You may have already seen some new options when sharing links to files in SharePoint (and OneDrive). Here’s what’s available in my tenant today:
If you use the “Anyone with the link” option (for anonymous access) you can choose a date on which the link will expire and access will no longer be granted via that link.
You can block people from downloading only if you uncheck “Allow editing” for the link types that support it.
Your basic options are to allow anonymous users (with or without an expiration date) to:
Edit & Download
View & Download
You can also easily share with people only in your tenant, even if they don’t have prior access, and choose whether they can edit, view and download, or just view.
People with existing access is useful just to Skype/Teams someone a quick link to get to the file. Their pre-existing permissions apply.
Finally, “Specific People” can allow you to share with external users but they must use the address you share with, as they’ll be sent a verification code to validate their identity. This adds a layer of security to otherwise anonymous share links.
Note: You may not be prompted to enter your email address if opened directly. But if the email is forwarded, user will be asked to verify email before they’re able to send a code.
A newer feature in SharePoint allows you the option to “Notify your team” after a new file is uploaded. Your upload process is the same, but then your “upload complete” dialog now has an additional option:
When you select “Notify your team” you’re presented with options like sharing with SharePoint groups, or just individuals manually entered.
When finished, click “Notify” and the intended recipients receive a link that only works for them when logged in.
If you attempt to share with someone not in your tenant, you will receive an error as you can only notify people with existing access.
For these external users, you can instead separately share via the usual “Share” dialog when a file is selected. Here you’ll also find a newer feature that allows for blocking downloads if the “Allow editing” box is unchecked. This would prevent people making edits offline and creating multiple versions in silos.
By default when a user chooses to share a document, a selection has already been made to share that document with anonymous access, restricted organizational access or only with specific people (requiring entry of recipients) depending on who set up your tenant. If no changes were made, chances are the links default to anonymous access. A user can change this setting to restrict access before sharing but for newer users in a hurry, it’s likely anonymous links could be being created and shared incidentally because time isn’t being taken to review the alternative options.
Here’s how you, as an administrator, can change the default settings to something more secure without (or with) removing anonymous capabilities.