Set Anonymous Link Expiration Settings for SharePoint Online and OneDrive for Business

Requirement: Configure Anonymous Link Expiration for SharePoint Online and OneDrive.

Anonymous links Expiration is a security best practice in SharePoint Online, and This allows SharePoint Online administrators to set the maximum expiration duration for items shared via anonymously shared links. You can set the SharePoint Online guest link expiration at the tenant level. To set anonymous links expiry days, follow these steps:

  • Login to the SharePoint admin center, 
  • Click on Policies >> Sharing >> Tick the checkbox next to “These links must expire within this many days” and set the number of days the guest link can be active. E.g. 30
  • Click “OK” in the bottom of the page to save your changes.
SharePoint Online Anonymous Link Expiration

This enforces a mandatory expiration date for your anonymous links on the tenant level and determines the lifespan of anonymously shared links. If you don’t set these expiry days: it defaults to 730 days (2 years! That’s the maximum days you can set!)

Open SharePoint Online Management Shell and run this PowerShell script to configure guest link expiration in SharePoint Online.

#SharePoint Admin Center URL
$AdminCenterURL = "https://Crescent-admin.sharepoint.com"

#Connect to SharePoint Online
Connect-SPOService -URL $AdminCenterURL -Credential (Get-Credential)

#Set Expiration Days for Anonymous links
Set-SPOTenant -RequireAnonymousLinksExpireInDays 30

Now, when you try to share an anonymous link, the link expiry days will be set to 30 by default (or whatever you configured). You can change the expiration date by providing a day lesser than the value configured at the tenant level. Still, you can’t set the expiry date beyond the limit you set in the above PowerShell script on in SharePoint Online Admin Center! This makes the link invalid after a certain number of days configured.

sharepoint online share link expiration

If you try to change the link expiration date beyond the limit set, You’ll receive an error “Your organization’s policy doesn’t allow links to stay active for more than 30 days.” This expiry day setting applies to both SharePoint Online and OneDrive, minimizing the security risk.

#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
Add-Type -Path "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.Online.SharePoint.Client.Tenant.dll"

#Parameters
$AdminSiteURL="https://crescent-admin.sharepoint.com/"
$DaysToExpire = 7

#Get Credentials to connect
$Cred= Get-Credential

Try {
    #Setup the context
    $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($AdminSiteURL)
    $Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)

    #Get the Tenant
    $Tenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx)
    $Ctx.Load($Tenant)
    $Ctx.ExecuteQuery()

    #Set Tenant Anonymous Link Expiration Days Settings
    $Tenant.RequireAnonymousLinksExpireInDays= $DaysToExpire
    $Ctx.ExecuteQuery()

    Write-host "Anonyous Links Expiration Settings Updated Successfully!'" -f Green
}
Catch {
    write-host -f Red "Error:" $_.Exception.Message
}

Never expiry links?
Set the Number of Days to “0”, if you never want your anonymous links to expire!

It’s also possible to set link expiration days at the site level. Here is the PowerShell script:

#connect to SharePoint Online tenant Admin
Connect-SPOService -Url https://crescent-admin.sharepoint.com

#Set Link Expiration
Set-SPOSite -Identity https://crescent.sharepoint.com/sites/marketing -OverrideTenantAnonymousLinkExpirationPolicy $true -AnonymousLinkExpirationInDays 15

This PowerShell overwrites the tenant level setting with the one you specified. If you want to revert to the tenant setting, use:

Set-SPOSite -Identity https://crescent.sharepoint.com/sites/marketing -OverrideTenantAnonymousLinkExpirationPolicy $false -AnonymousLinkExpirationInDays 0 

Salaudeen Rajack

Salaudeen Rajack - SharePoint Expert with Two decades of SharePoint Experience. Love to Share my knowledge and experience with the SharePoint community, through real-time articles!

2 thoughts on “Set Anonymous Link Expiration Settings for SharePoint Online and OneDrive for Business

  • If I set an expiration for anonymous links, does that affect existing links?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *