Do you change link sharing default behaviour?

Loading last updated info...

If you are checking your sites permissions regularly you will probably notice a lot of unique permissions being applied.

❌ Figure: Some items may have unique permissions

The default "Copy Link" setting in SharePoint is usually set to "People from your organization can view this document". This creates a unique sharing link each time it is used, giving people access to the file even if they didn't already. The consequence in SharePoint is that unique permissions are applied to the individual items breaking permission inheritance. It also has performance implications. Links should instead be created with the "People with existing access" setting.

To fix the issue you need to change the default sharing method. There are 2 ways to do this - manually via the GUI or programmatically via PNP.PowerShell.

Method 1 - Manually via SharePoint Admin GUI

In the SharePoint Admin site select the SharePoint site and click Sharing

Figure: Select Sharing

Untick same as organization-level setting | Select People with existing access | Click Save

Figure: Select people with existing access

Repeat for each site

Method 2 - Programmatically via PNP.PowerShell

Run the following PowerShell script to change this default for all sites associated to your SharePoint Hub-Site - This script could be extended to include all sites in your tenant.

#Variables
$AdminCenterURL = "https://sswcom-northwind.sharepoint.com"
$HubSiteURL = "https://sswcom.northwind.com"

#Connect to PnP Online
Connect-PnPOnline -Url $AdminCenterURL -Interactive

#Get the children of the main HubSite
$Hub = Get-PnPHubSiteChild -Identity $HubSiteURL

foreach ($Url in $Hub)
{
    #Remove the "Same as organization-level" setting. Can be set to anything Internal, None or Direct.
    Set-PnPTenantSite -Url $Url -DefaultSharingLinkType Internal

    #Set the Default Link type to be Existing Access
    Set-PnPTenantSite -Url $Url -DefaultLinkToExistingAccess $true
}

Figure: PowerShell to change default link sharing behaviour that affects security

Method 2 - Programmatically via PNP.PowerShell

Run the following PowerShell script to change this default for all sites associated to your SharePoint Hub-Site - This script could be extended to include all sites in your tenant.

#Variables
$AdminCenterURL = "https://sswcom-northwind.sharepoint.com"
$HubSiteURL = "https://sswcom.northwind.com"

#Connect to PnP Online
Connect-PnPOnline -Url $AdminCenterURL -Interactive

#Get the children of the main HubSite
$Hub = Get-PnPHubSiteChild -Identity $HubSiteURL

foreach ($Url in $Hub)
{
    #Remove the "Same as organization-level" setting. Can be set to anything Internal, None or Direct.
    Set-PnPTenantSite -Url $Url -DefaultSharingLinkType Internal

    #Set the Default Link type to be Existing Access
    Set-PnPTenantSite -Url $Url -DefaultLinkToExistingAccess $true
}

Figure: PowerShell to change default link sharing behaviour that affects security

Do you change link sharing default behaviour?

Method 1 - Manually via SharePoint Admin GUI

Method 2 - Programmatically via PNP.PowerShell

Categories

Authors

Related rules

Need help?

Do you change link sharing default behaviour?

Method 1 - Manually via SharePoint Admin GUI

Method 2 - Programmatically via PNP.PowerShell

Categories

Authors

Related rules

Need help?