External users click a OneDrive sharing link expecting to view a legal review document, but instead see a page asking them to request access. This behavior occurs when the sharing link permissions do not match the recipient’s authentication status or when the legal review folder has additional access restrictions. The result is a broken workflow for legal teams, external counsel, and compliance reviewers. This article explains why external users see the request access prompt and provides a step-by-step admin checklist to fix the issue.
Key Takeaways: Fix External Sharing Links That Prompt Request Access
- Microsoft 365 admin center > SharePoint > Sharing: Controls tenant-level external sharing settings that determine whether users can share with anyone or only authenticated users.
- OneDrive admin center > Sync > Sharing: Sets the default link type and expiration for new shares, which affects how legal review links behave.
- SharePoint site collection sharing settings: Override tenant settings for specific OneDrive sites used by legal teams, allowing more permissive sharing for external reviewers.
Why External Users See Request Access Instead of the Document
When a OneDrive sharing link is sent to an external user, the link type determines whether the recipient can view the file immediately or must authenticate and request access. The most common cause is that the link was created with the Specific people option, which requires the recipient to sign in with a Microsoft account or work account. If the recipient does not have an account that matches the link’s permissions, OneDrive shows the request access prompt.
Another cause is the tenant-level or site-level sharing policy. If the admin set external sharing to Authenticated users only or Existing guests, any link sent to a new external user will fail and redirect to the request access page. Legal reviews often involve external counsel who are not yet in the tenant’s Azure AD guest list, so this setting blocks them.
A third cause is the folder or file permission inheritance. If the legal review folder has unique permissions that require explicit guest access, a sharing link that does not grant view rights will also trigger the request access screen. The fix involves checking three layers: tenant settings, site settings, and the specific link type.
Admin Checklist to Fix External Sharing Links for Legal Reviews
Use this checklist to identify and resolve the request access issue. Perform these steps in the order listed.
- Check tenant-level external sharing settings in the Microsoft 365 admin center
Go to Microsoft 365 admin center > Settings > Org Settings > SharePoint > Sharing. Under External sharing, select Anyone for the legal review OneDrive site. This option allows users to create anonymous links that do not require sign-in. If you cannot set the entire tenant to Anyone, proceed to step 2 to configure site-level settings. - Configure the OneDrive site for legal reviews in the SharePoint admin center
Open the SharePoint admin center > Active sites. Find the legal team’s OneDrive site URL. Select the site and click Sharing. Under External sharing, choose Anyone. This overrides the tenant default for this specific site. Click Save. - Set the default sharing link type for the legal OneDrive site
In the same site’s sharing settings, scroll to Default sharing link type. Set it to Anyone with the link. This ensures that new sharing links created by legal team members do not require authentication. Existing links remain unchanged, so users must recreate links after this change. - Verify the specific sharing link used in the legal review
Ask the legal team member who shared the file to open the file in OneDrive, click Share, and inspect the link settings. If the link says Specific people, change it to Anyone with the link and set an expiration date for security. Click Apply and resend the link to the external reviewer. - Check folder-level permissions on the legal review folder
Navigate to the legal review folder in OneDrive. Right-click the folder and select Manage access. If the folder has unique permissions that block external users, click Advanced settings > Stop Inheriting Permissions and then Delete unique permissions to revert to inherited permissions. Alternatively, add the external user as a guest directly in Azure AD and grant explicit access. - Test the link from an external browser session
Open a private or incognito browser window. Paste the sharing link. If the document opens without a sign-in prompt, the fix works. If the request access page still appears, repeat steps 1 through 5 and verify that the link was recreated after the settings change.
If External Sharing Links Still Prompt for Access
Tenant policy blocks Anyone links entirely
Some organizations disable the Anyone option at the tenant level due to compliance policies. In this case, you cannot use anonymous links. The alternative is to add the external reviewer as a guest user in Azure Active Directory. Go to Azure AD admin center > Users > New guest user. Enter the reviewer’s email address and assign them the Guest role. Then share the file using the Specific people link and include the guest user in the share. The reviewer must sign in with their Microsoft account to access the file.
Legal review folder is in a SharePoint site with restricted sharing
If the legal review documents are stored in a SharePoint site rather than a personal OneDrive, check the site collection sharing settings separately. In the SharePoint admin center > Active sites, select the site and click Sharing. Ensure the external sharing level is set to Anyone or New and existing guests depending on your policy. If the site uses Existing guests, the external user must be added as a guest before the link works.
Conditional Access policies block external sign-ins
Azure AD Conditional Access policies can require multi-factor authentication or block sign-ins from untrusted IP addresses. If the external reviewer cannot complete the authentication, they will see the request access page. Review your Conditional Access policies under Azure AD admin center > Security > Conditional Access. Exclude the guest user or create a policy exception for the legal review site if needed.
OneDrive Link Types for Legal Reviews: Comparison
| Item | Anyone with the link | Specific people |
|---|---|---|
| Authentication required | No | Yes, Microsoft account or work account |
| Best for legal reviews | External counsel who do not have a Microsoft account | External counsel who are already guests in the tenant |
| Admin control | Set expiration date and password | Revoke individual access |
| Compliance risk | Higher if link is forwarded without expiration | Lower because access is tied to specific users |
| Tenant setting required | Anyone must be enabled at tenant or site level | Authenticated users or Existing guests |
After completing the checklist, external users can open legal review documents without being redirected to a request access page. Test each link in a private browser session to confirm the fix. For ongoing legal reviews, consider creating a dedicated SharePoint site with Anyone sharing enabled and a link expiration policy of 30 days. This approach balances security with usability for external counsel.