As a SharePoint site owner, you need to know which files have been shared with people outside your organization before a compliance review or audit. Without a clear view of external sharing, sensitive data can remain exposed longer than allowed. SharePoint provides built-in reports and settings to help you locate externally shared files quickly. This article explains the exact steps and tools you can use to build a repeatable checklist for finding externally shared content.
Key Takeaways: External File Sharing Checklist for SharePoint Owners
- SharePoint admin center > Reports > Sharing links: View all sharing links created in the last 30 days and filter by type (external, internal).
- Microsoft Purview > Content search: Run a search for files shared externally by querying the SharePoint ExternalSharingAudit record.
- Site settings > Site sharing report: Export a CSV of all sharing activity for a specific site, including guest users and anonymous links.
How SharePoint Tracks External File Sharing
SharePoint logs every sharing action in the audit log. When a user shares a file with someone outside your tenant, SharePoint creates an audit record that includes the file URL, the user who shared it, the target email address, and the sharing type. The sharing types are:
- Anonymous links: Anyone with the link can access the file, no sign-in required.
- Guest links: The recipient must sign in with a Microsoft account or a one-time passcode.
- Direct invitations: The file is shared directly with a specific external user through a sharing invitation.
SharePoint stores these records for up to 90 days for standard Microsoft 365 subscriptions and up to one year for subscriptions with an audit retention add-on. The audit log is the single source of truth for all sharing activity. To build a reliable checklist, you need to query this log using the tools described below.
Prerequisites Before You Start the Checklist
Before you can find externally shared files, confirm the following:
- You have the SharePoint admin role or the Global admin role.
- Audit logging is enabled in Microsoft 365. It is enabled by default for most subscriptions.
- You have access to Microsoft Purview compliance portal.
- You know the site URL or site collection URL for the sites you want to check.
Checklist: Find All Externally Shared Files in SharePoint
Use these five steps to locate every file shared externally across your SharePoint environment. Perform them in order for a complete review.
- Step 1: Run the SharePoint Sharing Links Report in Admin Center
Go to the SharePoint admin center and select Reports from the left navigation. Click Sharing links. This report shows all sharing links created in the last 30 days. Use the filter to select External under Link type. The report displays the file name, link creator, and creation date. Export the data as a CSV file for your records. - Step 2: Search the Audit Log for External Sharing Events
Open the Microsoft Purview compliance portal and go to Audit. Under Search, set the date range to cover the review period. In the Activities field, select Sharing and access request activities and then choose Created sharing link and Shared file, folder, or site. Click Search. The results list every sharing event. Filter the results by Target user or group to see only external recipients. - Step 3: Use Content Search in Microsoft Purview
In the Microsoft Purview compliance portal, go to Content search. Create a new search. In the Locations tab, select Add SharePoint sites and choose the sites you want to scan. In the Keywords field, enterExternalSharingAudit. This query returns all files that have been shared externally. Run the search and export the results as a CSV or PST file for detailed review. - Step 4: Generate a Site-Level Sharing Report from Site Settings
Navigate to the SharePoint site you want to audit. Click the gear icon and select Site permissions. Under Sharing, click View sharing activity. This opens a report that lists all sharing actions for that site, including external shares. Click Export to CSV to download the data. This report includes the file path, the person who shared it, and the external recipient email. - Step 5: Review and Revoke External Links Using the Sharing Links Report
From the SharePoint admin center > Reports > Sharing links, select any external link you want to remove. Click Delete to revoke the link immediately. For guest users, go to Active sites, select the site, and click Sharing. Under External sharing, review the list of guest users. Remove any guest user who should no longer have access.
Common Gaps When Searching for Externally Shared Files
Sharing links expire and disappear from the admin report
The Sharing links report in the admin center only shows links created in the last 30 days. If you need to find links older than 30 days, you must use the audit log search in Microsoft Purview. The audit log retains records for 90 days by default. For longer retention, you need an Audit (Premium) add-on.
Files shared via direct invitation do not appear in the Sharing links report
Direct invitations where the file is sent to an external email address are not listed as sharing links. These events only appear in the audit log under Shared file, folder, or site. Always run the audit log search in addition to the Sharing links report to capture all external sharing types.
Anonymous links are not tied to a specific user
When a user creates an anonymous link, SharePoint logs the creator in the audit record. However, anyone who obtains that link can access the file without authentication. To identify who actually used the link, you must check the file access logs in Microsoft Purview under File and page viewed activities. This is an advanced step that requires additional log analysis.
SharePoint Admin Center vs Microsoft Purview: External File Sharing Tools
| Item | SharePoint Admin Center | Microsoft Purview Compliance Portal |
|---|---|---|
| Data retention | 30 days for sharing links report | 90 days by default, up to 1 year with Audit Premium |
| Sharing types covered | Anonymous and guest links only | All sharing types including direct invitations |
| Export format | CSV from the report page | CSV, PST, or inline results |
| Bulk revocation | Delete links one at a time or in bulk | No direct revocation; use admin center to remove links |
Use the SharePoint admin center for quick checks of recent external links. Use Microsoft Purview for a complete historical audit of all sharing activity. Together they cover the full scope of external file sharing.
You can now run a complete external file sharing review using the five-step checklist. Start with the Sharing links report for a quick overview, then move to the audit log and Content search for older or direct invitation shares. To make this process repeatable, save your audit log search as a template in Microsoft Purview so you can run it monthly without re-entering the query parameters.