Remove a specific direct share link from SharePoint Online or OneDrive
-
24-01-2021 - |
Question
Last year Microsoft added the ability to share files to anyone, regardless if they have a Microsoft account or not. These users will not show up in AzureAD as guest user accounts. I am attempting to expire these cases of direct sharing links after 90 days since their last access. I found the following example to remove all direct sharing links from a single item but have not yet found how to map which links go to which person.
Function Remove-OneDriveSharingLink {
param (
$OneDriveURL
)
process{
Connect-PnPOnline -Url $OneDriveURL
$Ctx= Get-PnPContext
$Files= Get-PnPListItem -List "documents"
foreach( $File in $Files)
{
$Froles= $File.RoleAssignments
$Ctx.load($Froles)
$Ctx.ExecuteQuery()
If($Froles.Count -gt 0)
{
for ($i = $Froles.Count -1; $i -ge 0 ; --$i)
{
$Link=$Froles[$i].Member
$Ctx.Load($Link)
$Ctx.ExecuteQuery()
If($Link.title -like "SharingLinks*")
{
$Froles[$i].DeleteObject()
}
$Link = $null
}
$Ctx.ExecuteQuery()
}
}
}
}
Remove-OneDriveSharingLink -OneDriveURL "https://tenantname-my.sharepoint.com/personal/alexw_tenantname_onmicrosoft_com"
I have written a script that queries the Audit log looking for SecureLink
access, specifically I am querying on the operation SecureLinkUsed
. That gives me back all the uses of these types of links (includes all types of users, internal, guest user, and direct links). I filter on urn:spo:guest
to get the specific direct link uses to exclude internal and guest users. The audit log contains truly useful information except that the UniqueSharingId
is a blank GUID
UniqueSharingId 00000000-0000-0000-0000-000000000000
ListItemUniqueId e7351249-95dd-41d2-b480-673ecb8582fa
ObjectId https://mytenant-my.sharepoint.com/personal/myuser_mytenant_onmicrosoft_com/Documents/Share Test 3
AuditEntryId https://mytenant-my.sharepoint.com/personal/myuser1_mytenant_onmicrosoft_com/Documents/Share Test 3|urn:spo:guest#myuser2@gmail.com
Id ff42cedd-8cc5-4c06-dff9-08d614f86bb1
UserIds urn:spo:guest#myuser2@gmail.com
CreationTime 2018-09-07T19:30:51
But unfortunately I don't get much information back when I get the SecureLink in PowerShell. It looks like the LoginName
and Title
are configured in the following way:
SharingLinks.ListItemGUID.Flexible.UniqueSharingID
Does anyone know of a way to find out to whom an external sharing link has been shared?
Solution
Looks like you can determine the sharing information via a POST call to the GetSharingInformation
REST API like so:
https://tenant.sharepoint.com/_api/web/Lists(@a1)/GetItemById(@2)/GetSharingInformation?@a1='listguid'&@a2='itemID'&$Expand=permissionsInformation,pickerSettings
The linkMembers
object will give the username of the specific link.
OTHER TIPS
In response to: Does anyone know of a way to find out to whom an external sharing link has been shared?
Try adding the following:
$Users=@(Get-PnPGroup -Identity $Link.title).Users
$User | Format-Table
Inside statement:
If($Link.title -like "SharingLinks*")