Remove a specific direct share link from SharePoint Online or OneDrive

sharepoint.stackexchange https://sharepoint.stackexchange.com/questions/249791

  •  24-01-2021
  •  | 
  •  

Question

Last year Microsoft added the ability to share files to anyone, regardless if they have a Microsoft account or not. These users will not show up in AzureAD as guest user accounts. I am attempting to expire these cases of direct sharing links after 90 days since their last access. I found the following example to remove all direct sharing links from a single item but have not yet found how to map which links go to which person.

Function Remove-OneDriveSharingLink {

param (   
       $OneDriveURL
   )   
process{

    Connect-PnPOnline -Url $OneDriveURL 
    $Ctx= Get-PnPContext


    $Files= Get-PnPListItem -List "documents"
    foreach( $File in $Files)
      {       
            $Froles= $File.RoleAssignments
            $Ctx.load($Froles)
            $Ctx.ExecuteQuery()

            If($Froles.Count -gt 0)
            {

              for ($i = $Froles.Count -1; $i -ge 0 ; --$i)  
               {   
                  $Link=$Froles[$i].Member
                  $Ctx.Load($Link)
                  $Ctx.ExecuteQuery()
                  If($Link.title -like "SharingLinks*")
                  {
                   $Froles[$i].DeleteObject()
                  }
                  $Link = $null
               }  
              $Ctx.ExecuteQuery()           
             }      
      }

  }
  }

  Remove-OneDriveSharingLink -OneDriveURL "https://tenantname-my.sharepoint.com/personal/alexw_tenantname_onmicrosoft_com"

I have written a script that queries the Audit log looking for SecureLink access, specifically I am querying on the operation SecureLinkUsed. That gives me back all the uses of these types of links (includes all types of users, internal, guest user, and direct links). I filter on urn:spo:guest to get the specific direct link uses to exclude internal and guest users. The audit log contains truly useful information except that the UniqueSharingId is a blank GUID

UniqueSharingId 00000000-0000-0000-0000-000000000000

ListItemUniqueId e7351249-95dd-41d2-b480-673ecb8582fa

ObjectId https://mytenant-my.sharepoint.com/personal/myuser_mytenant_onmicrosoft_com/Documents/Share Test 3

AuditEntryId https://mytenant-my.sharepoint.com/personal/myuser1_mytenant_onmicrosoft_com/Documents/Share Test 3|urn:spo:guest#myuser2@gmail.com

Id ff42cedd-8cc5-4c06-dff9-08d614f86bb1

UserIds urn:spo:guest#myuser2@gmail.com

CreationTime 2018-09-07T19:30:51

But unfortunately I don't get much information back when I get the SecureLink in PowerShell. It looks like the LoginName and Title are configured in the following way:

SharingLinks.ListItemGUID.Flexible.UniqueSharingID

SecureLinkInPowerShell

Does anyone know of a way to find out to whom an external sharing link has been shared?

Was it helpful?

Solution

Looks like you can determine the sharing information via a POST call to the GetSharingInformation REST API like so:

https://tenant.sharepoint.com/_api/web/Lists(@a1)/GetItemById(@2)/GetSharingInformation?@a1='listguid'&@a2='itemID'&$Expand=permissionsInformation,pickerSettings

The linkMembers object will give the username of the specific link.

enter image description here

Found on the cann0n0nf0dder blog.

OTHER TIPS

In response to: Does anyone know of a way to find out to whom an external sharing link has been shared?

Try adding the following:

$Users=@(Get-PnPGroup -Identity $Link.title).Users
$User | Format-Table

Inside statement:

If($Link.title -like "SharingLinks*")
Licensed under: CC-BY-SA with attribution
Not affiliated with sharepoint.stackexchange
scroll top