Get All Anonymous Links Shared from SharePoint Online

Anonymous links give users an easy way to share files and folders in SharePoint Online with anyone. However, for admins, these links often create blind spots. They allow unauthenticated access and may remain active long after they’re no longer needed. Without regular reviews, they can quietly increase the risk of data exposure.

That’s why it’s crucial to get all anonymous links shared from SharePoint Online. Whether you are auditing or aiming to limit external access, having a complete list of anonymous links helps you identify which files and folders are exposed to public access.

In this blog, we’ll walk you through how to get all anonymous links shared from SharePoint Online sites—helping you ensure better oversight of file sharing and strengthen protection against unauthorized access.

Tracking down “Anyone” links in SharePoint Online can be a challenge, especially when you’re dealing with multiple sites and libraries. Here are a few methods available to help you get all anonymous links shared from SharePoint Online.

1. Check anonymous links through SharePoint admin center: You can manually inspect anonymous links by navigating to each file or folder’s access settings. From the SharePoint admin center, navigate to Active sites -> select desired site -> View site -> Document library -> Right click on the file or folder -> Manage access -> Links. While this works for individual files, it’s not practical to check multiple files or folders at once.

2. Generate report on external sharing in SharePoint site: You can check the external sharing report in each SPO site for shared items. From the desired SharePoint site, go to Settings -> Site usage -> Shared with external users -> Run report -> choose a location to save the report. While this report contains external sharing activities from all link types, making it less effective find anonymous links.

3. Search the audit log for shared anonymous links: You can use the Purview audit search or the Search-UnifiedAuditLog PowerShell cmdlet to track anonymous links creations and accesses. However, audit log is limited to past 180-days.

To bridge these gaps, we’ve developed the PowerShell script that exports all ‘Anyone’ links from SharePoint Online into a CSV file with 7+ filtering capabilities.

• Exports all anonymous links in your SharePoint Online environment.
• The script automatically verifies and installs the PnP PowerShell module (if not installed already) upon your confirmation.
• Identifies files and folders with only active anonymous links.
• Lists files and folders that have only expired anonymous links.
• Generates a report that retrieves never expiring anyone links.
• Exports a report that retrieves anonymous links set with expiration.
• Allows to export the list of files and folders with soon to expire anyone links. (i.e., 30 days, 90 days, etc.)
• The script can be executed with an MFA-enabled account too.
• Exports report results to CSV file.
• The script uses modern authentication to connect SharePoint Online.
• It can be executed with certificate-based authentication (CBA) too.
• The script is scheduler friendly.

Download Script: GetAllAnonymousLinks.ps1

The exported report on sharing links for “Anyone” looks like the screenshot below.

The script exports all anonymous links in SharePoint Online along with the following attributes:
Site Name, Library, Object Type, File/Folder Name, File/Folder URL, Access Type, Roles, File Type, Link Status, Link Expiry Date, Days Since/To Expiry, Friendly Expiry Time, Password Protected, Block Download, Shared Link.

1. Download the script.
2. Start the Windows PowerShell.
3. Select any of the methods provided to execute the script.

Note: To run this script, you must register an app in Entra ID for PnP PowerShell. The application must also be granted Files.Read.All from Microsoft Graph and Sites.Read.All from SharePoint to retrieve all the required data.

Method 1: Run the script with MFA and non-MFA accounts.

During execution, the script will prompt you to enter tenant’s name and client id. You can also provide them using the -TenantName and -ClientId parameters. It then exports all anonymous links for files and folders across all SharePoint sites in that tenant.

Method 2: Execute the script by explicitly mentioning the credentials.

The above format works only for non-MFA accounts. If the admin account has MFA, then you need to disable MFA based on the Conditional Access policy make it work.

Method 3: Run the script using certificate-based authentication.

If you want to run the script unattended, use certificate-based authentication.

Before you can connect SPO with certificate authentication, you’ll need to register the app in Entra ID. Based on your flexibility, you can either obtain a certificate from a certificate authority (CA) or create a self-signed certificate.

You can also schedule this script using Task Scheduler or Azure Automation to periodically export anonymous link report.

• This script requires PowerShell 7 or higher, as the latest versions of the PnP PowerShell module are only supported on PowerShell 7 and above.
• If you’re not an owner of certain sites, you won’t be able to retrieve the anonymous link data. Those sites will be skipped, and you’ll get the warning. You don’t have access to this site: <SiteUrl>
• To avoid this issue, you can use method 3, which lets you gather data from all sites without access errors. Ensure the app registration has the mentioned permissions granted at the Application type. Else, you will get the below error: Get-PnPFileSharingLink: Either scp or roles claim need to be present in the token

This script includes customizable filtering options tailored to meet specific administrative needs. Below are key scenarios where the script proves especially effective.

1. Get active anonymous links
2. Find all expired anyone links
3. Discover anonymous links with expiration
4. Identify never expire anonymous links
5. Track down items with anonymous links that are soon to expire
6. Get Anyone Links from Specific Sites (CSV import)

Regularly reviewing active anonymous sharing links helps checking how many files are accessible without authentication. It also reduces excessive link creation by encouraging teams to reuse valid links when needed.

To identify active anyone sharing links in SharePoint Online, run the script with the –ActiveLinks parameter.

This format exports a list of all active anonymous links in SharePoint Online. If you notice any unusual link addition, you can check who created that anyone sharing link to confirm that it was added by an authorized user.

Although expired links are technically inactive, they may still be accessible if cached in a browser or third-party tool. Therefore, it’s important to review them regularly to ensure they do not present a security risk.

Use the –ExpiredLinks parameter as shown below to retrieve the expired anonymous access links.

This command returns a detailed report of all expired anyone links, helping you remove expired links to manage sharing and access in SharePoint Online more effectively.

Tracking ‘Anyone’ sharing links with expiration dates is crucial for managing external access and ensuring secure collaboration. To check anonymous links with expiry date, run the script with –LinksWithExpiration parameter like below.

The above execution will return the detailed report of anyone sharing links with expiration configured.

Never expire anonymous links stay active longer than intended and allow indefinite public access, increasing the risk of unauthorized data exposure. To find such links, execute the script with –NeverExpiresLinks parameter.

Executing the above format will return all the anonymous links with never expiring access.

Proactively monitoring anyone sharing links that are nearing expiration is crucial to prevent disruptions in external collaboration and allows you to notify content owners in advance. To identify expiring anonymous links, run the script with the –SoonToExpireInDays parameter along with number of days.

This format exports a list of anyone sharing links that are expiring in 7 days, empowering you to create or extend the expiration of links if necessary.

By default, the script scans all site collections and generates a comprehensive report of anonymous links. However, if you’re looking to narrow down your analysis to specific sites, you can provide a list of target site collections instead.

To achieve this, use the -ImportCsv parameter to supply a file containing the site URLs. The script accepts both .CSV and .TXT file formats as an input. For example:

The input file should contain a list of SharePoint site URLs with the column header SiteUrl like given below screenshot. Ensure the header is included—omitting it will cause errors during execution.

Anonymous sharing allowed only in a few sites in most of the organizations. So, we can use this method to focus on sites that allow anonymous sharing. This streamlines the audit process without performing a tenant-wide scan.

Apart from identifying all anonymously shared files, it’s important to actively monitor anonymous link creation and access to prevent unauthorized access and data breaches. To make this process easier, you can use the script below:

Download Script: AnonymousLinkActivityReport.ps1

This script will generate an anonymous link audit report covering creation, modification, access, and removal in the following format:

We hope you found this blog helpful to get all anonymous links shared from SharePoint Online. If you have any questions or need assistance, leave a comment below—we’re here to help.