Best Practices of Sharing Links in SharePoint Online

Microsoft SharePoint Online links are essential in facilitating collaboration, improving productivity, and ensuring the security of information within an organization. When you plan sharing links in SharePoint Online, it is important to consider the purpose of the link and the audience who will be using it. Here are some best practices that you can go around with!

There are four sharing link types in SharePoint Online you can use to share content with others in Microsoft 365:

1. Company/organization links
2. People with existing access links
3. Secure links
4. Anonymous/Anyone links

When you share a document in Microsoft 365 SharePoint Online using the ‘People in <Your organization>’ link, you are sending it through company links.

• These links are also known as organization links, and they allow anyone in your organization to access the content.
• Company links can be shared with individuals or groups and can be set to expire after a certain period.
• Since these links are only accessible to people within your organization, they are considered secure.

When you try to share any document with people outside the organization using the company link, the following error message is shown in the sharing dialog.

“This link won’t work for people outside of your organization”.

The recipient receives an email and is redirected to the document immediately after clicking on the link. While sharing file, you can also choose to set the permissions to ‘can edit’, ‘can view’, and ‘can review’. Additionally, you can also toggle the block download button to yes/no based on your requirements.

Audit events logged for SharePoint Online Company links related activities in Microsoft 365

So, what are the Microsoft 365 audit log activities logged when operations on company links are performed?

Audit Events	Operation
CompanyLinkCreated	User created a company-wide link to a resource.
CompanyLinkRemoved	User removed a company-wide link to a resource.
CompanyLinkUsed	User accessed a resource by using a company-wide link.

• When you share a document with the link type ‘People with existing access’, i.e., resharing with the people who already have access, the same above audit events are logged.
• It does not change any permissions when resharing.
• The name and email address of people who already have access will be displayed as shown in the below image.

When you share a document in Microsoft SharePoint Online using the ‘People you choose’ link, you are sharing it through secure links.

• Secure links are also known as direct links, and they work only for direct recipients.
• While sharing the doc link, you can set the link settings to ‘can edit’, ‘can view’, and ‘can review’ and block downloads, if necessary.
• These links can be shared with anyone, people inside and outside of your organization, but restricted only to specified individuals or groups.
• Secure links can also be set to expire after a certain period.

When you share content using secure links in Microsoft 365, people within the organization can normally access the document but if you have configured external sharing in SharePoint Online, people outside the organization must go through an authentication check by entering the code received on email request. Only after entering the code, they can access the content.

Audit events logged for secure link related activities in SharePoint Online

The following are the audit log activities for secure links.

Audit events	Operation
SecureLinkCreated	A secure sharing link was created to an item.
SecureLinkDeleted	A secure sharing link to an item was deleted.
SecureLinkUsed	A user used a secure link to an item.
AddedToSecureLink	A user was added to the list of entities who can use a secure sharing link.
RemovedFromSecureLink	A user was removed from the list of entities who can use a secure sharing link.

When you share a document in Microsoft SharePoint Online using the ‘Anyone’ link, you are sharing it through anonymous links.

• Anonymous links are public links that can be accessed by anyone with the link, regardless of whether or not they have a SharePoint account.
• These links are useful for sharing content with people outside of your organization, but they can also be a security risk if the content is sensitive or confidential.
• Anonymous links can be set to expire after a certain period, and you can also restrict access to specific individuals or groups if needed.

Considering major fallouts, Microsoft has brought in so many ways to securely share Anonymous links in SharePoint. Let’s take a closer look at each one, one at a time!

File Permissions: When you share document using anyone link, you can set the file permission as ‘can view’, ‘can edit’, or ‘can review’ based on whom you are sharing with.

Expiration date: Make use of the inbuilt expiration date that comes with the sharing dialog for anyone links. This feature expires the link to the content on the specified date.

Password: Set a friendly password and share it with the recipient you want to grant access to the file/folder.

Block download: Toggle the block download option to ‘yes’ and protect your files from being downloaded.

By configuring the appropriate settings, you can confidently use Anyone links in Microsoft SharePoint Online to share content without compromising security.

Audit events logged for anyone link related activities in SharePoint Online

The following are the audit log activities for secure links.

Audit events	Operation
AnonymousLinkCreated	User created an anonymous link to a resource.
AnonymousLinkRemoved	User removed an anonymous link to a resource.
AnonymousLinkUpdated	User updated an anonymous link to a resource.
AnonymousLinkUsed	An anonymous user accessed a resource by using an anonymous link.

Sharing Settings Management in the SharePoint Admin Center

Apart from these settings, you can also utilize the SharePoint Admin Center -> Policies -> Sharing page for controlling sharing at the organizational level such as setting expiration dates for links, choosing the default sharing link when users share files and folders in SharePoint Online and other settings to limit external sharing in Microsoft 365.

By Planning the use of company links, secure links, and anonymous links and auditing external sharing in SharePoint Online, you can ensure that your organization’s content is shared securely and efficiently. Here are some best practices for planning the use of these link types:

1. Determine the appropriate link type for each scenario: Consider the sensitivity of the content being shared, who needs access to the content, and whether or not the content needs to be shared with people outside of your organization. Based on these factors, decide which link type is most appropriate for each scenario.
2. Set expiration dates: To prevent unauthorized access to your content, set expiration dates on company links, secure links, and anonymous links as appropriate. This will ensure that access to the content is revoked after a certain period of time.
3. Limit access: When sharing sensitive or confidential content, use company links or secure links and restrict access to specific individuals or groups. To ensure proper management of file access, consider conducting a file access audit in SharePoint Online using PowerShell. Additionally, you can also audit file downloads in SharePoint Online to maintain security. These approaches add an additional layer of control and oversight to your content-sharing practices.
4. Train your users: Educate your users on the appropriate use of company links, secure links, and anonymous links. Encourage them to follow best practices, such as setting expiration dates and limiting access to sensitive content.
5. Monitor link usage: Regularly monitor the use of anonymous links, company links, and secure links to ensure that they are being used appropriately. Consider using Microsoft SharePoint Online’s auditing features to track link usage and detect any potential security risks.

By following these best practices, you can plan the use of company links, secure links, and anonymous links in Microsoft SharePoint Online in a way that promotes security and compliance in your organization. Also, if a file from the SharePoint document library is shared with other users, they can still access the file even after any changes to the SharePoint site URL.

Understanding links in SharePoint online and planning them optimally can be challenging. We’ve created this blog post to simplify these concepts and help you navigate the process with ease. If you have any questions or require further guidance, feel free to reach out to us in the comments.