Do you change link sharing default behaviour?

Last updated by Jack Pettit [SSW] 5 months ago.See history

If you are checking your sites permissions regularly you will probably notice a lot of unique permissions being applied.

Figure: Some items may have unique permissions

The default "Copy Link" setting in SharePoint is usually set to "People from your organization can view this document". This creates a unique sharing link each time it is used, giving people access to the file even if they didn't already. The consequence in SharePoint is that unique permissions are applied to the individual items breaking permission inheritance. It also has performance implications. Links should instead be created with the "People with existing access" setting.

To fix the issue you need to change the default sharing method. There are 2 ways to do this - manually via the GUI or programmatically via PNP.PowerShell.

Method 1 - Manually via SharePoint Admin GUI

  1. In the SharePoint Admin site select the SharePoint site and click Sharing
    Figure: Select Sharing
  2. Untick same as organization-level setting | Select People with existing access | Click Save
    Figure: Select people with existing access
  3. Repeat for each site

Method 2 - Programmatically via PNP.PowerShell

  1. Run the following PowerShell script to change this default for all sites associated to your SharePoint Hub-Site - This script could be extended to include all sites in your tenant.
$AdminCenterURL = ""
$HubSiteURL = ""

#Connect to PnP Online
Connect-PnPOnline -Url $AdminCenterURL -Interactive

#Get the children of the main HubSite
$Hub = Get-PnPHubSiteChild -Identity $HubSiteURL

foreach ($Url in $Hub)
    #Remove the "Same as organization-level" setting. Can be set to anything Internal, None or Direct.
    Set-PnPTenantSite -Url $Url -DefaultSharingLinkType Internal

    #Set the Default Link type to be Existing Access
    Set-PnPTenantSite -Url $Url -DefaultLinkToExistingAccess $true

Figure: PowerShell to change default link sharing behaviour that affects security

We open source. Powered by GitHub