When you share a file from OneDrive with someone outside your organization, that person receives a direct link that works immediately. But you might later need to revoke that access entirely — not just stop sharing, but remove the external user’s ability to reach the file through any saved link. This article explains how to delete external shares, block direct-access links, and verify that no external user can open your file.
The root cause of lingering external access is that OneDrive stores share links and permissions even after you think sharing is stopped. Simply deleting the link from a chat or email does not remove the permission from the file. You must explicitly remove the external user or the link from OneDrive’s sharing settings.
Below you will find the exact steps to remove external direct access using the OneDrive web interface, the desktop client, and Microsoft 365 admin tools. You will also learn how to prevent accidental external sharing in the future.
Key Takeaways: Removing External Access From OneDrive Files
- OneDrive web > Share > Manage access: Use this panel to see all external users and links, then click the X next to any external person or link to remove their access.
- OneDrive desktop > Right-click file > Share > Manage access: Opens the same permission panel as the web version, allowing you to remove external users without leaving File Explorer.
- Microsoft 365 admin center > SharePoint > Sharing policies: Lets you set tenant-wide rules that block external sharing by default or require sign-in, preventing new external links from being created.
How External Direct Access Works in OneDrive
When you share a OneDrive file with someone outside your organization, OneDrive creates a unique link that contains an encoded permission token. That token is stored on Microsoft servers. Even if you delete the email or message containing the link, the token remains active. The external user can still open the file if they bookmarked the link or if the link was forwarded.
OneDrive offers three types of external sharing links:
- Anyone links: No sign-in required. Anyone with the link can open the file. These are the most risky for external direct access.
- Specific people links: The external user must sign in with a Microsoft account or a work account to access the file. The link is tied to that person’s identity.
- Internal links: Only users inside your organization can open the file. These do not grant external access.
To remove external direct access, you must delete the specific link or remove the external user from the file’s permission list. Simply changing the link type from “Anyone” to “Specific people” without removing the existing external user does not revoke access for that person.
Steps to Remove External Access From a OneDrive File
Follow these steps to remove external direct access from a file using the OneDrive web interface. This is the most reliable method because it shows all active links and external users.
- Open the file in OneDrive on the web
Go to onedrive.live.com and sign in with your work or school account. Navigate to the file you want to secure. - Open the sharing panel
Click the file to select it, then click the Share button in the toolbar above the file list. Alternatively, right-click the file and select Share. - Click Manage access
In the Share dialog, click the Manage access link at the bottom. This opens a panel showing all users and links that have access to the file. - Remove external users
Scroll through the list. Any user whose email domain is different from your organization is an external user. Click the X icon next to that user’s name. A confirmation dialog appears. Click Remove to confirm. - Delete external links
In the same panel, find the Links section. If you see a link with type “Anyone” or “People in [your org] with the link”, click the three dots (More options) next to that link and select Delete link. This removes the link entirely. - Verify access is removed
After removing external users and links, refresh the Manage access panel. The file should now show only you or internal users. To double-check, copy the file’s URL and open it in a private browser window. You should see a sign-in prompt or an access denied message.
Remove External Access From OneDrive Desktop Client
If you prefer to work from File Explorer, you can manage permissions from the desktop client.
- Right-click the file in File Explorer
Locate the file in your OneDrive folder. Right-click it and select Share from the context menu. - Click Manage access
In the Share dialog that opens, click Manage access at the bottom. - Remove external users and links
The same permission panel appears as in the web version. Follow steps 4 through 6 from the previous section to remove external users and delete external links.
Remove External Access for Multiple Files at Once
OneDrive does not have a bulk permission removal tool in the standard interface. To remove external access from many files simultaneously, use the Microsoft 365 admin center or PowerShell.
- Go to the Microsoft 365 admin center
Sign in to admin.microsoft.com with a Global admin or SharePoint admin account. - Open SharePoint admin center
In the left navigation, click Show all then SharePoint. - Access the Sharing page
Under Policies, click Sharing. Here you can set organization-wide external sharing limits. To block all new external shares, select Only people in your organization under External sharing for OneDrive. - Use PowerShell to remove existing shares
Run theRemove-SPOSiteExternalUsercmdlet orSet-SPOSite -SharingCapability Disabledto revoke external access for an entire OneDrive site. This requires the SharePoint Online Management Shell module.
If External Users Still Have Access After You Remove Them
External user appears again in Manage access after removal
This can happen if the user was added through a group or a parent folder’s permissions. Open the file’s Manage access panel and check the Inherited permissions section. If the file inherits permissions from a parent folder, you must break inheritance. Click Advanced settings then Stop inheriting permissions. After that, remove the external user again.
Anyone link still works after deleting it
If you deleted an Anyone link but the file is still accessible, the link might have been cached by a browser or shared through a different method. Create a new Anyone link with expiration and password, then immediately delete it. This forces OneDrive to invalidate all previous tokens for that file.
External user received the file as an attachment
If you shared the file as an attachment via email, the external user already has a copy. Removing the OneDrive link does not delete the copy on their device. Use Microsoft 365 Data Loss Prevention policies or Azure Information Protection to protect the file content before sharing.
OneDrive Sharing Options: External Access vs Internal Access
| Item | External Access (Anyone) | Internal Access (People in your org) |
|---|---|---|
| Sign-in required | No | Yes, with work or school account |
| Link can be forwarded | Yes, to anyone | Yes, but only internal users can open it |
| Remove access method | Delete the link in Manage access | Remove the user or delete the link |
| Risk of data leak | High if link is shared publicly | Low, limited to authenticated users |
After you remove external direct access from your OneDrive files, verify that no external links remain by checking the Manage access panel for each sensitive file. To prevent future accidental external sharing, set your default sharing link type to “People in your organization” in OneDrive settings. You can also configure a sharing policy that requires external users to sign in and sets link expiration dates automatically.