Attaching Onedrive file default permissions

Brass Contributor



I have a question, been looking into it and can't find a solution.


When our users open a new email and attach a OneDrive file the default permission is anybody in the organisation can edit.  This seems to be a bit insane to me :)  Is there somewhere I can change that default?


Also if you then discard the email the file is shared with the organisation anyway.





13 Replies

I think this is still not possible for now to change default permission in attaching OneDrive file to Outlook but you could submit and add your vote in Office 365 User Voice because Microsoft might consider to include this on their future updates.

Thanks. will add my vote. I still can't believe somebody thought this was the best default option to use.
So I did some testing and any one you send the file to can edit it!

Here's what I did:

1) Removed all Sharing from the file in OD
2) In the file level permissions, made it read-only
3) sent it externally

I was able to download the file when it was received at an external email address and once downloaded, click on Enable Edit and was able them!

Opps, not good!

Hopefully MS fixes this.

It's worse for us as once the file has been sent all of the organisation can edit it.

The recently introduced some changes that give us more contrl over this:


But in general I would appreciate a setting that allows us to set a global "read-only", as even with the above improvements it doesnt seem to be possible atm.

Yeah, still waiting for the global setting. I already had those settings mentioned in that link, that was what made me realise the problem was there. :)

I first noticed this in Outlook on the Web in April.  I opened an Office 365 case that was not helpful at all then opened a Premier case which was not helpful either.  I was told this was the way Modern Attachments have always behaved but I disagree.  Premier support said my feature request was forwarded to the product team and that is the last information that I have received.  In May when my Office C2R bits updated to build 1704.8067.2115 Outlook started assigning default permissions as organization can edit.  The documentation here says "message recipients are automatically given permission to edit the file"  -  I also have  a screenshot of the Office365 roadmap from May that shows "modern attachments are shared by default with recipients can edit."  I hope this information helps someone else and hope this will be configurable at the tenant level in the near future.


Note - When the attachment is applied "organization can edit" permissions it is actually an anonymous link rather than setting permissions on the file (won't show up in Delve).  Once the link is clicked by a user then that user shows permissions to the file.

I've noticed something else now. If you attach the file to an email and change your mind and remove it or discard the email, you then have to go and manually remove those permissions. I can see chaos on the horizon.



Is there any update on this setting as our organization also runs in to this issue.

We don't want the Organization Can Edit setting by default, but we want "Recepient can Edit" as default.

  • Open Office 365 SharePoint admin center
  • Click sharing
  • Set the default link type to direct. 

    This will set the default permissions to recipients can edit.

Hi Mike,


Thank  you for your reply. I checked this but this setting is already set like you suggested.



What permissions are the default when using Outlook web rather than the client?  There was a time when Outlook Web was setting "recipients can edit" and the client was still setting "org can edit."  This was fixed in a Click to Run update.

Also, at one point I had to move that switch from direct to internal, save, then change it back to direct and save.  Maybe you need to try the same.

@Aljohn Bonifacio 

in 1-30-23 it is a simple click in Sharepoint admin center.