SharePoint Online supports four sharing link types. Which types are available to users depends on the tenant's external sharing settings and any sensitivity labels applied to the site or its content.
| Link type | Authentication | Who can use it | Expiry option | Risk level |
|---|---|---|---|---|
| Anyone (anonymous) | None required | Anyone with the URL, including unidentified parties | Mandatory expiry configurable by tenant admin | Highest: no identity check on access |
| People in [org] (organisation) | Must sign in with a tenant account | All internal users in the organisation | Optional per-link expiry | Moderate: internal only, but broadly visible |
| Specific people | Must sign in with named email address | Named individuals (internal or external) specified when creating the link | Optional per-link expiry | Lower: controlled recipient list at creation time |
| People with existing access | Must already have site or item access | Users who already have permission to the item via their direct site membership | Not applicable | Lowest: grants no new access; only provides a convenient URL |
What are the four SharePoint Online sharing link types?
Anyone links (anonymous access links)
An Anyone link allows access to the shared file or folder without any sign-in. The person clicking the link does not need a Microsoft account, an Entra ID guest account, or any connection to the organisation's tenant. If the link is forwarded to a third party, that third party can also use it. Anyone links are the highest-risk sharing type for this reason. They cannot be scoped to specific individuals after creation.
Anyone links are disabled by default for new SharePoint Online tenants. Enabling them requires a SharePoint administrator to change the tenant-level external sharing setting; sensitivity label policies can restrict them further. When enabled, tenant admins can set a mandatory expiry period so that no Anyone link can remain valid beyond a defined number of days.
People in [organisation] links
Organisation links are accessible to anyone signed in with an account in the tenant. They function as a broad internal broadcast: any internal user who receives or discovers the URL can use it. These links do not grant access to external users or guests who have not already been added to the tenant's Entra ID directory. They are appropriate for broadly shared internal content (intranet pages, company-wide reference documents) but are not a substitute for deliberately assigned permissions in libraries requiring access control.
Specific People links
Specific People links are sent to a named list of recipients defined at the time of link creation. Each recipient must sign in with the exact email address specified when the link was generated. If a recipient forwards the link to someone not on the original list, the forwarded link will not grant access to the new recipient. This makes Specific People links the safest option for sharing content with external parties, since access remains controlled to the original named set.
External recipients who do not yet have Entra ID guest accounts will be invited to authenticate via a one-time passcode or Microsoft account sign-in, depending on the tenant's Entra B2B settings.
People with existing access links
This link type does not grant any new permissions. It generates a URL that works only for users who already have direct access to the item through their site membership or group assignment. The primary use case is sharing a direct link to a deeply nested file or folder with a colleague who already has access, avoiding the need to navigate the full site structure. It does not appear as a new sharing link in audit logs or permission reports because no access grant is being created.
Permission levels by link type
Available permission levels vary by link type. The table below shows which levels can be assigned when creating each type of sharing link.
| Link type | Available permission levels | Notes |
|---|---|---|
| Anyone (anonymous) | View; Edit; Review (for Office files) | Cannot grant Full Control or Design permission. Blocked entirely if the target file has a sensitivity label that restricts anonymous access. |
| People in [org] | View; Edit | View prevents download for certain media types in Office for the web. Edit allows file modification in browser and via desktop sync. |
| Specific People | View; Edit; Review (for Office files) | Each named recipient receives the same permission level. Different levels per recipient require separate links. |
| People with existing access | Not applicable | Recipient's access level is determined by their existing site, group, or library permissions, not the link. |
Link expiration and tenant-wide admin controls
Settings below are found in the SharePoint admin centre under Policies > Sharing. For a full reference of external sharing settings, see the SharePoint external sharing settings reference.
| Control | Default | What it does |
|---|---|---|
| Allow Anyone links (tenant-level) | Off for new tenants | If disabled, users cannot create anonymous sharing links on any site in the tenant, regardless of site-level settings. Individual sites can be further restricted below the tenant setting but cannot exceed it. |
| Anyone link expiry (mandatory) | No expiry enforced | When set to a number of days, all new Anyone links automatically expire after that period. Existing links created before the setting was applied are not retroactively affected. |
| Allow organisation links | On | Can be disabled at tenant or site level. Disabling prevents users from sharing with all internal users via a single link. |
| Default link type shown to users | Specific people | Controls which link type is pre-selected in the share dialog. Does not prevent users from switching to a different type unless the other type is disabled. Setting this to "Specific people" reduces accidental anonymous sharing. |
| Default link permission | View | Controls whether the share dialog pre-selects View or Edit permission. Users can change this manually when creating a link. |
| Block download for Anyone links | Off | When enabled, Anyone links open content in Office for the web in view-only mode, preventing download. Applies to supported Office file types only. |
| Sensitivity label enforcement | Varies by label policy | Sensitivity labels applied to a site or file can restrict available link types. A label can block Anyone links or restrict sharing to internal-only users, regardless of site-level settings. |
How sharing links appear in permission reports and audit logs
Anyone, Organisation, and Specific People links all appear in the SharePoint Unified Audit Log under the SharingLinkCreated operation when created. Each event records the link type, the target file or folder, the creator's identity, and the permission level granted. Link revocations appear as SharingLinkRevoked events.
People with existing access links do not generate a SharingLinkCreated event because no new access is being granted. They appear in audit logs as a link copy action by the creator but create no new permission entry.
In the SharePoint interface, active sharing links for a file are visible under the file's Manage access panel. This view shows links one file at a time. The native SharePoint admin centre provides no tenant-wide view of sharing links across a site or library; pulling that data requires Microsoft Purview compliance tooling or a third-party export.
ShareMaster's Shared Links and Permissions tool provides a consolidated list of all active sharing links across a site or library, grouped by type and showing creation dates. For the audit workflow and how to act on a sharing links export, see the guide to auditing SharePoint shared links.
Note: Revoking a sharing link removes the access granted by that link. It does not remove any direct permissions the same person holds through site membership, a SharePoint group, or a separate link. If you need to fully remove a user's access, check both their link-based and direct permissions.
Frequently Asked Questions
What is the difference between Anyone and Specific People sharing links in SharePoint?
An Anyone link (anonymous) can be used by any person who receives the URL, with no sign-in required. It grants access to whoever holds the link, including anyone it is forwarded to. A Specific People link is tied to a named list of email addresses; each recipient must sign in with the exact address specified when the link was created. Forwarding a Specific People link to an unlisted recipient does not grant that person access.
Can SharePoint sharing links be set to expire automatically?
Tenant administrators can set a mandatory expiry for Anyone links in the SharePoint admin centre. When set, all new Anyone links automatically expire after the configured number of days. Organisation links and Specific People links do not have a mandatory tenant-level expiry, but the user creating a link can optionally set a custom expiry date when they generate it.
How do I find all active sharing links across my SharePoint tenant?
The standard SharePoint interface only shows sharing links at the individual file level. For a consolidated view across a site or library, ShareMaster's Shared Links and Permissions tool lists all active links by type, target, permission level, and creation date. This is the starting point for a sharing links audit or a pre-deletion cleanup to confirm no access remains after a site is decommissioned.
Learn more about ShareMaster's Shared Links and Permissions tool