By default when a user chooses to share a document, a selection has already been made to share that document with anonymous access, restricted organizational access or only with specific people (requiring entry of recipients) depending on who set up your tenant. If no changes were made, chances are the links default to anonymous access. A user can change this setting to restrict access before sharing but for newer users in a hurry, it’s likely anonymous links could be being created and shared incidentally because time isn’t being taken to review the alternative options.
Here’s how you, as an administrator, can change the default settings to something more secure without (or with) removing anonymous capabilities.
- Go to central admin and click “sharing”
- Change settings under “default link type” (green) and review the other options within the red box for further customizing default links (default to view or default to edit permissions?) and permissions for creating those links (everyone or only certain groups?).
- At the top, you may also wish to restrict the types of links a user can create when choosing to share a document.
- Click OK at the bottom to save your changes
Here are what the various default link types result in when saved:
Direct
|
 |
Internal
|
 |
Anonymous
|
 |
