🎉 Our Office 365 Reporting Tool is now available in Azure Marketplace 🚀
This website uses cookies to improve your experience. We'll assume you're ok with this. Know more.
SharePoint Online

How to Audit SharePoint Online Anonymous Access in Microsoft 365

Are anonymous users accessing files within your organization? If so, it's crucial to act now to prevent potential data leakage! Tracking and managing these accesses along with permission levels is essential to safeguard sensitive information. This guide will help you to audit anonymous access in SharePoint Online, ensuring better oversight of file sharing and protection against unauthorized access.

Using Microsoft Purview Compliance Portal

Microsoft 365 Permission Required
Audit Reader Least Privilege
Global Admin Most Privilege
  • Login to the Microsoft Purview compliance portal.
  • Under the Solutions section, select Audit.
  • Select the date and time range.
  • On the Activities - friendly names drop-down, search for and select the Used an anonymous link activity.
  • Click Search. Once the search is complete, you can export the report.
Using Microsoft Purview Compliance Portal

Using Windows PowerShell

Microsoft 365 Permission Required
Audit Reader Least Privilege
Global Admin Most Privilege
  • Connect to the Exchange Online module using the below cmdlet.
  • Windows PowerShell Windows PowerShell
     Connect-ExchangeOnline
  • Run the below cmdlet to retrieve all anonymous access in SharePoint Online with CreationDate, Operations, and AuditData such as SiteUrl, SourceFileName, etc.
  • Windows PowerShell Windows PowerShell
     Search-UnifiedAuditLog -StartDate "yyyy-mm-dd" -EndDate "yyyy-mm-dd" -Operations "AnonymousLinkUsed" -ResultSize 5000 
Using Windows PowerShell

Using PowerShell Script

Microsoft 365 Permission Required
Audit Reader Least Privilege
Global Admin Most Privilege
  • Though the PowerShell cmdlet provides detailed insights of anonymous file access, sorting and filtering the specific operations can be time-intensive.
  • We've crafted a unified script to simplify the process, enhancing the tracking and management of all anonymous activities within SharePoint Online.
  • Additionally, you can customize the date range and export the results as a CSV file.
Using PowerShell Script
AnonynousLinkActivityReport.ps1

Master your SharePoint Online security by managing anonymous links effortlessly!

The AdminDroid's SharePoint Online auditing tool helps you stay informed about all anonymous link activities in your organization.It offers detailed reports to monitor the creation, usage, and modification of anonymous links, ensuring you can effectively manage access to confidential sites.

Audit All Events Related to Anonymous Links

Easily access detailed information on the creation, usage, and modification of anonymous links within your organization.

Keep Guests and External Members in Control

To protect sensitive files in a SharePoint environment, manage and monitor permission levels for external and guest users.

Automate External File Summaries

Automating detailed summaries for external file sharing events to enhance oversight and restrict sensitive file sharing.

Interactive Dashboard for all SharePoint Events

Use AdminDroid’s dashboard to easily access SharePoint site trends and sharing patterns, improving visibility and strengthening security.

Delegate Access for SharePoint Online Activity Monitoring

Empower selected Microsoft 365 users with granular access controls, enabling them to exclusively monitor detailed activity reports within SharePoint Online.

Receive Alert Notifications for Anonymous Link Usage

Receive real-time alert notifications whenever anonymous links are used within your organization, coupled with robust usage reports to enhance monitoring and security measures.

Overall, AdminDroid provides powerful features that enable you to efficiently manage and track the details of SharePoint Online anonymous link shares. You can also monitor SharePoint site activities, security, and permissions, ensuring comprehensive oversight of all anonymous link shares in your SharePoint Online environment.

Explore a full range of reporting options

Important Tips

Enable sensitivity labels in SharePoint Online to ensure data protection and controlled access to documents within or outside your organization.

Enable Safe Attachments in SharePoint Online to automatically scan and block malicious files before sharing with external users.

Configure DLP policy for SharePoint to prevent unauthorized sharing of sensitive information.

Common Errors and Resolution Steps

The following are the possible errors and troubleshooting hints while auditing anonymous links in SharePoint Online.

Error Get-SPOTenant : The term 'SPOTenant' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

This error occurs because the module containing the cmdlet is absent, or the cmdlet/function may not exist in the current environment.

Fix Install and Import the SharePoint module using the below cmdlet.
Install-Module -Name Microsoft.Online.SharePoint.PowerShell -Force
Import-Module Microsoft.Online.SharePoint.PowerShell

Error The audit search returned no results.

This error will occur in both PowerShell and the Compliance Center Audit Log search if auditing is not enabled.

Fix In Microsoft Purview Audit, you should enable audit search by clicking Start recording user and admin activity. If you are using PowerShell, you need to enable it using the following cmdlet:
Set-AdminAuditLogConfig -UnifiedAuditLogIngestionEnabled $true

Error Connect-SPOService : The remote server returned an error: (401) Unauthorized.

This error occurs due to incorrect credentials, insufficient permissions, or the need for Multi-Factor Authentication (MFA).

Fix Ensure that you are using the correct credentials, permissions, and URL, while also considering MFA requirements, network connectivity, and account status.

Error Search-UnifiedAuditLog : The browser-based authentication dialog failed to complete. Reason: The download has failed the connection was interrupted.

This error typically occurs when the connection is disrupted during the download process.

Fix Close the current PowerShell session and start a new one.

Error 'Anyone' sharing options is greyed out in SharePoint Online.

This is because your organization is preventing you from selecting this option.

Fix Please check the external sharing settings for your organization and enable the most Permissive level in SharePoint admin center.
Frequently Asked Questions

Manage Anonymous Link Sharing in SharePoint Online

2. How to configure 'Anyone with the link' in SharePoint Online?

Anonymous links in SharePoint Online facilitate quick and secure sharing of documents and files with external users without requiring them to sign in. You can set anyone links at two levels in SharePoint Online.

Set anyone links in SharePoint at the organization level:
  • By setting 'Anyone' link permissions at the organization level, users can share all file and folder with anyone without any restrictions.
  • Follow the below steps to enable the anyone link at the organization level.
  • #Connect to SharePoint Online
    Connect-SPOService -Url https://<yourtenant>-admin.sharepoint.com
    # Enable anonymous link sharing for the entire tenant
    Set-SPOTenant -SharingCapability ExternalUserAndGuestSharing
  • Note : One drawback of using anonymous links at the organization level in SharePoint Online is reduced visibility and control over external access. This can pose security and compliance risks.
Set anyone links in SharePoint at the site level:
  • To enhance security measures, grant anonymous access to specific sites in SharePoint Online. This approach allows for controlled sharing of sensitive documents with external users, ensuring security while facilitating collaboration.
  • Connect-SPOService -Url https://<yourtenant>-admin.sharepoint.com
    # Enable anonymous link sharing for the for an individual site collection
    Set-SPOSite -Identity <Site URL> -SharingCapability ExternalUserAndGuestSharing
  • Note: In SharePoint Online, you can share individual files and folders using an Anyone link for easy access. However, sharing entire sites or pages with an 'Anyone' link is not supported due to security and access control limitations.

Track File and Folder Sharing configurations with AdminDroid's SharePoint Site Configurations Report.

Tracking file and folder sharing configurations in SharePoint is crucial for security and prevents unauthorized external sharing of sensitive documents.

  • Open the AdminDroid Office 365 reporter.
  • Go to Site Sharing Configurations report under Reports»SharePoint»Site»Sharing Configs.
site-configuration-report

In a single report, you can view the site owner, external sharing capability, number of site users, and additionally you can see member permissions.

6. What are the other better options for external file sharing in SharePoint Online?

Yes, in addition to anonymous links, SharePoint offers more secure external file sharing options with better control. These include specific people links that requires recipients to login with a Microsoft account to access the files.

  • Share with Specific Users: Share files and folders directly with specific external users by using their email addresses. Customize permission levels (view, edit, download) for each user to suit your needs.
  • Guest Access (if enabled): Invite external users as guests to your SharePoint site. Guests require approval and have controlled access based on the permissions you set.
  • Control External Sharing by Domain: This allows you to share SharePoint links only with the specific domains you have selected.
external-sharing-settings

By implementing the above changes, you can more effectively manage external sharing in SharePoint Online.

Keep your SharePoint sharing in check - AdminDroid monitors every external file handshake.

  • A detailed report on file and folder sharing activities with external users in SharePoint Online is available through AdminDroid.
  • This report includes event time, workload, type of operation, operation performer’s email, target user or group's email, shared file or folder name.
external-sharing-report

Pro Tip: AdminDroid supports scheduling external file activities, enabling automated tasks such as downloading and emailing reports on a weekly or monthly basis for efficient management and timely updates.

Kickstart Your Journey With
AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities

Download Now
User Help Manuals Compliance Docs
x
Delivering Reports on Time
Want a desired Microsoft 365 reports every Monday morning? Ensure automated report distribution and timely delivery with AdminDroid's Scheduling to your email anytime you need.
Delivering Reports on Time
Schedule tailored reports to execute automatically at the time you set and deliver straight to the emails you choose. In addition, you can customize report columns and add inteligent filtering to the activities just from the previous day to suit your Microsoft 365 report requirements.
Set It, Schedule It, See Results- Your Reports, Your Way, On Your Time!
Time Saving
Automation
Customization
Intelligent Filtering
Give Just the Right Access to the Right People
Grant fine-tuned access to any Microsoft 365 user with AdminDroid’s Granular Delegation and meet your organization’s security and compliance requirements.
Give Just the Right Access to the Right People
Create custom roles loaded with just the right permissions and give access to admins or normal users within AdminDroid. The result? A streamlined Microsoft 365 management experience that aligns your organization's security protocols and saves your invaluable time and effort.
Align, Define, Simplify: AdminDroid's Granular Delegation
Smart Organizational Control
Effortless M365 Management
Simplified Access
Advanced Alerts at a Glance
Receive quick notifications for malicious Microsoft 365 activities. Engage with the AdminDroid’s real-time alert policies crafted to streamline your security investigations.
Advanced Alerts at a Glance
Stay informed of critical activities like suspicious emails and high-risk logins, bulk file sharing, etc. Through creating and validating ideal alert policies, AdminDroid provides a comprehensive approach to real-time monitoring and management of potential threats within your organization.
AdminDroid Keeps You Always Vigilant, Never Vulnerable!
Proactive Protection
Real-time Monitoring
Security Intelligence
Threat Detection
Merge the Required Data to One Place
Combine multiple required columns into one comprehensive report and prioritize the information that matters most to you with AdminDroid’s Advanced Column Customization.
Merge the Required Data to One Place
This column merging capability offers a flexible way to add different columns from various reports and collate all the essential data in one place. Want to revisit the customized report? Save it as a 'View’, and your unique report is ready whenever you need it.
Merge with Ease and Save as Views!
Custom Reporting
Unique View
Desired Columns
Easy Data Interpretation
Insightful Charts and Exclusive Dashboards
Get a quick and easy overview of your tenant's activity, identify potential problems, and take action to protect your data with AdminDroid’s Charts and Dashboards.
Insightful Charts and Exclusive Dashboards
With AdminDroid charts and dashboards, visualize your Microsoft 365 tenant in ways you've never thought possible. It's not just about viewing; it's about understanding, controlling, and transforming your Microsoft 365 environment.
Explore Your Microsoft 365 Tenant in a Whole New Way!
Executive overviews
Interactive insights
Decision-making
Data Visualization
Efficient Report Exporting for Microsoft 365
Downloading your reports in the right file format shouldn’t be a hassle with AdminDroid’s Report Export. Experience seamless report exporting in various formats that cater to your needs.
Efficient Report Exporting for Microsoft 365
Navigate through diverse options and export Microsoft 365 reports flawlessly in your desired file format. Tailor your reports precisely as you need them and save them directly to your computer.
Take Control, Customize and Deliver- Your Office 365 Data, Exported in Your Way!
Easy Export
Seamless Downloading
Data Control
Manage Microsoft 365

Get AdminDroid Office 365 Reporter Now!