As a SharePoint site owner, you need to remove anonymous sharing links before a compliance review. These links let anyone with the link access your files without signing in. Auditors flag anonymous links as a security risk because they bypass identity tracking. This article gives you a step-by-step checklist to find and delete all anonymous links in SharePoint sites and document libraries.
Key Takeaways: Removing Anonymous Links for Compliance
- SharePoint admin center > Sharing > External sharing: Check the tenant-level policy for anonymous link types allowed.
- Site settings > Sharing > Manage access requests: Review and revoke any anonymous links from the site sharing page.
- Library settings > Permissions > Check access: Use the Check Access tool to see who has anonymous links to a specific file or folder.
What Are Anonymous Links and Why Compliance Teams Require Their Removal
Anonymous links are a type of sharing link in SharePoint. Anyone who has the link can open the file or folder without signing in. The link does not require a Microsoft 365 account or any authentication. This is convenient for quick sharing but creates a compliance problem.
During a compliance review, auditors check that sensitive data is not accessible to unauthenticated users. Anonymous links violate this rule because the organization cannot track who accessed the file or when. The compliance team will require you to remove all anonymous links before the review begins. If you do not, the audit may fail or result in penalties.
SharePoint offers two types of anonymous links: Anyone links and People in your organization links. The Anyone link is the most permissive. It allows external users to view or edit files without any sign-in. The People in your organization link requires the user to have a Microsoft 365 account in the same tenant. Both types are considered anonymous from a compliance perspective if the organization cannot audit individual access.
To prepare for a compliance review, you must identify every location where an anonymous link exists. This includes SharePoint sites, document libraries, folders, and individual files. You also need to revoke or change the link type to a specific people link.
Step-by-Step Checklist to Remove Anonymous Links
Check the Tenant-Level Sharing Policy
- Go to the SharePoint admin center
Sign in to Microsoft 365 admin center. Select SharePoint from the navigation menu. You need to be a SharePoint admin or global admin to change tenant settings. - Open the Sharing page
In the left menu, select Policies and then Sharing. This page shows the external sharing settings for the entire tenant. - Review the external sharing level
Look at the setting under SharePoint. If it says Anyone, anonymous links are allowed at the tenant level. Change it to New and existing guests or Existing guests to block new anonymous links. This does not remove existing links but prevents new ones. - Set the expiration and permission options
If you must keep Anyone links temporarily, set a short expiration time, such as 30 days. Also remove the edit permission option for Anyone links. This reduces risk but does not eliminate it.
Scan Each Site for Anonymous Links
- Open the site in SharePoint
Navigate to the specific SharePoint site you need to review. Click the gear icon and select Site permissions. - Review the Sharing tab
In the Site permissions panel, select the Sharing tab. This shows a list of all sharing links created on the site. Look for links that say Anyone with the link. These are anonymous links. - Remove each anonymous link
Click the three dots next to the link and select Remove. Confirm the removal. Repeat for each anonymous link in the list. - Check the site sharing settings
On the same Sharing tab, click Change how members can share. Set the sharing option to Specific people. This prevents site members from creating new anonymous links.
Scan Document Libraries and Folders
- Go to the document library
From the site home page, open the document library that contains shared files. - Select a file or folder
Click the checkbox next to an item. Then select the Share button in the toolbar. - See who has access
In the sharing dialog, select the dropdown arrow next to the link settings. If the link type is Anyone with the link, it is an anonymous link. Click the X to remove it. - Use the Check Access tool
For a faster scan, select the file or folder, click the three dots, and select Manage access. The Check Access panel shows all links and direct permissions for that item. Remove any anonymous links listed.
Use PowerShell to Bulk Remove Anonymous Links
- Connect to SharePoint Online PowerShell
Open Windows PowerShell as administrator. Run the commandConnect-SPOService -Url https://yourtenant-admin.sharepoint.com. Sign in with your admin credentials. - Get all site collections
RunGet-SPOSite -Limit Allto list all site collections in the tenant. This may take several minutes for large tenants. - Find anonymous links on each site
Use the commandGet-SPOSiteSharingLink -SiteUrl https://yourtenant.sharepoint.com/sites/yoursite. This returns all sharing links for the site. Filter for links where the Scope is Anonymous. - Remove the anonymous links
UseRemove-SPOSiteSharingLink -SiteUrl https://yourtenant.sharepoint.com/sites/yoursite -Identity linkID. Replace linkID with the actual ID from the previous step. Repeat for each anonymous link.
Common Mistakes and Limitations When Removing Anonymous Links
Anonymous Links Created by External Users Are Hard to Find
External users who have been given edit permissions can create their own anonymous links. SharePoint does not show these links in the site permissions panel if the external user created them. You must use the Check Access tool on each file or folder to see these links. This is time-consuming for large libraries. To prevent this, set site sharing permissions to Specific people only and remove edit access for external users.
Removing a Link Does Not Revoke the File URL
When you remove an anonymous link, the link itself stops working. However, if someone has copied the file URL from the address bar, that direct URL may still work if the user has access through another method. The direct URL is not the same as a sharing link. To fully block access, you must also remove the user’s direct permissions or move the file to a secure location.
Anonymous Links in Microsoft Teams Connected Sites
When a SharePoint site is connected to a Microsoft Teams team, the site permissions are managed by the team. Changing sharing settings in SharePoint may not affect links created through Teams. You must also check the Teams channel settings. In Teams, go to the channel, click the three dots, select Manage channel, and review the sharing settings. Remove any anonymous links from the Files tab in Teams.
Anonymous Links Created via OneDrive Sync
If a user syncs a SharePoint library to their computer and shares a file from File Explorer, that link may be anonymous. These links appear in SharePoint but are not listed in the site permissions panel. Use the Check Access tool on each synced file to find these links. Advise users to share only through the SharePoint browser interface.
Anonymous Link Removal Methods: Comparison
| Item | Manual Removal via Browser | PowerShell Bulk Removal |
|---|---|---|
| Scope | One site or library at a time | All sites in the tenant at once |
| Speed | Slow for many sites | Fast for large environments |
| Permissions required | Site owner or member with share permission | SharePoint admin or global admin |
| Link types detected | Anyone links and People in your org links | All anonymous links (Scope = Anonymous) |
| Risk of missing links | High if links are in subfolders | Low if script scans all items |
After completing this checklist, you can confirm that no anonymous links exist on your SharePoint sites. Run the PowerShell script again one day before the compliance review to catch any new links created by users. Set up a policy in the SharePoint admin center to block Anyone links permanently. This prevents future compliance issues and keeps your data secure.
For ongoing management, enable sharing link expiration policies in the SharePoint admin center. Set a default expiration of 30 days for all new sharing links. This ensures that even if a user creates an anonymous link, it will expire before the next compliance review. Review the sharing audit logs weekly to spot any new anonymous links created by site members.