Set Anonymous Link Expiration Settings for SharePoint Online and OneDrive for Business

Requirement: Configure Anonymous Link Expiration for SharePoint Online and OneDrive.

Anonymous links Expiration is a security best practice in SharePoint Online, and This allows SharePoint Online administrators to set the maximum expiration duration for items shared via anonymously shared links. You can set the SharePoint Online guest link expiration at the tenant level. This ensures that external users can only access the shared content for a limited period and prevents unauthorized access if the link is shared accidentally or maliciously.

To set Anyone links expiry days, follow these steps:

  1. Login to the SharePoint admin center.
  2. Click on Policies >> Sharing >> Tick the checkbox next to “These links must expire within this many days” and set the number of days the guest link can be active. E.g., 30
  3. Click “Save” at the bottom of the page to save your changes.
SharePoint Online Anonymous Link Expiration

This enforces a mandatory expiration date for your anonymous links on the tenant level and determines the lifespan of anonymously shared links. If you don’t set these expiry days: it defaults to 730 days (2 years! That’s the maximum days you can set!)

Open SharePoint Online Management Shell and run this PowerShell script to configure guest link expiration in SharePoint Online.

#SharePoint Admin Center URL
$AdminCenterURL = "https://Crescent-admin.sharepoint.com"

#Connect to SharePoint Online
Connect-SPOService -URL $AdminCenterURL -Credential (Get-Credential)

#Set Expiration Days for Anonymous links
Set-SPOTenant -RequireAnonymousLinksExpireInDays 30

Now, when you try to share an anonymous link, the link expiry days will be set to 30 by default (or whatever you configured). You can change the expiration date by providing a day lesser than the value configured at the tenant level. Still, you can’t set the expiry date beyond the limit you set in the above PowerShell script in SharePoint Online Admin Center! This makes the link invalid after a certain number of days are configured.

sharepoint online share link expiration

If you try to change the link expiration date beyond the limit set, You’ll receive an error “Your organization’s policy doesn’t allow links to stay active for more than 30 days.” This expiry day setting applies to both SharePoint Online and OneDrive, minimizing the security risk.

#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
Add-Type -Path "C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.Online.SharePoint.Client.Tenant.dll"

#Parameters
$AdminSiteURL="https://crescent-admin.sharepoint.com/"
$DaysToExpire = 7

#Get Credentials to connect
$Cred= Get-Credential

Try {
    #Setup the context
    $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($AdminSiteURL)
    $Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)

    #Get the Tenant
    $Tenant= New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($Ctx)
    $Ctx.Load($Tenant)
    $Ctx.ExecuteQuery()

    #Set Tenant Anonymous Link Expiration Days Settings
    $Tenant.RequireAnonymousLinksExpireInDays= $DaysToExpire
    $Ctx.ExecuteQuery()

    Write-host "Anonyous Links Expiration Settings Updated Successfully!'" -f Green
}
Catch {
    write-host -f Red "Error:" $_.Exception.Message
}

Never expiry links?
Set the Number of Days to “0”, if you never want your anonymous links to expire!

It’s also possible to set link expiration days at the site level. Here is the PowerShell script:

#connect to SharePoint Online tenant Admin
Connect-SPOService -Url https://crescent-admin.sharepoint.com

#Set Link Expiration
Set-SPOSite -Identity https://crescent.sharepoint.com/sites/marketing -OverrideTenantAnonymousLinkExpirationPolicy $true -AnonymousLinkExpirationInDays 15

This PowerShell overwrites the tenant-level setting with the one you specified. If you want to revert to the tenant setting, use the following:

Set-SPOSite -Identity https://crescent.sharepoint.com/sites/marketing -OverrideTenantAnonymousLinkExpirationPolicy $false -AnonymousLinkExpirationInDays 0 

Here is the PnP PowerShell to set the link expiration settings at the tenant and site levels using Set-PnPTenant and Set-PnPTenantSite cmdlets:

#Connect to the Tenant
Connect-PnPOnline -Url "https://crescent-admin.sharepoint.com" -Interactive

#Set Tenant Level Link Expiry
Set-PnPTenant -RequireAnonymousLinksExpireInDays 30 

#Set Site Level Expiration Policy
Set-PnPTenantSite -Identity "https://crescent.sharepoint.com/sites/retail" -AnonymousLinkExpirationInDays 30

Once the expiration date is set, the Anyone Link will automatically expire at the specified time and the external users will no longer have access to the shared content.

Salaudeen Rajack

Salaudeen Rajack - Information Technology Expert with Two-decades of hands-on experience, specializing in SharePoint, PowerShell, Microsoft 365, and related products. He has held various positions including SharePoint Architect, Administrator, Developer and consultant, has helped many organizations to implement and optimize SharePoint solutions. Known for his deep technical expertise, He's passionate about sharing the knowledge and insights to help others, through the real-world articles!

4 thoughts on “Set Anonymous Link Expiration Settings for SharePoint Online and OneDrive for Business

  • Hello, is there a way to automate the expiration link when it has expired to reactive the link. Rather than manually updating the expiration to reactivate the link.

    Reply
  • Hi there,
    we do not have “anonymouse links” enabled in our thenant.
    Either way we activated expiration date for guest access. As this feature DOES NOT apply to existing sharing links we need to do this manually, but how? We want to make sure that there is not existing sharing link without an expiration date.
    Does anyone have an idea how to solve this?

    Reply
  • If I set an expiration for anonymous links, does that affect existing links?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *