Introduction #
By default, Anyone links for a file allow people to edit the file, and Anyone links for a folder allow people to edit and view files, and upload new files to the folder. You can change these permissions for files and for folders independently to view-only.
If you want to allow unauthenticated sharing, but are concerned about unauthenticated people modifying your organization’s content, consider setting the file and folder permissions to View.
With Anyone links set to View, users can still share files and folders with guests and give them edit permissions by using Specific people links. These links require people outside your organization to authenticate as guests, and you can track and audit guest activity on files and folders shared with these links.
Best practices for unauthenticated sharing | Microsoft Docs
User Impact #
Low – Users will no longer have permission to anonymously share content with edit permissions if the setting is set to View.
Parameters #
FolderAnonymousLinkType – View | View, edit, and upload
FileAnonymousLinkType – View | View and edit
Admin Portal Reference #
Anyone link permissions options are configured in the SharePoint Admin Center
SharePoint Admin Center -> Policies -> Sharing
PowerShell Reference #
# Set folder anonymous link type
Set-SPOTenant -FolderAnonymousLinkType
# Set file anonymous link type
Set-SPOTenant -FileAnonymousLinkType Additional Notes #
Refer to Microsoft’s best practices for sharing files and folders with unauthenticated users – click here
Compliance Reporting #
Important note – this setting can only be configured when anonymous links are enabled in the tenant. If anonymous links are not enabled, the default anonymous link type cannot be adjusted and anonymous links are not available to end users which renders this setting irrelevant. As a consequence, we will report this setting compliant with a compliance message which reflects this.
To configure organization-level external sharing settings and enable anonymous sharing links refer to this setting.
If Action is set to Notify #
We report the setting as compliant if the setting matches the values as set by the parameters.
We report the setting as non-compliant if the setting does not match the values as set by the parameters.
If Action is set to Enforce #
We report the setting as compliant if the setting matches the values as set by the parameters.
We report the setting as compliant-fixed if the setting does not match the values as set by the parameters and we adjust them to match.
