You create a sharing link in SharePoint or OneDrive and set it to Anyone so external users can open the file without signing in. But when you send the link, recipients are forced to sign in with a Microsoft account or organizational account. This behavior is unexpected and blocks access for customers, partners, or anonymous reviewers.
The root cause is almost always a tenant-level or site-level sharing policy that overrides the link’s permission. Microsoft 365 administrators can set policies that restrict anonymous access even when a user selects Anyone in the Share dialog.
This article explains exactly why the sign-in prompt appears, shows you how to verify the real cause, and provides step-by-step instructions to fix the issue at the tenant, site, and link level.
Key Takeaways: Why Anyone Links Still Require Sign-in
- SharePoint admin center > Policies > Sharing: The tenant-level sharing setting must be set to Anyone to allow anonymous access. If it is set to New and existing guests or lower, all Anyone links revert to sign-in required.
- Site-level sharing setting: Even if the tenant allows Anyone, each site or OneDrive can restrict sharing to New and existing guests, which forces sign-in for external users.
- Link expiration and password: An Anyone link that has an expiration date or a password set may still allow anonymous access, but the recipient might see a sign-in prompt if the link is opened in a browser that does not support anonymous tokens.
Why SharePoint or OneDrive Requires Sign-in for Anyone Links
When you create a sharing link with the Anyone option, SharePoint generates a token that allows anonymous access. The token is tied to the link URL itself. No authentication is required, because the link carries the permission.
However, Microsoft 365 uses a layered permissions model. The tenant-level sharing policy is the top layer. If the tenant policy is set to anything other than Anyone, the system downgrades any Anyone link to a People with existing access link or a Specific people link. The recipient then sees a sign-in page because the link no longer contains an anonymous token.
The same override can happen at the site level. A SharePoint site or OneDrive can have its own sharing setting that is more restrictive than the tenant default. Even if the tenant allows Anyone, a site set to New and existing guests will block anonymous access for links created in that site.
A third cause is the link configuration itself. If the Anyone link has an expiration date or a password, the recipient might be prompted to sign in if the browser cannot validate the token. This is rare but happens in private browsing modes or with strict browser security settings.
Steps to Check and Fix Anyone Link Sign-in Issues
- Check the tenant-level sharing policy
Sign in to the SharePoint admin center as a global admin or SharePoint admin. Go to Policies > Sharing. Under External sharing, look for SharePoint. Ensure the slider is set to Anyone. If it is set to New and existing guests or Existing guests, change it to Anyone and click Save. Wait up to 24 hours for the change to propagate, or test immediately with a new link. - Check the site-level sharing setting
In the SharePoint admin center, go to Active sites. Select the site where the link was created. In the command bar, click Sharing. Under External sharing, choose Anyone. Click Save. For OneDrive, go to the OneDrive admin center under Sharing and set the same option. - Create a new Anyone link and test it
Open the file or folder in SharePoint or OneDrive. Click Share. In the Share dialog, click the gear icon to open Link settings. Select Anyone with the link. Uncheck Block download if desired. Set an expiration date or password only if required. Click Apply and then Copy link. Paste the link into an incognito browser window. The file should open without a sign-in prompt. - Verify the link type in the sharing report
Go to the SharePoint admin center > Policies > Sharing. Under File and folder links, check the default link type. If the default is set to People with existing access or Specific people, users may create Anyone links but the system may still default to a restricted link. Change the default to Anyone if you want all new links to be anonymous. - Clear browser cache and test again
If the link still prompts for sign-in, clear the browser cache and cookies. Open an incognito or private window. Paste the link directly. Do not use a saved bookmark. If the file opens, the issue was a cached authentication token from a previous session.
If Users Still See a Sign-in Prompt After the Fix
SharePoint link works in one browser but not another
This is usually a browser extension or security policy issue. Extensions that block third-party cookies can prevent the anonymous token from being read. Test the link in a default browser profile with all extensions disabled. If it works, the extension is the cause. Whitelist the SharePoint domain in the extension settings.
OneDrive Anyone link requires sign-in on mobile devices
The OneDrive mobile app does not fully support anonymous links. When a user taps an Anyone link on a mobile device, the app may redirect to the sign-in page. The workaround is to open the link in a mobile browser instead of the app. Copy the link and paste it into Safari or Chrome on the device.
Anyone link expires immediately after creation
If the link is set to Anyone but has an expiration date of 1 day or less, the token may expire before the recipient opens it. The recipient then sees a sign-in page because the link is no longer valid. Create a new link with a longer expiration, such as 30 days, and test again.
Anyone Link vs Guest Link: Key Differences
| Item | Anyone Link | Guest Link (Specific People) |
|---|---|---|
| Authentication required | No | Yes, Microsoft account or organizational account |
| Recipient type | Any person with the URL | Only invited users who sign in |
| Tenant policy requirement | Must be set to Anyone | Can be Anyone or New and existing guests |
| Expiration and password | Optional, but supported | Optional, but supported |
| File download control | Yes, can block download | Yes, can block download |
| Audit logging | Limited, anonymous access is not tied to a user | Full audit trail tied to the guest account |
When you need to share files with external collaborators who do not have a Microsoft account, use an Anyone link with the tenant and site policies set correctly. If you need to track who accessed the file and when, use a Specific people link that requires sign-in.
After you apply the fixes above, test the link in an incognito browser window to confirm anonymous access works. If the issue persists, check the tenant audit log for policy changes that may have reverted the setting. You can also use the SharePoint Online Management Shell to verify the tenant sharing capability with the Get-SPOTenant cmdlet and look for the SharingCapability property. Set it to ExternalUserAndGuestSharing to enable Anyone links across the tenant.