How to limit access to files shared with anonymus users?
-
17-01-2021 - |
Question
I have shared a number of files located in my SP Online repository with a number of people outside of the company (mostly subcontractors and vendors). Each file was shared in a form of a link (File -> Share -> Anyone with a link). There are a lot of such files and links has been sent to multiple outside users.
Now I realize that even though there is still a need for the people to view the files, I am uncomfortable with the fact that anyone with a link can access corresponding file.
I could have re-shared the files anew using different settings but there are just too many of the files! Moreover, in doing so I might miss some of the people as files have not been shared in any centralized and controlled fashion (yes, I know...).
Is there any way (either through admin settings or PowerShell scripting) to add some kind of a filter on all outside/anonymous users that can access files shared with them using the "anyone with a link" function? Maybe using IP filtering or adding some kind of a page that requires entering a pass-code?
La solution
You should be able to do this using the O365 content search and a bit of PowerShell:
- Get a list of all shared documents from content search or eDiscovery
- Iterate over this list and use the External Sharing API (CSOM) from PowerShell to un-share and re-share the documents
Content Search Is currently in beta, so you need preview permission to run it. You can access it here: https://protection.office.com/?ContentOnly=1#/contentsearchbeta
Search for all externally shared documents with this query: ViewableByExternalUsers:true AND ContentType:document
This returns everything shared externally, not only the anonymous links. So you have to filter these in PowerShell.
External Sharing API This is a client-side object model (CSOM) API, but it can also be called from PowerShell. You can Share and Unshare objects/documents with it.
Here is a good article explaining how the API works: https://blogs.msdn.microsoft.com/vesku/2015/10/02/external-sharing-api-for-sharepoint-and-onedrive-for-business/
And here is a good example of to use the API from PowerShell: https://drewmadelung.com/sharing-a-file-in-sharepoint-online-or-onedrive-with-powershell/