How to Review OneDrive Anonymous Links for Compliance

When you share files from OneDrive using an anonymous link, anyone with the link can access the file without signing in. This convenience can create compliance risks if sensitive data is shared outside your organization. IT administrators and compliance officers need a reliable method to audit and review these anonymous sharing links across their tenant. This article explains how to use the Microsoft 365 admin center, Microsoft Purview compliance portal, and PowerShell to identify and review all anonymous links created by users in your organization.

Understanding Anonymous Sharing Links in OneDrive

An anonymous link, also called an Anyone link, is a sharing link that does not require the recipient to authenticate. When a user creates an Anyone link in OneDrive, they can set permissions to view or edit the file. The link can also have an expiration date or a password requirement if the tenant policy allows it.

From a compliance perspective, anonymous links bypass identity-based access controls. If a user shares a confidential file with an Anyone link and that link is forwarded or posted publicly, unauthorized people can access the file. The organization cannot revoke access by disabling the user account because the link does not depend on the sharer’s identity. Auditing these links is essential for meeting regulatory requirements such as GDPR, HIPAA, and internal data protection policies.

The ability to create anonymous links is controlled by tenant-level sharing settings in the Microsoft 365 admin center. Even if anonymous sharing is disabled at the tenant level, users can still create specific types of links such as People in your organization links or Direct access links. However, if anonymous sharing is enabled, you must regularly review the links that have been created to ensure compliance.

Steps to Review Anonymous Links Using Microsoft Purview

Microsoft Purview provides a centralized compliance portal where you can audit and classify sensitive content shared externally. The Content Explorer in Purview allows you to filter files by sharing type, including anonymous links.

1. Open Microsoft Purview compliance portal
   Go to https://compliance.microsoft.com and sign in with an account that has Compliance Administrator or Global Reader permissions. In the left navigation, expand Data classification and select Content explorer.
2. Apply a filter for sharing links
   In the Content Explorer, click the Filter button at the top of the page. In the filter panel, choose Sharing links from the dropdown. Select Anyone with the link to show only files that have active anonymous sharing links. Click Apply.
3. Review the list of files with anonymous links
   The Content Explorer displays a table of files that match the filter. Each row shows the file name, location, sensitivity label, and the type of sharing link. You can sort by location to focus on OneDrive for Business sites. Click a file to see more details, including the exact sharing link URL and the permissions set on it.
4. Export the results for further analysis
   Click the Export button at the top of the Content Explorer to download a CSV file of the filtered results. This file includes the file name, site URL, sharing link type, and last activity date. Use this CSV to create a compliance report or to investigate specific files.

Steps to Review Anonymous Links Using PowerShell

For large-scale audits or automated compliance checks, use the SharePoint Online Management Shell to retrieve anonymous sharing links programmatically. This method requires the SharePoint Online Management Shell module.

1. Install and connect to SharePoint Online
   Open Windows PowerShell as an administrator and run Install-Module -Name Microsoft.Online.SharePoint.PowerShell if the module is not already installed. Then run Connect-SPOService -Url https://[yourtenant]-admin.sharepoint.com and sign in with a SharePoint Administrator account.
2. Get the OneDrive site URL for a specific user
   Run the cmdlet Get-SPOSite -IncludePersonalSite $true -Filter "Url -like '-my.sharepoint.com/personal/'" -Limit All to retrieve all OneDrive site collections. Note the URL of the site you want to audit.
3. Retrieve anonymous sharing links for the site
   Run the cmdlet Get-SPOSiteGroup -Site https://[tenant]-my.sharepoint.com/personal/[user]_[domain]_com to list all site groups. Look for groups with the name Everyone except external users or SharingLinks. These groups contain the anonymous links. Alternatively, use Get-SPOExternalUser -SiteId [site-id] to list external users who accessed the site via anonymous links.
4. Use a script to list all anonymous links across all OneDrive sites
   Run the following script to iterate through all OneDrive sites and export anonymous links to a CSV file. Replace [tenant] with your tenant name.

   $sites = Get-SPOSite -IncludePersonalSite $true -Filter "Url -like '-my.sharepoint.com/personal/'" -Limit All
   $results = @()
   foreach ($site in $sites) {
       $links = Get-SPOSiteGroup -Site $site.Url | Where-Object {$_.Title -like "SharingLinks"}
       foreach ($link in $links) {
           $results += [PSCustomObject]@{
               SiteUrl = $site.Url
               LinkTitle = $link.Title
               Users = $link.Users -join "; "
           }
       }
   }
   $results | Export-Csv -Path "C:\temp\AnonymousLinks.csv" -NoTypeInformation
   

Common Compliance Review Mistakes and Limitations

Anonymous links are not visible in the standard OneDrive sharing report

The OneDrive sharing report in the Microsoft 365 admin center only shows the number of external sharing links created, not the specific link URLs or the files they point to. To get exact link details, you must use Purview Content Explorer or PowerShell. Relying solely on the admin center report can give a false sense of compliance.

Anonymous links can be created on folders, not just files

Users can create anonymous sharing links for entire folders in OneDrive. When a folder has an anonymous link, all files inside that folder become accessible to anyone with the link. Compliance reviews must check both file-level and folder-level anonymous links. The Purview Content Explorer shows folder-level links as separate items.

Expired anonymous links are not automatically removed

When an anonymous link expires, the link itself becomes inactive. However, the link object remains in the site collection until a user or administrator explicitly deletes it. Expired links can still appear in compliance reports unless you filter by active status. In PowerShell, you can check the ExpirationDate property of the sharing link group to determine if the link is still valid.

Anonymous links bypass sensitivity labels in some cases

If a file has a sensitivity label that restricts external sharing, users can still create an anonymous link to that file if the label does not enforce encryption or access control. To prevent this, configure sensitivity labels to apply encryption or to block external sharing. Review label policies in the Microsoft Purview compliance portal under Information protection > Sensitivity labels.

Purview Content Explorer vs PowerShell for Anonymous Link Review

Item	Purview Content Explorer	SharePoint Online PowerShell
Setup time	No installation required; access via browser	Requires module installation and admin credentials
Granularity	Shows individual files with sharing link type and sensitivity label	Can retrieve link URLs, permissions, and expiration dates programmatically
Automation	Manual filtering and export; no scheduling	Fully scriptable for scheduled audits and alerts
Scope	Limited to files indexed by Purview; may not include all OneDrive sites	Can enumerate all OneDrive sites in the tenant
Permission requirements	Compliance Administrator or Global Reader	SharePoint Administrator

You can now audit anonymous sharing links in OneDrive using Purview for a visual check or PowerShell for bulk automation. Start by running the Purview Content Explorer filter to identify high-risk files shared with Anyone links. Then use the PowerShell script to generate a complete inventory of anonymous links across all OneDrive sites. To further strengthen compliance, configure a data loss prevention policy in Purview that blocks the creation of anonymous links on files containing sensitive information.