SharePoint Online

How to Find All Sharing Links in the SharePoint Online

Shared links in SharePoint Online play a key role in collaboration by enabling external sharing with anyone. However, if left unmonitored, they can lead to unauthorized access and potential data exposure. Monitoring these links is not just about maintaining control; it is also critical for meeting compliance requirements. This guide shows how to generate detailed reports on shared links in SharePoint Online to help secure and manage external access effectively.

List All Sharing Links in SharePoint Online Using PowerShell

Microsoft 365 Permission Required

SPO Site Owner Least Privilege

Global Admin Most Privilege

Connect to the SharePoint Online PnP PowerShell module using the cmdlet below.

Windows PowerShell

 Connect-PnPOnline -Url "<SiteURL>" -ClientId "<ClientId>"

Run the below cmdlet to retrieve all shared links in SharePoint Online using PowerShell.
Make sure to replace "Documents" in the List parameter with the actual name of your document library before execution.

Windows PowerShell

 Get-PnPListItem -List "Documents" -PageSize 2000 | % {
    $item=$_
    if ((Get-PnPProperty -ClientObject $item -Property "HasUniqueRoleAssignments")) {
        $sharingInfo=[Microsoft.SharePoint.Client.ObjectSharingInformation]::GetObjectSharingInformation((Get-PnPContext),$item,0,0,0,1,1,1,1)
        (Get-PnPContext).Load($sharingInfo);(Get-PnPContext).ExecuteQuery()
        $sharingInfo.SharingLinks | ? Url | % {[pscustomobject]@{
            Name=$item["FileLeafRef"];URL=$_.Url
            Access=$(if ($_.IsEditLink){"Edit"}elseif ($_.IsReviewLink){"Review"}else{"View"})
            Type=$_.LinkKind;Anonymous=$_.AllowsAnonymousAccess;Active=$_.IsActive;Expiry=$_.Expiration
        }}}} | ft -AutoSize

It lists all sharing links in the document library, including details such as the file or folder name, access type, active status, expiry date, and anonymous access.

List All Sharing Links in SharePoint Online Using PowerShell

Export All Sharing Links in SharePoint Online Using PowerShell Script

Microsoft 365 Permission Required

SPO Site Owner Least Privilege

Global Admin Most Privilege

The above PowerShell cmdlet shows sharing links for a specific library within a SharePoint site with limited details. Although you can extract more information on sharing links by applying additional filters, the process can become repetitive and time-consuming.
To simplify this, we created a PowerShell script that retrieves a detailed report of all SPO sharing links across the tenant with key information such as site name, object type, file/folder URL, link type, access type, link status, link expiry date, password protected and more.
Download and run the following script in Administrator PowerShell as outlined.
Windows PowerShell
```
 ./GetAllSharingLinks.ps1
```

Export All Sharing Links in SharePoint Online Using PowerShell Script

GetAllSharingLinks.ps1

Simple & Quick
Track All Sharing Links in SharePoint Online Using Admindroid

AdminDroid Permission Required Delegated

Any user with report access assigned by the Super Admin.

Log in to the AdminDroid 365 portal.
Navigate to the Sharing Links Permission Summary report under Reports»SharePoint»Deep Insights» Sharing Monitoring»Permission Summary by Link Type »All Sharing Link Summary.
Click the "Select All" checkbox to include all SharePoint sites for report generation.

Track All Sharing Links in SharePoint Online Using Admindroid

Note: Admins must enable Deep Insights tracking for SharePoint Online sites to view the sharing link report and their related details.

Admindroid SharePoint Online Reporter

Monitor All Shared Links in SharePoint Online to Prevent Data Leakage

AdminDroid's SharePoint Online reporting tool helps you stay informed about all sharing activities and their associated shared links within your organization. It offers detailed reports on the creation, deletion, and usage of all shared links to better control access to sensitive documents.

Visualize All Shared Links with Interactive Dashboard

Use the shared links overview dashboard to track all shared link details and gain a complete view of usage trends, external collaboration, access risks, and more.

Monitor Expired Sharing Links in SPO for Enhanced Data Governance!

Identify all expired sharing links in SharePoint Online to manage outdated access permissions, perform effective cleanup, and enhance data security.

Investigate Every Anonymous Link Events in SharePoint Online

Audit all anonymous link events in SharePoint Online to uncover unnoticed link creation and sharing activities to ensure secure Microsoft 365 collaboration.

Prevent Unauthorized Access with the External Sharing Summary Report

Track the external file sharing summary report to gain clear insights into what external users access, when, and how to protect sensitive data.

Analyze Daily Sharing Link Activities to Detect Unusual Access Patterns

Get a clear view of daily sharing link activity in SharePoint Online to identify access patterns, detect unusual behavior, and prevent oversharing in the organization.

Audit All Events Related to Secure Links in SharePoint Online

Track all SharePoint Online secure link events to ensure only intended recipients access the SPO files and revoke access for unauthorized users.

Explore a full range of reporting options

Download Live Demo

Important Tips

Configure tenant-level sharing settings in the SharePoint admin center such as default expiry dates for 'Anyone' links to prevent prolonged anonymous access.

Limit domain sharing in SharePoint Online to allow sharing links only with trusted domains and block external access from other tenants.

Use sensitivity labels and DLP in SharePoint Online to apply access controls to sensitive files and avoid accidental link sharing.

Common Errors and Resolution Steps

The following are the possible errors and troubleshooting hints while getting all shared links in the SharePoint document library.

Error Input string was not in correct format. Failure to parse near offset 149. Expected an ASCII digit.

This error occurs if the Microsoft Entra ID app lacks the required API permissions or if the SharePoint site URL is incorrect while connecting to the PnPOnline PowerShell module.

Fix Add the required API permissions to the Microsoft Entra ID app and grant admin consent. Then verify and update the correct SharePoint site URL before reconnecting.

Error List '<list name>' does not exist at site with URL '<Site Url>'.

This error occurs when the specified list name does not exist at the given SharePoint site.

Fix Ensure you entered the correct list name. You can run the following cmdlet to get all available SharePoint lists in the site.

Get-PnPList | Select Title

Error WARNING: Please specify a valid client id for an Entra ID app registration.Connect-PnPOnline: Specified method is not supported.

The error occurs as system PowerShell needs the -ClientId for app-based authentication with Microsoft Entra ID but it’s missing.

Fix Verify app registration in the Entra admin center, use a valid Client ID and ensure credentials are correct.

Connect-PnPOnline -Url "<SiteURL>" -ClientId "<ClientID">

Error Set-SPOSite : You do not have required licenses to perform this operation.

This error occurs when you apply execute block download policy using Set-SPOSite cmdlet without SharePoint Advanced Management (SAM) license.

Fix Purchase SharePoint Advanced Management (SAM) license from the Microsoft 365 admin center and assign it to the required user.

SharePoint Online

Frequently Asked Questions

Manage All SPO Sharing Links to Enhance Data Protection in Microsoft 365

What are the types of sharing links in SharePoint Online?

How to manage file and folder sharing links in SharePoint Online?

How to prevent downloads via shared links in SharePoint Online?

How to get all sharing links created by a specific user in SPO?

How to remove sharing links in SharePoint Online?

How to block users from creating “Anyone” links in SharePoint Online?

3. How to prevent downloads via shared links in SharePoint Online?

Imagine your users are sharing a financial report containing quarterly earnings with external auditors. If someone downloads the file and accidentally forwards it or saves it on an unsecured personal device, it could lead to premature disclosure, compliance issues, or reputational damage.

To mitigate such risks, you can use the block download option to ensure that recipients are restricted to viewing the file in a secure browser session, without the ability to download, print, or sync it.

Restrict download access for shared files in SharePoint Online

Open the SharePoint Online document library and select the desired file.
Click More Actions and navigate to Share»Settings (⚙️).
Choose the link type (e.g., "Anyone" or "People in this organization" or "Only people with existing access" or "People you choose").
In More Settings, choose the "Can't Download" option.
Click "Apply" and share to the desired group or users.

Set block download policy for SharePoint sites using PowerShell

Manual configuration is time-consuming and ineffective for large-scale control as it only allows setting download restrictions one file at a time. PowerShell solves this by allowing admins to quickly apply download restrictions at the site level and is better suited for wide enforcement.

Here's how to configure the block download policy for SPO sites using PowerShell.

Connect to the SharePoint Online Management PowerShell module using the cmdlet below.
```
Connect-SPOService –Url "<https://<yourtenantname>-admin.sharepoint.com>" 
```
Use the following cmdlet to block downloads for a particular SharePoint site.
```
Set-SPOSite -Identity "<SiteURL>" -BlockDownloadPolicy $true
```
To exempt site owners from block download policy, use the Set-SPOSite cmdlet with the -ExcludeBlockDownloadPolicySiteOwners parameter set to $true, as shown below.
```
Set-SPOSite -Identity "<SiteURL>" -BlockDownloadPolicy $true -ExcludeBlockDownloadPolicySiteOwners $true
```
Similarly, you can exempt specific Microsoft 365 groups from block download policy using cmdlet below.
```
Set-SPOSite -Identity "<SiteURL>" -ExcludedBlockDownloadGroupIds "<GroupID>" 
```

Note: Replace <GroupID> with the appropriate value before running the command. To exclude multiple groups from the download policy, specify their group IDs as comma-separated values.

Important:

This feature requires a Microsoft SharePoint Premium - SharePoint Advanced Management license.
Block download policy can be set only at the site level, not across the whole organization.
Users will have browser-only access and can't open files in apps like Microsoft Office.
When web access is limited, users see a warning message saying, "Your organization doesn't allow you to download, print, or sync from this site. For help, contact your IT department".

4. How to get all sharing links created by a specific user in SPO?

When an employee leaves the organization or changes roles, files they shared using links in SharePoint Online may still be accessible to others, especially external users. If those links remain active, it could lead to unintended access.

To prevent this, it is important for administrators to identify and review all sharing links created by that user. This helps locate any sensitive content still shared and allows the admin to remove or update access, thereby ensuring the organization's data remains protected.

Audit all sharing links created by a user in Microsoft Purview

Log in to the Microsoft Purview portal and navigate to the Solutions»Audit page.
Customize the Date and time range (UTC) for your audit.
In the Activities - friendly names, search and select the following operations.
Created a company shareable link, Created an anonymous link, Created secure link
In the Users field, enter the specific user's UPN and click Search to find all links that the user has created.
This report shows the sharing links created by the specific user, when they were created, along with the path of shared item, etc. However, it does not display the exact shared URL created by the user.

Manual methods are often slower and less effective for regular or large scale audits, especially during continuous monitoring. For tasks such as filtering results or working with large volumes of audit data, PowerShell is a better option as it simplifies the process and saves time using just a few commands.

Audit all sharing links created by a specific user using PowerShell

Run the below PowerShell cmdlet to audit all the sharing links created by the specific user.

Connect-ExchangeOnline
Search-UnifiedAuditLog -StartDate "<DD-MM-YYYY>" -EndDate "<DD-MM-YYYY>" -Operations "AnonymousLinkCreated", "CompanyLinkCreated", "SecureLinkCreated" -UserIds "<UPN>" -ResultSize 5000 | ForEach-Object {
    $d = $_.AuditData | ConvertFrom-Json
    $name = $d.SourceFileName ?? [System.IO.Path]::GetFileName($d.SourceRelativeUrl ?? $d.ObjectId) ?? "N/A"
    [PSCustomObject]@{
        Time       = $_.CreationDate
        SharedBy   = $_.UserIds
        SiteURL    = $d.SiteUrl
        FileName   = $name
        FileURL    = $d.SourceFileUrl ?? $d.ObjectId
    }
} | Format-Table -AutoSize

Replace <DD-MM-YYYY> in StartDate and EndDate , and <UPN> with the user's UPN you want to search.

5. How to remove sharing links in SharePoint Online?

Shared links are a convenient way to grant quick access to documents or folders, especially during active collaboration. However, if not managed properly, they can become a serious security and compliance concern over time.

Admins may need to remove or disable shared links when a project ends, a third-party engagement concludes, or an employee leaves the organization. Leaving these links active can pose security risks and lead to unauthorized access to sensitive information.

Remove sharing links in SharePoint Online

Navigate to the Active sites page in your SharePoint admin center and select the desired site.
Open the site by selecting "View site", then navigate to the Site contents and then choose the document library.
Select the desired file and choose More actions»Manage access.
Navigate to the Links tab and click on the "Remove link 🗑️" near to the desired link to remove the respective shared link.

remove-sharing-link-in-sharepoint-online

Remove SharePoint Online shared link using PowerShell

Connect to the SharePoint Online PnP PowerShell module using the cmdlet below.
```
Connect-PnPOnline -Url "<SiteURL>" -ClientId "<ClientID>" 
```
To remove the shared links from a particular file, execute the cmdlet below after replacing the <FileUrl>.
```
Remove-PnPFileSharingLink -FileUrl "<FileURL>" 
```
Type Yes or Y in confirmation prompt to remove all sharing links of that SPO file.
To remove sharing links from a specific folder, run the following cmdlet after replacing <FolderUrl>.
```
Remove-PnPFolderSharingLink -FolderUrl "<FolderUrl>" 
```
Type Yes or Y to confirm and remove all sharing links associated with that SharePoint Online folder.

After removing the sharing link from the desired file or folder, access is immediately revoked. Anyone trying to use the link will see an error message stating that they no longer have permission.

6. How to block users from creating “Anyone” links in SharePoint Online?

Admins should restrict users from creating "Anyone" links in SharePoint Online because these links allow anonymous access without user identity tracking. Disabling "Anyone" links protects sensitive data by allowing access only to specific or authenticated users.

Restrict users from creating "Anyone" links using SharePoint admin center

Log in to the SharePoint admin center and click on Policies»Sharing.
Under 'Content can be shared with', you will find a slider setting that applies to both SharePoint and OneDrive, with options such as:
- Anyone
- New and existing guests
- Existing guests
- Only people in your organization
To block anonymous links, you can move the slider to any option except for 'Anyone'.
After adjusting the sharing level, scroll down and click "Save". The settings may take a few minutes to apply across all sites.

external-sharing-policy-sharepoint-admincenter

When the restriction is applied, all existing anonymous links in SharePoint Online will stop working and users will see an error if they try to access them.

The option for creating "Anyone" links will disappear from the sharing menu for all users. Therefore, users must now select a specific user or trusted external users for sharing. This ensures better control and security over shared content.

Restrict users from creating "Anyone" links using PowerShell

Run the cmdlet below to connect to SharePoint Online Management Shell module using PowerShell.
```
Connect-SPOService -Url "<https://yourtenant-admin.sharepoint.com>" 
```
Use the Set-SPOTenant cmdlet with the SharingCapability parameter to control how users can share content. This parameter supports four values, each representing a different level of sharing.
- ExternalUserAndGuestSharing – sets the permission level to Anyone.
- ExternalUserSharingOnly – sets the permission level to New and Existing guests.
- ExistingExternalUserSharingOnly – sets the permission level to Existing guests.
- Disabled – sets the permission level to Only people in your organization.
Execute the cmdlet below and replace the <Value> parameter with any option except ExternalUserAndGuestSharing to restrict "Anyone" links across the tenant.
```
Set-SPOTenant -SharingCapability <Value> 
```