When legal reviewers receive an external sharing link to a OneDrive for Business file, they often see an error message or a request-access prompt instead of the document. This happens because default sharing settings block anonymous access or require authentication. Legal teams need a reliable way to grant access to external reviewers while maintaining compliance. This article explains why these blocks occur and how to configure OneDrive so external users can request access and legal reviewers can approve it.
Key Takeaways: Configuring OneDrive external sharing for legal review access requests
- Microsoft 365 admin center > Settings > Org settings > SharePoint > Sharing: Controls tenant-wide external sharing policy that affects OneDrive link behavior.
- OneDrive admin center > Sharing > External sharing: Per-site setting to allow external users to request access instead of being blocked.
- OneDrive sync client > Settings > More settings > Options > Permissions: Verify local sync permissions do not override online sharing settings.
Why External Sharing Links Fail During Legal Review
When you send a OneDrive sharing link to an external legal reviewer, the recipient must pass two checks. First, the tenant-level sharing policy must allow external sharing. Second, the specific OneDrive site must permit the type of link you sent. By default, Microsoft 365 tenants set external sharing to “Only people in your organization” or “Existing guests.” Both settings block anonymous users and force authentication. If the recipient is not already a guest in your Azure AD tenant, they see an access-denied page or a request-access button. The request-access button appears only when the site is configured to allow external users to request access. Legal reviewers frequently encounter this because they are not pre-invited guests and the link type does not match the site setting.
Link Types and Their Default Behavior
OneDrive supports three link types: Anyone links (anonymous), People in your organization links, and Specific people links. Anyone links bypass authentication entirely. People in your organization links require the recipient to sign in with a Microsoft 365 account from your tenant. Specific people links require the recipient to authenticate with a Microsoft account or be added as a guest. For legal reviews, the most common link type is Specific people. If the recipient is not already a guest, they see a request-access page. If the tenant blocks external sharing entirely, they see an error page with no request option.
Steps to Enable Request Access for External Legal Reviewers
To allow external users to request access when they open a sharing link, you must adjust three levels of settings. Perform these steps in order.
- Check tenant-level external sharing policy
Sign in to the Microsoft 365 admin center. Go to Settings > Org settings > SharePoint > Sharing. Under External sharing, select either “Anyone” or “New and existing guests.” “Anyone” allows anonymous links. “New and existing guests” requires authentication but allows access requests. Click Save. - Configure OneDrive site-level sharing
Open the OneDrive admin center at admin.microsoft.com/AdminPortal/Home#/sharepoint. Select Sites > Active sites. Find the OneDrive site of the user who will share files. Click the site name, then select Policies > Edit. Under External sharing, choose “New and existing guests” or “Anyone.” To enable request access, scroll to Access requests and select “Allow access requests.” Click Save. - Verify link type in the sharing dialog
The user sharing the file must create the correct link type. Open OneDrive in a browser. Select the file or folder. Click Share. In the sharing dialog, choose “Specific people” or “People in your organization.” If you selected “Anyone” at the tenant level, you can also choose “Anyone.” Copy the link and send it to the legal reviewer. - Test the link as an external user
Open a private browser window or a browser not signed into your tenant. Paste the link. If the link type is Specific people and the tenant allows access requests, the reviewer sees a page with a “Request access” button. Clicking it sends an email to the OneDrive site owner. - Approve the access request
The site owner receives an email from Microsoft SharePoint with the subject “Access request.” Open the email and click Review request. In the Access Requests page, select Approve or Deny. Approved users become guests in Azure AD and gain access to the file.
If External Reviewers Still Cannot Access the Link
Even after enabling request access, some scenarios block external reviewers. Check these common issues.
“You don’t have access” error with no request button
This error occurs when the tenant-level policy is set to “Only people in your organization” or when the OneDrive site has “Existing guests” selected without access requests enabled. Go to the OneDrive admin center and verify the site-level setting includes “Allow access requests.” Also confirm the tenant-level policy is not “Only people in your organization.”
Request access email never arrives
The access request email goes to the SharePoint site owner, not the file owner. If the site owner does not have a mailbox, the email is lost. Assign a site owner with a valid email address. In the OneDrive admin center, select the site, then click Owners. Add a user with a licensed Exchange Online mailbox.
Legal reviewer sees “This link is expired or invalid”
OneDrive sharing links have an expiration date. If the link was created with an expiration, the reviewer sees this error. The file owner must create a new link with a longer expiration or no expiration. In the sharing dialog, click Link settings and set Expiration to a future date or clear the checkbox.
External Sharing Link Types for Legal Review: Comparison
| Item | Anyone link | Specific people link |
|---|---|---|
| Authentication required | No | Yes, Microsoft account or guest account |
| Access request available | Not applicable | Yes, if site allows access requests |
| Best for legal review | Low sensitivity documents | Confidential documents requiring audit trail |
| Tenant setting required | Anyone | New and existing guests or Anyone |
| Link expiration | Configurable | Configurable |
Legal teams should use Specific people links for confidential documents and Anyone links only for non-sensitive drafts. Specific people links provide a request-access workflow that logs the reviewer’s identity and approval in Azure AD audit logs.
With the correct tenant and site settings, external legal reviewers can request access to OneDrive files without manual guest invitations. The request-access feature creates a guest account automatically upon approval, which reduces administrative overhead. For advanced compliance, enable audit logging in the Microsoft 365 compliance center to track every access request approval and file download. Combine this with sensitivity labels to restrict download or printing for external users.