When a project reaches closeout, external partners often report that OneDrive sharing links they previously used now show an access denied error. This usually happens because the sharing link has an expiration date, the file was moved or deleted, or the external user’s permission was revoked after the project ended. Microsoft 365 administrators must verify several settings to restore access or create a compliant archive. This article explains why external links break during closeout and provides a step-by-step checklist to diagnose and fix each cause.
Key Takeaways: Diagnose and Restore External OneDrive Links After Project Closeout
- Sharing link expiration policy: OneDrive admin center > Sharing > Expiration date for sharing links — sets a default expiration that automatically revokes access after a set number of days.
- File location or name change: Moving a file to a different folder or renaming it invalidates the original sharing link, causing an access denied response.
- External user removal from tenant: Deleting a guest user from Azure Active Directory or the Microsoft 365 admin center immediately blocks all shared links to that user.
Why External Sharing Links Break During Project Closeout
When a project ends, administrators or project leads often perform cleanup tasks that inadvertently break external sharing links. The most common technical cause is a sharing link expiration policy set at the tenant or site level. Microsoft 365 administrators can configure OneDrive to expire any sharing link after a specific number of days. If the project ran longer than that default, all external links issued before the expiration window become invalid.
Another frequent cause is file relocation or deletion. When a project closes, files are often moved to an archive folder, renamed, or deleted. OneDrive sharing links contain a unique file identifier tied to the file’s original location. If the file moves to a different folder or is renamed, the link no longer resolves to the correct file, and the external user sees an access denied page.
Finally, guest user removal from the Microsoft 365 tenant breaks all shared content for that external user. If an admin deletes the guest account during closeout, any link previously sent to that user becomes unusable. The link itself remains valid for other recipients, but the deleted user cannot authenticate.
Checklist: Diagnose and Fix External Link Access Denied Issues
Use this checklist in the order shown. Each step covers one root cause. Complete all steps before reissuing links to external partners.
Step 1: Verify the Sharing Link Expiration Policy
- Open the Microsoft 365 admin center
Go to Admin centers > SharePoint. In the SharePoint admin center, select Policies > Sharing. - Check the expiration setting for sharing links
Under Choose expiration and permissions options for sharing links, look for Expiration date for sharing links. If this is set to a specific number of days, any link older than that value will fail. - Adjust the policy or create a new link
To restore access, either increase the expiration period or create a new sharing link for the affected files. For project closeout, consider setting the expiration to Never expire or a date far in the future, then reissue the link.
Step 2: Confirm the File Still Exists at the Original Location
- Open the affected OneDrive folder in a web browser
Sign in as the file owner. Navigate to the exact folder path that was shared. - Search for the file by name
If the file is missing, check the Recycle bin in OneDrive. Deleted files remain in the recycle bin for 93 days for business users. - Restore the file to its original location
If the file was moved to a different folder, move it back. If it was renamed, rename it to the original name. Then test the link again.
Step 3: Check Whether the External User Account Still Exists
- Open the Microsoft 365 admin center
Go to Users > Guest users. Search for the external user’s email address. - If the guest user is missing, re-invite them
Select Add guest user and enter the email address. Send a new invitation. Once the user accepts, the original link may work again if the file and policy are correct. - If the guest user is present but blocked
Check the user’s status column. If it shows Blocked sign-in, select the user, go to Sign-in status, and set it to Allow sign-in. Save the change.
Step 4: Audit Sharing Link Permissions on the File
- Open the file in OneDrive on the web
Right-click the file and select Manage access. A panel opens showing all users and groups with access. - Check the sharing link type
Under Shared with, look for the link icon. Click the link to see its permissions. If the link is set to Specific people and the external user is not listed, the link will deny access. - Recreate the link with the correct audience
Delete the old link. Create a new link set to Anyone with the link or Specific people and add the external user’s email address. Send the new link.
Step 5: Verify Tenant External Sharing Settings
- Go to the SharePoint admin center
Select Policies > Sharing. Under External sharing, confirm that OneDrive and SharePoint allow sharing with external users. - Check the sharing level for OneDrive
If the setting is Only people in your organization, external sharing is disabled entirely. Change it to Anyone or New and existing external users to restore external link functionality. - Apply the change
Select Save. Wait up to 24 hours for the setting to propagate, or test immediately on a new link.
If External Links Still Show Access Denied After the Checklist
OneDrive Reports a Blocked File Type
The Microsoft 365 admin center can block specific file extensions from being shared externally. Go to SharePoint admin center > Policies > Sharing. Under File extensions that cannot be shared with external users, check whether the file type of the affected document is listed. If it is, remove that extension from the block list or compress the file into a ZIP archive and share the archive instead.
Conditional Access Policies Block External Users
Azure Active Directory conditional access policies may require external users to sign in from a trusted location or use multi-factor authentication. If the external partner cannot meet these requirements, the link will fail. Check conditional access policies in Azure AD > Security > Conditional Access. For project closeout, create a temporary policy that excludes the guest user group from location or device restrictions.
The Project File Was Moved to a Different OneDrive or SharePoint Site
If the file was migrated to a different OneDrive or a SharePoint document library during closeout, the original link no longer points to the correct location. The file must be shared again from its new location. Use the Copy link option on the file in its new site and send that new link to external partners.
OneDrive External Link Settings vs SharePoint External Link Settings: Key Differences
| Item | OneDrive for Business | SharePoint Online |
|---|---|---|
| Default expiration | Set in SharePoint admin center under Policies > Sharing, applies to OneDrive links | Set in SharePoint admin center under Policies > Sharing, applies to site collection links |
| External user invitation | Guest user must accept invitation before accessing shared files | Guest user must accept invitation before accessing shared files; site-level sharing can bypass invitation for Anyone links |
| File type blocking | Controlled by same tenant-wide file extension block list in SharePoint admin center | Controlled by same tenant-wide file extension block list; additional per-site block lists possible |
| Link audience options | Anyone, People in your organization, Specific people | Anyone, People in your organization, Specific people, Existing guests |
| Admin audit log | OneDrive sharing events appear in the Microsoft 365 unified audit log | SharePoint sharing events appear in the same unified audit log |
Both platforms share the same underlying sharing infrastructure. Changes made in the SharePoint admin center affect OneDrive external links unless a specific setting is scoped to a site collection.
After completing the checklist, you can restore external access to project closeout files by adjusting the expiration policy, confirming the file location, and re-inviting guest users if needed. For long-term archival, consider moving the files to a SharePoint site with a permanent sharing policy and using the Anyone with the link option set to Never expire. This avoids access denied errors during future audits or legal holds.