A shared link is like a spare key. It’s handy until you forget who has a copy, and how many doors it opens.
This share link audit is built for busy admins who need answers fast: Which files are public, which guests are still around, and where “edit” access is too easy to abuse. You’ll also leave with safer defaults you can roll back without drama.
A 15-minute plan, plus a quick risk score you can use today
Timeboxing keeps this from turning into an afternoon project. Run it per department, per VIP user, or per high-risk SharePoint site.
- Minutes 0–3: Pick scope and export evidence. Choose one: “Exec OneDrive,” “Sales Shared Drive,” or “Client Project site.” Plan to export logs or reports before changing anything.
- Minutes 3–8: Find public or anonymous links. These are the quickest wins because you can often restrict them without breaking internal work.
- Minutes 8–12: Find stale guests and broad groups. Look for old vendors, ex-contractors, and “Anyone except external users” style settings.
- Minutes 12–15: Fix the top risks and set safer defaults. Start with link settings and who can share, then schedule a deeper follow-up.
Fast risk scoring rubric (0–10)
Assign points per finding on a file, folder, shared drive, or site. Tackle the highest totals first.
- +5 Public or anonymous link (Google “Anyone with the link,” Microsoft “Anyone” link)
- +3 External guest still has access (especially if last activity is unknown or old)
- +2 Edit rights granted externally (or “can reshare/manage access”)
- +2 Broad audience access (company-wide links, large groups, “Everyone” type access)
- +1 No expiration on external links (or “never expires” defaults)
What to look for, why it’s risky, and how to fix it
| Finding | Why it’s risky | Fix in Google Drive | Fix in OneDrive/SharePoint |
|---|---|---|---|
| Public link (anyone can open) | The link can spread, access is hard to track | File or folder, Share → General access → Restricted | Manage access → remove “Anyone” link, switch to “Specific people” |
| Anonymous link on sensitive content | No identity check, weak audit trail | Replace with named users or a group, turn off “editors can reshare” | Disable “Anyone” links at tenant or site level, require sign-in |
| External guest with edit | Guests can change content, upload malware, or reshuffle folders | Change role to Viewer/Commenter, remove guest if done | Change permission to Can view, remove guest, review site members |
| Folder shared too broadly | Inherited access can expose many subfiles | Fix sharing at the parent folder (inheritance) | Check library and site permissions, stop sharing at the root |
| Old project shared drive/site still open | Forgotten access persists for years | Review shared drive members and roles | Review site sharing policy and site members, remove guests |
| Ex-employee owns key files | Ownership blocks governance and offboarding | Transfer ownership or move into a Shared Drive | Transfer OneDrive content, reassign ownership where needed |
Google Drive: public files, shared drives, and permission inheritance (2026 UI paths)
Start in the Admin Console for a domain view, then confirm in Drive for the exact link and permission state.
1) Find external and visibility changes in Workspace logs (fast triage)
Go to Google Admin Console → Menu → Reporting → Audit and investigation → Drive log events. Add conditions that highlight risky sharing:
- Condition: Visibility change set to External
- Add a date range (last 90 days for speed, last year for deeper review)
- Search, then sort by owner, actor, and event type
- Export results so you have a before-state for rollback and ticket notes
This view answers “who shared what, when,” which matters when you need to ask a team to re-share properly.
2) Find your (or a user’s) public files in Drive web
In drive.google.com, use search: owner:me sharedwith:public. Open the results one by one:
- Right-click item → Share
- Under General access, change Anyone with the link to Restricted
- Use the Share settings (gear icon) to stop permission creep, like turning off Editors can change permissions and share
Important 2026 gotcha: since late 2025, Drive sharing leans harder on inheritance. If a file sits in a shared folder, tightening the file alone may not work the way you expect. Fix the parent folder’s access first, then confirm the file inherits the right level.
3) Audit Shared Drives, not just “My Drive”
Shared Drives often hold the highest-value docs, and they also attract long-lived guest access. In Drive, open the Shared Drive, then Right-click the shared drive → Manage members. Check for external domains, and downgrade roles that can reshuffle content (Manager and Content manager) unless needed. Google’s admin guide on managing shared drives is a good reference when you need to justify role changes to stakeholders.
4) Owner cleanup for offboarding and long-term control
High-risk pattern: a file is still shared safely, but it’s owned by an ex-employee. For critical docs, move them into a Shared Drive (team-owned) or transfer ownership to an active owner, then re-check sharing.
Rollback tip: if you’re unsure, first change Editor → Viewer, then remove access after the team confirms nothing breaks.
OneDrive and SharePoint: use audit logs, link reports, and safer sharing defaults
In Microsoft 365, the fastest way to see what happened is the audit trail, then you tighten link policy where links are being created.
1) Confirm auditing is on (one-time check)
Go to the Microsoft Purview portal and open Audit. If it prompts you to start recording activity, turn it on and wait for data to populate. Microsoft’s reference on sharing auditing in the audit log explains what gets captured and how sharing events appear.
2) Pull sharing events and filter to guests
In Purview Audit, search activities for sharing (for example, “Shared file, folder or site”) and export results. In the export, focus on entries where the target is a Guest (external). Prioritize items that were shared with edit, or shared repeatedly by the same user.
This doesn’t just find “anyone links.” It also finds direct shares to personal external emails that teams forget about.
3) Use SharePoint’s sharing links reporting for site-level hotspots
If you suspect a specific site or library is the problem (client portal, HR site, finance team), use the sharing links activity report. This is often faster than sampling files manually because it highlights where links are being used most.
4) Tighten tenant and site defaults (safe, reversible changes)
In the SharePoint admin center → Policies → Sharing, set defaults that reduce accidental exposure:
- Disable anonymous (“Anyone”) links where your business allows it, or restrict them to a small set of sites
- Set default link type to “Specific people”
- Add expiration for external links (shorter for OneDrive, slightly longer for project sites)
- Use domain allowlists or denylists for external sharing partners
- Limit who can share externally (owners only for sensitive sites)
Microsoft’s guidance on unauthenticated sharing best practices is useful when you need a policy-based reason to turn off “Anyone” links.
Common pitfalls to watch Share links get pasted into chat, email threads, and docs, then copied into new projects. Also, SharePoint site-level sharing can override your intentions, a site set to allow “Anyone” links will keep producing them. With OneDrive’s newer “single link” behavior in many tenants, changing access in Manage access can affect more recipients than the user expects, so communicate before you revoke broad links.
Rollback tip: tighten by stages. First require sign-in, then require “Specific people,” then reduce external domains if needed.
Conclusion
A quick share link audit isn’t about locking everything down, it’s about removing the easy mistakes: public links that shouldn’t exist, guests who never got removed, and edit rights that spread quietly.
Pick one high-value scope today, export what you find, fix the top two risks, then set safer defaults. If you repeat this monthly, the “spare keys” problem stays small, and your teams won’t feel the changes as a surprise.
