When you share OneDrive files with external reviewers for legal review, the recipients may see an access denied message instead of the document. This happens because the sharing link lacks the required permissions or the recipient's identity cannot be validated against your tenant's external sharing policy. The problem often surfaces in time-sensitive legal workflows where reviewers are outside your organization and do not have a Microsoft 365 account in your tenant.
This guide explains why external sharing links fail during legal reviews and provides exact steps to fix the access denied error. You will learn how to adjust sharing link types, configure tenant-level external sharing settings, and set up authentication requirements so that external reviewers can open documents without issues. The steps apply to OneDrive for Business and SharePoint Online, which share the same underlying sharing infrastructure.
Key Takeaways: Access Denied Fix for External Sharing Links
- OneDrive settings > Sync and backup > Manage external sharing: Controls the default sharing link type and expiration for your personal OneDrive library.
- Microsoft 365 admin center > SharePoint > Policies > Sharing: Sets tenant-wide external sharing policies that override individual library settings.
- Sharing link type: Anyone vs Specific people: Use the Anyone link for unauthenticated legal reviewers who should not sign in; use Specific people for reviewers who have a Microsoft account or guest access.
Why External Sharing Links Show Access Denied for Legal Reviewers
The access denied error on an external sharing link occurs when the link's permission scope does not match the recipient's authentication state or when the tenant policy blocks the type of sharing you attempted. OneDrive and SharePoint evaluate three things when an external user clicks a shared link:
First, the link type determines whether the recipient must sign in. An Anyone link allows anonymous access and does not require authentication. A Specific people link requires the recipient to have a Microsoft account or be added as a guest in your Azure AD directory. If you send a Specific people link to a reviewer who has no Microsoft account and is not a guest, they see access denied.
Second, the tenant-level external sharing policy may restrict sharing to authenticated users only. If your admin set the sharing policy to Existing guests or New and existing guests, anonymous Anyone links are blocked entirely. Legal reviewers who do not have guest accounts receive access denied even if the link itself is valid.
Third, the file or folder may have unique permissions that override the link. If the item inherits permissions from a parent library that has sharing disabled, or if the item is under a retention policy that blocks external access, the link fails. Legal review documents are often placed in secured folders where inheritance is broken, which can block external sharing unless explicitly configured.
Steps to Fix Access Denied on External Sharing Links for Legal Reviews
Follow these steps in order. Start with the simplest fix and escalate to tenant-level changes only if needed.
Step 1: Verify the Sharing Link Type You Sent
- Open the shared file or folder in OneDrive
Navigate to the item that is failing. Right-click the item and select Share from the context menu. - Check the current link settings
In the Share dialog, look at the link label at the top. It shows one of these types:
– Anyone with the link – anonymous access, no sign-in required
– People in your organization – internal only, not for external reviewers
– People with existing access – only users who already have permissions
– Specific people – requires Microsoft account or guest access
If the link is set to People in your organization or People with existing access, external reviewers will always get access denied. Change the link type. - Change to the correct link type
Click Copy link to see the current link. Then click the pencil icon or Link settings to modify the link type. For legal reviewers who should not sign in, select Anyone with the link. For reviewers who can authenticate, select Specific people and enter their email addresses.
Step 2: Set an Expiration Date on the Link
- Open link settings again
In the same Share dialog, click Link settings. - Set link expiration
Under Expiration, check the box and pick a date. For legal reviews, set expiration to match the review deadline. This prevents the link from remaining active after the review ends. - Apply and resend the link
Click Apply and copy the new link. Send this updated link to the legal reviewer.
Step 3: Check the OneDrive Library External Sharing Setting
- Open OneDrive settings
Click the OneDrive cloud icon in the system tray. Click the gear icon and select Settings. - Go to Sync and backup
In the left pane, click Sync and backup. Then click Manage external sharing. - Verify the sharing level
Under External sharing, the option should be set to Anyone if you need anonymous links. If it is set to New and existing guests or lower, you cannot create Anyone links. Change it to Anyone only if your tenant policy allows it. Click Save.
Step 4: Review Tenant-Level External Sharing Policy
- Open Microsoft 365 admin center
Go to admin.microsoft.com and sign in with a Global admin or SharePoint admin account. - Navigate to SharePoint admin center
In the left navigation, click Show all, then SharePoint. Alternatively, go directly to admin.microsoft.com/sharepoint. - Open Sharing settings
In the SharePoint admin center, click Policies in the left pane, then click Sharing. - Adjust the external sharing level
Under External sharing, select the level that matches your legal review needs:
– Anyone: Allows anonymous links. Choose this if reviewers do not have Microsoft accounts.
– New and existing guests: Requires recipients to authenticate as guests. Choose this if you want to track who accesses files.
– Existing guests: Only users already in your directory can access shared files.
– Only people in your organization: Blocks all external sharing. Do not select this for legal reviews.
Click Save.
Step 5: Add External Reviewers as Guests (If Using Specific People Links)
- Go to Azure AD guest user management
In the Microsoft 365 admin center, go to Users > Guest users. - Invite a new guest
Click Add guest user. Enter the reviewer's email address. Optionally, include a personal message. Click Invite. - Resend the sharing link
After the guest accepts the invitation, resend the Specific people link. The reviewer will now be able to sign in with their Microsoft account and access the file.
Additional Issues When External Sharing Links Fail During Legal Reviews
OneDrive Files with Retention Labels Block External Access
If a file has a retention label that prevents external sharing, the link will show access denied even if all sharing settings are correct. To check, open the file in OneDrive, click the file name to see details, and look for Retention label. If a label is applied, ask your compliance admin to modify the label policy to allow external sharing or remove the label from the file before sharing.
Shared Folder Has Broken Permission Inheritance
When a folder is set to stop inheriting permissions from its parent library, external sharing may stop working. To fix this, navigate to the folder, click the information icon, click Manage access, and then click Advanced settings. In the permissions page, click Delete unique permissions and confirm. This restores inheritance. Note that this action removes any custom permissions you added to the folder.
External Reviewer Receives a Blank Page or Infinite Loading
This usually happens when the reviewer's browser blocks third-party cookies required for OneDrive authentication. Ask the reviewer to clear their browser cache, enable third-party cookies for the microsoft.com domain, or try a different browser. Edge and Chrome work best with OneDrive sharing links.
Anyone Links vs Specific People Links for Legal Reviews
| Item | Anyone with the link | Specific people |
|---|---|---|
| Authentication required | None | Microsoft account or guest login |
| Best for | External reviewers without Microsoft accounts | Reviewers who can sign in with a personal or work account |
| Audit tracking | Limited to link creation date and IP address | Full audit log with user identity |
| Expiration support | Yes, set in link settings | Yes, set in link settings |
| Password protection | Available in SharePoint admin center under sharing policies | Not available; relies on authentication |
| Risk of unauthorized access | Higher if link is forwarded | Lower because only specified users can sign in |
After you apply the fixes in this guide, your external legal reviewers will be able to open shared OneDrive files without seeing access denied. Start by changing the link type to Anyone or adding the reviewer as a guest. Then verify the tenant-level sharing policy in the SharePoint admin center. For ongoing legal reviews, consider creating a dedicated folder in OneDrive with sharing settings preconfigured to Anyone links with a 30-day expiration. This reduces the chance of access denied errors on future reviews.