactive Protection Real-time Monitoring Security Intelligence Threat Detection

Merge the Required Data to One Place

Combine multiple required columns into one comprehensive report and prioritize the information that matters most to you with AdminDroid’s Advanced Column Customization.

This column merging capability offers a flexible way to add different columns from various reports and collate all the essential data in one place. Want to revisit the customized report? Save it as a 'View’, and your unique report is ready whenever you need it.

Merge with Ease and Save as Views!

Custom Reporting Unique View Desired Columns Easy Data Interpretation

Insightful Charts and Exclusive Dashboards

Get a quick and easy overview of your tenant's activity, identify potential problems, and take action to protect your data with AdminDroid’s Charts and Dashboards.

With AdminDroid charts and dashboards, visualize your Microsoft 365 tenant in ways you've never thought possible. It's not just about viewing; it's about understanding, controlling, and transforming your Microsoft 365 environment.

Insightful Charts and Exclusive Dashboards

Explore Your Microsoft 365 Tenant in a Whole New Way!

Executive overviews Interactive insights Decision-making Data Visualization

Efficient Report Exporting for Microsoft 365

Downloading your reports in the right file format shouldn’t be a hassle with AdminDroid’s Report Export. Experience seamless report exporting in various formats that cater to your needs.

Navigate through diverse options and export Microsoft 365 reports flawlessly in your desired file format. Tailor your reports precisely as you need them and save them directly to your computer.

Efficient Report Exporting for Microsoft 365

Take Control, Customize and Deliver- Your Office 365 Data, Exported in Your Way!

Easy Export Seamless Downloading Data Control Manage Microsoft 365

How to Audit SharePoint Online Anonymous Access in Microsoft 365