When you share files with external partners during project closeout, recipients sometimes see an access denied error instead of the document. This usually happens because the sharing link has expired, the recipient’s account is blocked, or the file’s sharing permissions were changed after the link was created. This article explains the exact causes of the access denied error for external sharing links in OneDrive for Business. You will learn how to check link expiration, verify external sharing settings, and re-share files correctly so your project closeout documents are accessible.
Key Takeaways: Fixing Access Denied on External Sharing Links
- OneDrive sharing link expiration settings: Links set to expire on a specific date or after a set number of days block access once the deadline passes. Check the link’s expiration date before sending it.
- Microsoft 365 admin center > SharePoint > Policies > Sharing: Controls tenant-wide external sharing policies, including allowed domains and link expiration defaults. If the recipient’s domain is blocked, all links fail.
- OneDrive > Share > Specific people: Re-creating a link with the correct permission level and no expiration ensures the recipient can access the file immediately.
Why External Sharing Links Show Access Denied for Project Closeout
OneDrive for Business generates sharing links that include a unique token. When a recipient clicks the link, OneDrive checks several conditions in order: whether the link is still valid, whether the recipient is authenticated, whether the file still exists at the original location, and whether the sharing policy allows the recipient to view the file. If any of these checks fail, the user sees an access denied message.
The most common causes during project closeout are:
Link Expiration
By default, OneDrive sharing links can be set to expire after a specific number of days. If the project closeout spans several weeks, the link may expire before the recipient opens it. The link token is invalidated on the expiration date, and OneDrive returns an access denied error.
Recipient Domain Blocked
Your organization’s admin can block entire external domains in the Microsoft 365 admin center. If the recipient’s email domain is on the block list, all sharing links to that domain fail with an access denied error.
File Moved or Renamed
If the shared file is moved to a different folder or renamed after the link was created, the link points to the old location. OneDrive cannot find the file and shows an access denied page.
Sharing Permission Changed
If the file owner changes the sharing permission from “Anyone with the link” to “Specific people” after the link was sent, the original link is revoked. Recipients who were not explicitly added see access denied.
Steps to Diagnose and Fix the Access Denied Error
Follow these steps in order to identify why the link failed and to grant the recipient access.
- Check the link expiration date
Open the sharing link in a private browser window. If the error page shows a message about the link being expired, the link has passed its expiration date. Go back to OneDrive, locate the file, and create a new link with no expiration or a later expiration date. - Verify the file still exists at the original path
In OneDrive, navigate to the folder where the file was originally stored. If the file was moved or renamed, restore it to its original location or update the sharing link. Use OneDrive’s search to find the file by name. - Check the current sharing permissions on the file
Right-click the file in OneDrive and select Share. Click People with existing access to see the active links. If the link type is “Specific people,” confirm the recipient’s email address is listed. If not, add them. - Create a new sharing link with the correct settings
Click Share again. Select Specific people and type the recipient’s full email address. Set the permission level to Can view or Can edit as needed. Uncheck Set expiration date unless you need a time limit. Click Apply and then Send. - Test the new link immediately
Copy the new link and paste it into a private browser window. Sign in with the recipient’s account if prompted. The file should open without an access denied error. - If the error persists, check tenant external sharing policies
Contact your Microsoft 365 admin. Ask them to navigate to Microsoft 365 admin center > SharePoint > Policies > Sharing. Verify that external sharing is enabled and that the recipient’s domain is not on the blocked domains list. If the domain is blocked, the admin must remove it or create an allow list exception.
If OneDrive External Sharing Still Shows Access Denied After the Main Fix
Recipient cannot sign in with a Microsoft account
If the sharing link is set to “Anyone with the link,” the recipient does not need to sign in. If the link is set to “Specific people,” the recipient must sign in with a Microsoft account or a work account. If the recipient uses a personal email address that is not linked to a Microsoft account, they will see access denied. Ask the recipient to create a Microsoft account using their email address, or switch the link to “Anyone with the link” and set an expiration date for security.
File has a custom permission level that overrides the link
If the file is in a folder that has unique permissions, the sharing link may not apply. Check the folder’s permissions by right-clicking the folder in OneDrive, selecting Manage access, and confirming that the recipient is listed. If not, add the recipient directly to the folder permissions.
OneDrive Sync client interfering with web access
If the recipient uses OneDrive sync, the sync client may cache an older version of the sharing link. Instruct the recipient to open the link in a browser that is not signed into OneDrive, or clear their browser cache and cookies before retrying.
External Sharing Link Types: Key Differences for Project Closeout
| Item | Anyone with the link | Specific people |
|---|---|---|
| Authentication required | No | Yes, recipient must sign in with a Microsoft or work account |
| Expiration default | Often 30 days (tenant setting) | No default expiration unless set manually |
| Security risk | Higher, because anyone who obtains the link can access the file | Lower, because only specified individuals can access |
| Best for project closeout | Temporary sharing with non-Microsoft account users | Secure sharing with known external partners who have work accounts |
For project closeout, use Specific people links with no expiration to ensure the external partner can access the files for the entire closeout period. If the partner does not have a work account, use Anyone with the link but set a reasonable expiration date and restrict the link to view-only.
After you re-share the file, ask the recipient to open the link in a private browser window. This bypasses any cached credentials or stale tokens. If the file opens correctly, the issue is resolved. If not, repeat the diagnostic steps above, paying close attention to tenant-level sharing policies and file location changes.