You need to remove anonymous sharing links from OneDrive for Business files before a compliance audit. Anonymous links, also called Anyone links, let anyone with the link access the file without signing in. This creates a security gap that auditors flag as a data leak risk. This article explains how to find and delete all Anyone links in your OneDrive tenant using Microsoft 365 admin tools and PowerShell.

You will learn the difference between link types, the exact steps to remove them manually and in bulk, and how to verify that all anonymous access is revoked. The methods covered work for both individual users and tenant-wide scenarios. Following these steps ensures your audit report shows no unauthenticated access to sensitive files.

The process involves using the SharePoint Online Management Shell and the OneDrive admin center. You do not need to touch each user’s OneDrive manually. The techniques described here apply to OneDrive for Business, not the consumer version.

Key Takeaways: Removing Anonymous Links Before an Audit

SharePoint Online Management Shell: The only reliable method to find and delete all Anyone links across every OneDrive user in your tenant.
OneDrive admin center > Sharing: Controls the default link type but does not retroactively remove existing Anyone links.
Get-SPOSite and Revoke-SPOUserSessionPair: PowerShell cmdlets that enumerate all OneDrive sites and remove anonymous sharing links in bulk.

Understanding Anonymous Sharing Links in OneDrive for Business

Anonymous links, labeled Anyone with the link in the Share dialog, allow external access without requiring authentication. When a user creates an Anyone link, OneDrive generates a unique URL that bypasses Azure Active Directory login. These links can be configured to allow edit or view permissions. Auditors treat any Anyone link as a data exposure because the link can be forwarded to unintended recipients.

OneDrive supports three link types: Anyone, People in your organization, and Specific people. Only the Anyone type allows unauthenticated access. The other two types require the recipient to sign in with a work or school account. During an audit, you must prove that no Anyone links exist on any file or folder in your tenant.

The OneDrive admin center provides a global setting to block future Anyone links. However, this setting does not remove links that were already created. To remove existing links, you must use PowerShell or manually inspect each user’s OneDrive. For a tenant with more than a few users, PowerShell is the only practical approach.

Steps to Remove All Anonymous Links Before an Audit

Follow these steps in order. You need SharePoint Online administrator privileges and the SharePoint Online Management Shell installed. The process has three phases: connect to the tenant, find all OneDrive sites with Anyone links, and delete those links.

Phase 1: Install and Connect the SharePoint Online Management Shell

Install the module
Open Windows PowerShell as Administrator. Run Install-Module -Name Microsoft.Online.SharePoint.PowerShell. Press Y to confirm the installation from PSGallery.
Connect to your tenant
Run Connect-SPOService -Url https://-admin.sharepoint.com. Replace with your Microsoft 365 tenant name. Sign in with a SharePoint Online admin account.
Verify the connection
Run Get-SPOTenant. You should see your tenant properties without errors.

Phase 2: Find All OneDrive Sites That Have Anyone Links

Get a list of all OneDrive site URLs
Run Get-SPOSite -Template "SPSPERS" -Limit All | Select-Object Url. This returns the URL for every OneDrive site in the tenant.
Export the list to a CSV file
Run Get-SPOSite -Template "SPSPERS" -Limit All | Select-Object Url | Export-Csv -Path C:\temp\onedrive-sites.csv -NoTypeInformation. This creates a file you can review later.

Check each site for Anyone links
Use the script below to iterate through each site and count the number of sharing links with anonymous access. Save the script as Check-AnyoneLinks.ps1 and run it.

$sites = Get-SPOSite -Template "SPSPERS" -Limit All
foreach ($site in $sites) {
    $links = Get-SPOSiteSharingLink -Identity $site.Url | Where-Object {$_.IsAnonymous -eq $true}
    if ($links.Count -gt 0) {
        Write-Host "$($site.Url) has $($links.Count) Anyone links"
    }
}

Phase 3: Delete All Anonymous Links

Remove Anyone links from a single site
Run Get-SPOSiteSharingLink -Identity https://-my.sharepoint.com/personal/user_domain_com | Where-Object {$_.IsAnonymous -eq $true} | Remove-SPOSiteSharingLink. Replace the URL with an actual OneDrive site that has anonymous links. This deletes all Anyone links on that site.

Bulk remove Anyone links from all sites
Use the following script to delete every anonymous link across all OneDrive sites. Save as Remove-AllAnyoneLinks.ps1 and run in PowerShell.

$sites = Get-SPOSite -Template "SPSPERS" -Limit All
foreach ($site in $sites) {
    $links = Get-SPOSiteSharingLink -Identity $site.Url | Where-Object {$_.IsAnonymous -eq $true}
    foreach ($link in $links) {
        Remove-SPOSiteSharingLink -Identity $site.Url -LinkId $link.Id
        Write-Host "Removed link $($link.Id) from $($site.Url)"
    }
}

Verify removal
Run the check script from Phase 2 again. The output should show zero Anyone links for all sites.

If You Cannot Use PowerShell: Manual Removal and Policy Blocking

For a small number of users, you can remove anonymous links manually. Sign in to each user’s OneDrive through the Microsoft 365 admin center. Navigate to the user’s OneDrive site, find files or folders that show a globe icon in the sharing column, and remove the link via the Share dialog. This process is time-consuming and error-prone for more than five users.

After removing existing links, block future Anyone links globally. Go to the OneDrive admin center, select Sharing, and change the default link type to People in your organization. Set the Anyone link option to Off. This prevents users from creating new anonymous links but does not affect links already in place.

What Happens When You Delete an Anonymous Link

When you run Remove-SPOSiteSharingLink, the link is immediately invalidated. Anyone who saved the link URL will see an access denied page. The file or folder retains its existing permissions for authenticated users. If the file was shared with specific people through a separate link, that access remains intact. Deleting the anonymous link does not delete the file or change any other sharing settings.

Auditors typically require proof that the links were removed. Save a copy of the PowerShell output showing zero anonymous links. You can also run a report from the Microsoft 365 compliance center under Data classification > Content explorer, but that tool shows only files with sensitive labels, not all sharing links.

Anonymous Links vs Other Sharing Methods: Key Differences

Item	Anyone Link (Anonymous)	People in Your Organization Link
Authentication required	No	Yes, Azure AD sign-in
Link expiration	Optional, set by creator	Optional, set by creator
Audit risk	High, external unauthenticated access	Low, only authenticated users
Can be blocked tenant-wide	Yes, via admin center Sharing settings	No, required for collaboration
Removal method	PowerShell or manual link deletion	Not needed for compliance audits

You can now identify and delete all anonymous sharing links in your OneDrive tenant using PowerShell. Run the verification script after deletion to confirm zero Anyone links remain. For ongoing protection, set the default sharing link type to People in your organization and disable the Anyone link option in the OneDrive admin center. As an advanced tip, schedule the removal script to run weekly via Task Scheduler to catch any new anonymous links created by users before your next audit.

← Back to WiseChecker Home More in OneDrive