🎉 Our Office 365 Reporting Tool is now available in Azure Marketplace 🚀
This website uses cookies to improve your experience. We'll assume you're ok with this. Know more.
SharePoint Online

How to Audit SharePoint Online Anonymous Access in Microsoft 365

Are anonymous users accessing files within your organization? If so, it's crucial to act now to prevent potential data leakage! Tracking and managing these accesses along with permission levels is essential to safeguard sensitive information. This guide will help you to audit anonymous access in SharePoint Online, ensuring better oversight of file sharing and protection against unauthorized access.

Option 1
Option 2
Option 3
Option 4
Important Tips
Errors and Resolution Steps
FAQs

Using Microsoft Purview Compliance Portal

Microsoft 365 Permission Required
Audit Reader Least Privilege
Global Admin Most Privilege
  • Login to the Microsoft Purview compliance portal.
  • Under the Solutions section, select Audit.
  • Select the date and time range.
  • On the Activities - friendly names drop-down, search for and select the Used an anonymous link activity.
  • Click Search. Once the search is complete, you can export the report.
Using Microsoft Purview Compliance Portal

Using Windows PowerShell

Microsoft 365 Permission Required
Audit Reader Least Privilege
Global Admin Most Privilege
  • Connect to the Exchange Online module using the below cmdlet.
  • Windows PowerShell Windows PowerShell 
     Connect-ExchangeOnline
  • Run the below cmdlet to retrieve all anonymous access in SharePoint Online with CreationDate, Operations, and AuditData such as SiteUrl, SourceFileName, etc.
  • Windows PowerShell Windows PowerShell 
     Search-UnifiedAuditLog -StartDate "yyyy-mm-dd" -EndDate "yyyy-mm-dd" -Operations "AnonymousLinkUsed" -ResultSize 5000
Using Windows PowerShell

Using PowerShell Script

Microsoft 365 Permission Required
Audit Reader Least Privilege
Global Admin Most Privilege
  • Though the PowerShell cmdlet provides detailed insights of anonymous file access, sorting and filtering the specific operations can be time-intensive.
  • We've crafted a unified script to simplify the process, enhancing the tracking and management of all anonymous activities within SharePoint Online.
  • Additionally, you can customize the date range and export the results as a CSV file.
Using PowerShell Script
AnonynousLinkActivityReport.ps1
AdminDroid SharePoint Online Reporter

Master your SharePoint Online security by managing anonymous links effortlessly!

The AdminDroid's SharePoint Online auditing tool helps you stay informed about all anonymous link activities in your organization.It offers detailed reports to monitor the creation, usage, and modification of anonymous links, ensuring you can effectively manage access to confidential sites.

Audit All Events Related to Anonymous Links

Easily access detailed information on the creation, usage, and modification of anonymous links within your organization.

Keep Guests and External Members in Control

To protect sensitive files in a SharePoint environment, manage and monitor permission levels for external and guest users.

Automate External File Summaries

Automating detailed summaries for external file sharing events to enhance oversight and restrict sensitive file sharing.

Interactive Dashboard for all SharePoint Events

Use AdminDroid’s dashboard to easily access SharePoint site trends and sharing patterns, improving visibility and strengthening security.

Delegate Access for SharePoint Online Activity Monitoring

Empower selected Microsoft 365 users with granular access controls, enabling them to exclusively monitor detailed activity reports within SharePoint Online.

Receive Alert Notifications for Anonymous Link Usage

Receive real-time alert notifications whenever anonymous links are used within your organization, coupled with robust usage reports to enhance monitoring and security measures.

Overall, AdminDroid provides powerful features that enable you to efficiently manage and track the details of SharePoint Online anonymous link shares. You can also monitor SharePoint site activities, security, and permissions, ensuring comprehensive oversight of all anonymous link shares in your SharePoint Online environment.

Explore a full range of reporting options
Download Live Demo

Important Tips

Enable sensitivity labels in SharePoint Online to ensure data protection and controlled access to documents within or outside your organization.

Enable Safe Attachments in SharePoint Online to automatically scan and block malicious files before sharing with external users.

Configure DLP policy for SharePoint to prevent unauthorized sharing of sensitive information.

Common Errors and Resolution Steps

The following are the possible errors and troubleshooting hints while auditing anonymous links in SharePoint Online.

Error Get-SPOTenant : The term 'SPOTenant' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

This error occurs because the module containing the cmdlet is absent, or the cmdlet/function may not exist in the current environment.

Fix Install and Import the SharePoint module using the below cmdlet. 
Install-Module -Name Microsoft.Online.SharePoint.PowerShell -Force
Import-Module Microsoft.Online.SharePoint.PowerShell

Error The audit search returned no results.

This error will occur in both PowerShell and the Compliance Center Audit Log search if auditing is not enabled.

Fix In Microsoft Purview Audit, you should enable audit search by clicking Start recording user and admin activity. If you are using PowerShell, you need to enable it using the following cmdlet: 
Set-AdminAuditLogConfig -UnifiedAuditLogIngestionEnabled $true

Error Connect-SPOService : The remote server returned an error: (401) Unauthorized.

This error occurs due to incorrect credentials, insufficient permissions, or the need for Multi-Factor Authentication (MFA).

Fix Ensure that you are using the correct credentials, permissions, and URL, while also considering MFA requirements, network connectivity, and account status.

Error Search-UnifiedAuditLog : The browser-based authentication dialog failed to complete. Reason: The download has failed the connection was interrupted.

This error typically occurs when the connection is disrupted during the download process.

Fix Close the current PowerShell session and start a new one.

Error 'Anyone' sharing options is greyed out in SharePoint Online.

This is because your organization is preventing you from selecting this option.

Fix Please check the external sharing settings for your organization and enable the most Permissive level in SharePoint admin center.
SharePoint Online

Frequently Asked Questions

Manage Anonymous Link Sharing in SharePoint Online

How to create and share an anyone link in SharePoint online securely?

How to create and share an anyone link in SharePoint online securely? +

Anonymous links are useful to share specific documents, folders, or files for collaboration with external partners, clients, or anyone who doesn't have direct access to your SharePoint site. To create an anyone link in SharePoint Online,

  • Navigate to the Documents section of the desired SharePoint site and select the file. Click Share and choose the Anyone option.
  • You can set the permissions to view or edit as per your requirement, generate the link, and share it with recipients.
anyonelink-creation

Follow these essential steps to enhance security for your anonymous links.

  • Select Can View so others can't make changes to the file.
  • Set an Expiry Date for the links. Once the purpose is completed, the link will expire.
  • Set a Password so that only those with the password can access the file.

Note: Users can generate 'anyone' links only if their organization has enabled this feature. otherwise, the option will be greyed out.

Get a list of shared anyone links in SharePoint using Admindroid in a single report.

  • Admins need to monitor any anonymous links created for confidential files.
  • This report lists all anonymous links generated in SharePoint Online, offering detailed information such as creation time, file name, and the user who created the link.
anonymous-link-creation-ad

How to configure 'Anyone with the link' in SharePoint Online?

How to configure 'Anyone with the link' in SharePoint Online? +

Anonymous links in SharePoint Online facilitate quick and secure sharing of documents and files with external users without requiring them to sign in. You can set anyone links at two levels in SharePoint Online.

Set anyone links in SharePoint at the organization level:
  • By setting 'Anyone' link permissions at the organization level, users can share all file and folder with anyone without any restrictions.
  • Follow the below steps to enable the anyone link at the organization level.
  • #Connect to SharePoint Online
Connect-SPOService -Url https://<yourtenant>-admin.sharepoint.com
# Enable anonymous link sharing for the entire tenant
Set-SPOTenant -SharingCapability ExternalUserAndGuestSharing
  • Note : One drawback of using anonymous links at the organization level in SharePoint Online is reduced visibility and control over external access. This can pose security and compliance risks.
Set anyone links in SharePoint at the site level:
  • To enhance security measures, grant anonymous access to specific sites in SharePoint Online. This approach allows for controlled sharing of sensitive documents with external users, ensuring security while facilitating collaboration.
  • Connect-SPOService -Url https://<yourtenant>-admin.sharepoint.com
# Enable anonymous link sharing for the for an individual site collection
Set-SPOSite -Identity <Site URL> -SharingCapability ExternalUserAndGuestSharing
  • Note: In SharePoint Online, you can share individual files and folders using an Anyone link for easy access. However, sharing entire sites or pages with an 'Anyone' link is not supported due to security and access control limitations.

Track File and Folder Sharing configurations with AdminDroid's SharePoint Site Configurations Report.

Tracking file and folder sharing configurations in SharePoint is crucial for security and prevents unauthorized external sharing of sensitive documents.

  • Open the AdminDroid Office 365 reporter.
  • Go to Site Sharing Configurations report under Reports»SharePoint»Site»Sharing Configs.
site-configuration-report

In a single report, you can view the site owner, external sharing capability, number of site users, and additionally you can see member permissions.

How to prevent users from generating anonymous links in SharePoint?

How to prevent users from generating anonymous links in SharePoint? +

If you want to restrict users from creating anonymous links, the only option is to reduce the privilege level in the SharePoint admin center, which affects your entire tenant. There is no other option to restrict this capability for a particular user or group.

Use the below cmdlet to disable anyone links in SharePoint Online.

Connect-SPOService -Url https://<yourtenant>-admin.sharepoint.com
# Disable anonymous link sharing for Entire Tenant
Set-SPOTenant -Identity SharingCapability ExternalUserOnly
disable-anyone-link

Reducing the privilege level in the SharePoint admin center to restrict users from creating anonymous (unauthenticated) links can impact external collaboration. Additionally, it may pose difficulties for users who do not have a Microsoft account.

Get instant alerts and detailed reports with AdminDroid whenever anonymous links are created.

AdminDroid's report on anonymous link creations in SharePoint Online provides a list of all generated anonymous links, including the creation time, file name, and the user responsible for each link.

  • AdminDroid automatically analyses the recent possible alerts for the alert policy using your organization audit data and creates a 'Alert Preview Console' on the retreived data.
  • With the 'Preview & Deploy' feature, you shall view the recent possible alerts and deploy the alert policy to receive alert on the anonymous link creations.
anyonelink-alerts

Pro Tip: AdminDroid provides predefined alert policies on anonymous link creation, resources accessed using anonymous links, and unusual volume of anonymous link creation.

You can easily 'Preview & Deploy' to receive alerts on the anonymous link activites.

How to extract all the anonymous link activities in SharePoint Online?

How to extract all the anonymous link activities in SharePoint Online? +

Within SharePoint Online, users can easily share files and folders by creating an 'Anyone link' which allows anonymous access without requiring sign-in.

So monitoring 'Anyone link' usage helps you spot unauthorized access to sensitive documents and maintain compliance with data protection regulations and security policies.

Use the below cmdlet to extract all anonymous link activities in SharePoint Online.

Connect-ExchangeOnline
$RetriveOperation = "AnonymousLinkRemoved", "AnonymousLinkCreated", "AnonymousLinkUpdated", "AnonymousLinkUsed"
Search-UnifiedAuditLog -StartDate "yyy-mm-dd" -EndDate "yyyy-mm-dd" -Operations $RetriveOperation -ResultSize 5000
all-anonymous-activities

Effortlessly track anonymous access and spot security threats in a flash with AdminDroid’s graphical view.

Tracking anonymous activities in SharePoint Online helps you to protect your organization's data from unauthorized access and enhance data security.

  • Get a list of all anonymous activities with AdminDroid's "All sharepoint events related to anonymous links" report.
  • This report provides detailed data about the user who created the link, operations performed, filename, file permissions, and expiration date.
all-anonymous-activity-graph-view

Can anonymous users delete files or folders uploaded via SharePoint 'Anyone' link?

Can anonymous users delete files or folders uploaded via SharePoint 'Anyone' link? +

No, it's not possible for an anonymous (unauthenticated) user to remove files and folders shared through an Anyone link. Only the owner of the site has the permission to delete the files.

  • When you share an 'Anyone' link with edit permissions, anonymous users can edit, modify, upload, and download the files, but they cannot remove them.
  • With view-only permissions, users can view and download the files.
  • With can't download permissions, users can view but not download or modify the files and folders.

Note : Above conditions are applicable to anyone links only.

Use the below cmdlet to audit file deletions in your SharePoint environment.
Connect-ExchangeOnline
Search-UnifiedAuditLog -StartDate <mm/dd/yyyy> -EndDate <mm/dd/yyyy> -Operations FileDeleted,  FileDeletedFirstStageRecycleBin, FileDeletedSecondStageRecycleBin | Format-Table -Property RecordType, CreationDate, UserIds, Operations

AdminDroid ensures your important files are never lost by tracking deletions.

Keep track of file deletions in your SharePoint environment to prevent unauthorized or accidental loss of important files and to ensure sensitive information is protected.

  • Navigate to All File Deletions in SharePoint and OneDrive report under Audit»General»File/Folder Deletion Tracking»File Deletions.
  • This report provides detailed information on deleted files, including deletion timestamps, device info, URL's of the deleted items, the operations performed, and the result status.
file-deletion-report

What are the other better options for external file sharing in SharePoint Online?

What are the other better options for external file sharing in SharePoint Online? +

Yes, in addition to anonymous links, SharePoint offers more secure external file sharing options with better control. These include specific people links that requires recipients to login with a Microsoft account to access the files.

  • Share with Specific Users: Share files and folders directly with specific external users by using their email addresses. Customize permission levels (view, edit, download) for each user to suit your needs.
  • Guest Access (if enabled): Invite external users as guests to your SharePoint site. Guests require approval and have controlled access based on the permissions you set.
  • Control External Sharing by Domain: This allows you to share SharePoint links only with the specific domains you have selected.
external-sharing-settings

By implementing the above changes, you can more effectively manage external sharing in SharePoint Online.

Keep your SharePoint sharing in check - AdminDroid monitors every external file handshake.

  • A detailed report on file and folder sharing activities with external users in SharePoint Online is available through AdminDroid.
  • This report includes event time, workload, type of operation, operation performer’s email, target user or group's email, shared file or folder name.
external-sharing-report

Pro Tip: AdminDroid supports scheduling external file activities, enabling automated tasks such as downloading and emailing reports on a weekly or monthly basis for efficient management and timely updates.

+

Kickstart Your Journey With
AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities

Download Now
Browse All Guides
User Help Manuals Compliance Docs
All Guides 99+
SharePoint Online
How to Audit SharePoint Online Anonymous Access in Microsoft 365
SharePoint Online Guides
x
Delivering Reports on Time
Delivering Reports on Time
Want a desired Microsoft 365 reports every Monday morning? Ensure automated report distribution and timely delivery with AdminDroid's Scheduling to your email anytime you need.
Delivering Reports on Time
Schedule tailored reports to execute automatically at the time you set and deliver straight to the emails you choose. In addition, you can customize report columns and add inteligent filtering to the activities just from the previous day to suit your Microsoft 365 report requirements.
Set It, Schedule It, See Results- Your Reports, Your Way, On Your Time!
Time Saving
Automation
Customization
Intelligent Filtering
Give Just the Right Access to the Right People
Give Just the Right Access to the Right People
Grant fine-tuned access to any Microsoft 365 user with AdminDroid’s Granular Delegation and meet your organization’s security and compliance requirements.
Give Just the Right Access to the Right People
Create custom roles loaded with just the right permissions and give access to admins or normal users within AdminDroid. The result? A streamlined Microsoft 365 management experience that aligns your organization's security protocols and saves your invaluable time and effort.
Align, Define, Simplify: AdminDroid's Granular Delegation
Smart Organizational Control
Effortless M365 Management
Simplified Access
Advanced Alerts at a Glance
Advanced Alerts at a Glance
Receive quick notifications for malicious Microsoft 365 activities. Engage with the AdminDroid’s real-time alert policies crafted to streamline your security investigations.
Advanced Alerts at a Glance
Stay informed of critical activities like suspicious emails and high-risk logins, bulk file sharing, etc. Through creating and validating ideal alert policies, AdminDroid provides a comprehensive approach to real-time monitoring and management of potential threats within your organization.
AdminDroid Keeps You Always Vigilant, Never Vulnerable!
Proactive Protection
Real-time Monitoring
Security Intelligence
Threat Detection
Merge the Required Data to One Place
Merge the Required Data to One Place
Combine multiple required columns into one comprehensive report and prioritize the information that matters most to you with AdminDroid’s Advanced Column Customization.
Merge the Required Data to One Place
This column merging capability offers a flexible way to add different columns from various reports and collate all the essential data in one place. Want to revisit the customized report? Save it as a 'View’, and your unique report is ready whenever you need it.
Merge with Ease and Save as Views!
Custom Reporting
Unique View
Desired Columns
Easy Data Interpretation
Insightful Charts and Exclusive Dashboards
Insightful Charts and Exclusive Dashboards
Get a quick and easy overview of your tenant's activity, identify potential problems, and take action to protect your data with AdminDroid’s Charts and Dashboards.
Insightful Charts and Exclusive Dashboards
With AdminDroid charts and dashboards, visualize your Microsoft 365 tenant in ways you've never thought possible. It's not just about viewing; it's about understanding, controlling, and transforming your Microsoft 365 environment.
Explore Your Microsoft 365 Tenant in a Whole New Way!
Executive overviews
Interactive insights
Decision-making
Data Visualization
Efficient Report Exporting for Microsoft 365
Efficient Report Exporting for Microsoft 365
Downloading your reports in the right file format shouldn’t be a hassle with AdminDroid’s Report Export. Experience seamless report exporting in various formats that cater to your needs.
Efficient Report Exporting for Microsoft 365
Navigate through diverse options and export Microsoft 365 reports flawlessly in your desired file format. Tailor your reports precisely as you need them and save them directly to your computer.
Take Control, Customize and Deliver- Your Office 365 Data, Exported in Your Way!
Easy Export
Seamless Downloading
Data Control
Manage Microsoft 365

Get AdminDroid Office 365 Reporter Now!

Free Download Live Demo