Find All Sharing Links in SharePoint Online

Businesses relying on Microsoft 365 often share files and folders in SharePoint Online to collaborate with internal and external stakeholders. Users create different types of sharing links depending on how much access they want to give others. Over time, these links can become difficult to track, increasing the risk of data overexposure. That’s why it’s important for admins to regularly review all sharing links in SharePoint Online sites.

In this blog, we’ll show how to retrieve all sharing links across SharePoint Online to improve your control over shared files and enhance protection.

While file and folder sharing enable smooth collaboration, regular monitoring of sharing links is essential to:

• Prevent unintentional sharing outside the organization by limiting external sharing.
• Identity expired or inactive links to wisely extend or revoke them as per the need.
• Ensure links have appropriate expiration settings, download ability, password protection, and more.
• Identify over-permissive access granted through anonymous links in SharePoint Online.

Tip: Instruct your users to adhere to the best practices of sharing links in SharePoint Online in a way that promotes security in your organization.

Tracking down all shared links in SharePoint Online can be tricky, especially when dealing with multiple sites. Below are a few ways to identify what’s been shared and with whom.

1. Fetch Sharing Links Through SharePoint Online UI: You can manually view shared links on a per-item basis via the SharePoint site.

To do that, navigate to the SharePoint site → Open the Document Library → Right-click on the file or folder → Click Manage access. There, under the Links section, you can view all types of shared links.

❌ This method shows shared links for a file, but only if the user has access to the site. Even Global Admins can’t view them unless they are added as members on the target site.

2. Generate Report on External Sharing in SharePoint Site: You can generate a sharing report for a specific site through SharePoint Online.

Navigate to the desired SharePoint site, go to Settings → Site usage → Shared with external users → Run report → choose a location to save the report.

⚠️ While this report contains sharing activities from all link types, it lacks additional details like link status, expiration settings, and more. This makes it less effective for comprehensive tracking.

3. Get Shared Links in SharePoint Online Using PnP PowerShell: You can use the ‘Get-PnPFileSharingLink’ cmdlet to fetch all the sharing links for a file from a document library on a SharePoint site.

🕒 While this method gives you accurate results for each file, it requires looping through every file in the respective site to get a complete view.

To overcome the above drawbacks, we’ve developed a PowerShell script that exports all sharing links in SharePoint Online to a CSV file, with advanced filtering options for easier analysis.

• Exports all sharing links across your SharePoint Online environment.
• Automatically checks the PnP PowerShell module and installs it with your confirmation if it’s missing.
• Detects files and folders shared with Anyone (anonymous) links only.
• Produces a report focused on organization-wide (company) sharing links.
• Lists items shared exclusively via people-specific links.
• Includes filtering options to show only active, expired, soon-to-expire, never-expiring, or soon-to-expire links.
• Supports execution using accounts with MFA.
• Exports the report results in CSV format.
• Compatible with certificate-based authentication (CBA).
• The script is scheduler friendly.

Download Script: GetAllSharingLinks.ps1

It includes each site’s URL, file or folder name, sharing link, document library name, file type, expiration details, password protection status, and download permissions.

1. Download the PowerShell script provided above.
2. Open Windows PowerShell and navigate to the location where the script is saved.
3. Choose any of the suitable methods below to execute the script.

Note: Since the script relies on PnP PowerShell, it requires an Entra ID app registration to support both interactive and non-interactive authentication. Make sure you register an app in Entra ID for PnP PowerShell and grant the following API permissions: ‘Files.Read.All’ (Microsoft Graph) and ‘Sites.Read.All’ (SharePoint).

Method 1: Execute the script interactively with MFA or non-MFA accounts

This method prompts you to enter your tenant’s name and the client ID of the registered Entra app. Alternatively, you can pass these values using the -TenantName and -ClientId parameters. The script then exports all sharing links for files and folders across all SharePoint sites that the signed-in user has access to.

Method 2: Run the script interactively by explicitly providing credentials

This method supports only non-MFA accounts. If the admin account has MFA, you’ll need to disable MFA using CA policy to use this method.

Method 3: Run the script unattended using certificate-based authentication

For unattended execution, you can use certificate-based authentication as shown above. Depending on your preference, you can either create a self-signed certificate or obtain one from a certificate authority (CA) to  connect to SPO with certificate.

This method also supports scheduling via Task Scheduler or Azure Automation to export SharePoint Online sharing links report regularly.

• This script requires PowerShell 7 or higher, as the latest PnP PowerShell versions are only supported on PowerShell 7+.
• During interactive sign-in, if you’re not an owner of certain sites, you won’t be able to retrieve their sharing link data. These sites will be skipped, and you’ll see a warning like: Attempted to perform an unauthorized operation.
• To collect sharing link data from all SharePoint sites, regardless of site ownership, use Method 3: certificate-based authentication. Make sure the app registration has the required application-level permissions. Otherwise, you’ll encounter the error: Get-PnPFileSharingLink: Either scp or roles claim need to be present in the token.

This script includes practical filters for real-world use cases to help you track SharePoint Online file sharing. Here’s how it helps enhance sharing and access management in SharePoint Online.

1. Get sharing links report for specific sites (Import CSV)
2. Get all anonymous sharing links
3. Find all company links
4. Get all links shared with specific users
5. List all active sharing links
6. Identify expired sharing links
7. Discover sharing links with expiration date
8. Find soon to expire sharing links
9. Identify never expire links in SharePoint

As a default behavior, the script scans all SharePoint site collections and generates a comprehensive report on sharing links. However, if you want to narrow your analysis to specific SharePoint sites, use the -ImportCsv parameter and supply a CSV file containing the site URLs you want to include.

The CSV file should have a column header named SiteUrl and list the SharePoint site URLs as shown below.

Anonymous sharing makes it easy to collaborate, but it can also lead to unintentional data exposure if not monitored. By reviewing all ‘Anyone’ links in SharePoint, admins can ensure only the intended files remain publicly accessible.

To extract all anonymous links and files that are shared from SharePoint Online, execute the script with the -GetAnyoneLinks parameter.

This helps identify publicly shared files that do not require authentication to access. If any sensitive content is found, admins can quickly revoke those links and restrict external sharing for SPO sites to prevent further exposure.

Tip: Regularly audit anonymous access in SharePoint Online to track when links are created, modified, removed, or accessed.

Users often use company links to share information and make it available to all users in the organization. It’s important to regularly find files shared with everyone in the organization for better content control.

To generate a report of files and folders shared using the “People in your organization” link type, run the script with the -GetCompanyLinks parameter.

This report helps identify content broadly accessible within your organization, allowing you to assess potential overexposure.

For sensitive projects, it’s crucial to track exactly which files are shared with specific team members or external collaborators. This helps ensure that confidential information is only accessible to authorized individuals and reduces the risk of accidental exposure.

To get a detailed list of SharePoint files/folders shared with specific users, run the PowerShell script with the -GetSpecificPeopleLinks parameter.

This report gives clear visibility into files and folders shared with named individuals (both internal and external) and helps maintain tighter control over sharing.

Active sharing links can continue granting access to files and folders, even after users forget they shared them. If left unmonitored, these links may pose a security risk. To generate a comprehensive list of all currently active (non-expired) sharing links, run the script with the -ActiveLinks parameter:

You can combine this parameter with any of the sharing types to get a refined report. For example:

The above execution will list all active company links.

The above execution will list all active anonymous links.

The above execution will list all active specific people links.

Expired sharing links no longer provide access, but keeping track of them is still important for auditing and cleanup purposes. To generate a list of expired sharing links, run the script with the -ExpiredLinks parameter.

By referring to this report, admin can remove expired sharing links.

You can combine this parameter with any of the sharing types to get a refined report. For example:

The above execution will list all expired company links.

The above execution will list all expired anonymous links.

The above execution will list all expired specific people links.

Links configured with expiration dates support time-bound access and enhance security. To list all sharing links that have an expiration date configured, use the -LinksWithExpiration parameter:

You can pair this with sharing types to refine the results. For instance:

This will return all company links that have an expiration date. You can also combine the -LinksWithExpiration with -GetAnonymousLinks or -GetSpecificPeopleLinks to generate more granular reports.

Sharing links include expiration settings to limit how long access is granted. As expiration dates approach, admins should decide whether to notify the document owner for renewal or let the link expire to keep access controlled.

To list sharing links that are set to expire in 15 days, use the -SoonToExpireInDays with the value ‘15’.

You can also combine the above format with -GetAnonymousLinks, -GetCompanyLinks, or -GetSpecificPeopleLinks to generate more focused reports.

Links without expiry pose a risk of unintended long-term access. It’s essential to identify and review them periodically. To get a list of sharing links that do not have an expiration date set, you can use the -NeverExpire parameter:

For more targeted results, combine this with specific sharing types. For example:

This format will return all ‘Anyone’ links set to never expire. You can also combine the –NeverExpiresLinks parameter with the –GetSpecificPeopleLinks or –GetCompanyLinks to get the desired results.

Wrapping Up

We hope this blog helped you generate a shared links permission report in SharePoint Online, covering various use cases based on your needs. If you have any questions, feel free to reach out through the comments section. Stay tuned for more PowerShell scripting guides!