Marcus joined Hartley Financial as its first dedicated Microsoft 365 administrator. The previous admin had left six months earlier, and in the gap nobody had actively managed the SharePoint Online environment. On his first day, Marcus pulled up the SharePoint admin centre and found 47 active site collections, no documentation, external sharing enabled at the tenant level, and hundreds of shared links with no expiry dates. He did not know where to start.
This use case follows the three-week process Marcus used to get the tenant under control, using ShareMaster without writing a single line of PowerShell.
What a Neglected SharePoint Tenant Typically Looks Like
Marcus's situation is common. When SharePoint Online grows without a dedicated admin, it usually accumulates the same set of problems:
- Shared links created by ex-employees that are still active and accessible to anyone with the URL
- Unique permission overrides scattered across libraries and folders, making the permission model impossible to follow at a glance
- External users in site collections who no longer work with the organisation
- Recycling Bins filled with years of deleted content, counting against storage quota
- Version history growing unchecked, sometimes representing three to five times the volume of live file content
- No audit record of who changed permissions or when
None of these problems are hard to fix in isolation. The challenge is knowing where they all are across dozens of sites before you can start.
Week 1: Building an Inventory with Report Master
Phase: Understand before acting
Marcus's first priority was a complete picture of the tenant, not action. Acting before understanding the landscape is how things break in a shared environment.
Permission matrix export
He used ShareMaster's Report Master to run a permission matrix report across the ten most-used site collections, identified by activity levels in the SharePoint admin centre. The Excel export came back in a few minutes and showed every user and security group with access to each site, their permission level, and whether access came from inheritance or a unique override.
Three patterns appeared immediately. Seven accounts belonging to former employees still had Contributor access to client-facing document libraries. Two external guest accounts that had never been removed were still active in the company intranet. One finance library had 34 items with unique permissions breaking the inheritance chain for that folder structure.
Shared links report
The shared links picture was more concerning. Across the ten site collections, Report Master found 412 active shared links. Of those, 318 had no expiry date. Filtering by creator, Marcus found that 87 links had been created by seven people who had since left the company. Anonymous links, accessible to anyone with the URL regardless of Microsoft 365 account, accounted for 23 of the total.
This kind of visibility is impossible to build from the SharePoint admin centre alone without custom PnP PowerShell scripting. For a step-by-step guide to running this report yourself, see how to audit SharePoint shared links.
Week 2: Fixing the Security Issues First
Revoking ex-employee shared links
Using ShareMaster's Shared Links and Permissions tool, Marcus filtered all links by creator and selected the 87 links belonging to former staff. He revoked them in a single bulk operation. Each revocation removes the link without affecting the underlying file. Any current employee with a legitimate reason to share that content would generate a new link, this time with an expiry date.
Marcus reviewed the 23 anonymous links individually. Nineteen were internal training documents that should never have been shared that way. Four were marketing assets intended to be public but had been shared via anonymous link rather than through the proper public-facing portal. He revoked all 23.
Explore Shared Links and PermissionsRemoving stale external users and broken inheritance
Marcus removed the two external guest accounts through the Microsoft Entra ID admin centre. For the finance library with 34 unique permission overrides, he used ShareMaster's Explore Master to review the inheritance chain, then used Report Master to confirm what the correct clean state should look like before making changes. Marcus reset the library to inherit from the parent site and replaced the 34 individual overrides with a single Entra ID security group.
For a full walkthrough of the permissions audit process, see how to audit SharePoint Online permissions.
Week 3: Storage Cleanup
Phase: Reclaim quota
With the security work complete, Marcus turned to storage. Report Master's storage export showed the tenant at 71% capacity overall, with three site collections above 85%.
The culprit in two of the three was version history. The sales team's document library had the SharePoint default of 500 major versions per file enabled, and had been active for six years. Version data alone was consuming roughly four times the volume of live file content. Marcus used Space Master's Version Trimmer to set a maximum of 20 major versions per file and ran the trim across the three heavy libraries. Storage in those libraries dropped by more than 60%.
The Recycling Bin across all ten site collections held 8.3 GB of deleted content, items accumulated over six years with no systematic clearing. Recycle Master gave Marcus a view of all bin contents organised by deletion date, and let him clear the bins in a single operation after confirming there was nothing worth restoring.
Three Weeks Later: What Changed
| Issue | Before | After |
|---|---|---|
| Active links created by ex-employees | 87 | 0 |
| Anonymous shared links | 23 | 0 |
| Stale external guest accounts | 2 | 0 |
| Tenant storage utilisation | 71% | 44% |
| Site collections above 85% capacity | 3 | 0 |
| Documented permission model | None | Excel export for each site collection |
Marcus now runs a Report Master permission export monthly and reviews shared links quarterly. The first time he ran these, they were remediation projects spanning weeks. Now each takes about 20 minutes.
Frequently Asked Questions
How long does a full SharePoint tenant permissions audit take?
With manual SharePoint admin centre reports, a full audit across 50 or more sites can take several days. ShareMaster's Report Master generates a permission matrix export for an entire site collection in a few minutes, reducing the discovery phase from days to hours.
Can I see who created a shared link in SharePoint Online?
Yes. SharePoint Online records the creator and creation date of each shared link. ShareMaster's Shared Links and Permissions tool surfaces this information alongside the link type, expiry status, and target item, so you can identify links from former employees and revoke them in bulk.
Is it safe to bulk-revoke shared links in SharePoint Online?
Yes. Revoking a shared link removes access for anyone using that link but does not delete or alter the underlying file. If a legitimate user was relying on the link, they would need to request a new one. For links created by former employees or with no expiry date, revocation is generally the right action.
Try ShareMaster free for 14 days