Forum Discussion
Report on Sharing links for "People in your organization"
Hi,
I'm needing to be able to get a list of active sharing links with "People in your organization", as the permission from within our 365 Sharepoint instance. All advice I can find points to variations of the Report you can get in the Sharepoint Admin centre under "Reports>Data Access Governance>Sharing Links". Which has a report to show all "People in your organization links" created in the last 30 days.
My trouble is I don't need a recent activity list. I need a list of all currently active links. I need ALL links ever created, excluding not those that have already been removed or expired. It would seem that apart from creation activity, there should be a means of searching existing links but I can't find anything anywhere.
Any help in find this would be enormously appreciated,
- The only way would be to iterate over each file and report on any sharing links configured therein. Which depending on the size of your environment might take some time. But it's doable via CSOM or Graph.
Thanks for answer Vasil, albeit is dissapointing to hear that there's not an existing builtin report for that information. If I can ask a parallel question, within the Onedrive interface, users can open the sharing window and see a listing of the files "Shared by me", which essentially builds a user centered version of what I am needing. I was wondering if there is any report similar to that for sharepoint instances tied to Teams?
We mostly need users to be able to audit/verify for themselves what shares they have outstanding. For Onedrive they can already self-serve, if we had something similar for Teams sharepoint instances we'd have much less need to build/run a site wide report on the same.
klassenkbrandonu The most comprehensive way is to use Microsoft Graph API to query all sharing links. You can filter by the type "organization" to only get links shared with people in your organization:
GET https://graph.microsoft.com/v1.0/sites/{site-id}/lists/{list-id}/items/{item-id}/driveItem/permissionsThis will return all active sharing links for that site, list or item. You can tweak the query to meet your specific needs. Also I have heard about some third-party tools doing this work, though I will not promote them here.
Hi klassenkbrandonu ,
I may have misunderstood but I think that the following out of the box report will work for you, but it only applies to the site collection you run it in.
- Go to the SharePoint site you want to report the sharing links for.
- click the Cog menu item (you have to be a site collection admin or Teams Owner)
- click the "Site Usage" menu item
- when the page loads scroll down and under the "Shared with external users" heading click the "run report"
- note displayed below the heading are the sharing links created in the past 30 days, BUT the export contains all sharing links for the entire site.
- You have to save it to a document library within the site.
When I ran it I came up with a CSV that when I filtered as follows:
- Item type = Folder
- User or group = Internal
- Resource path = (the folder I wanted to report on)
I got a list of email addresses that currently had access to the folder I wanted to report on AND the type of Permission they had (read/contribute etc).
For Site admins or those not comfortable with scripting and the Graph api this is a viable alternative.
NOTE
I didn't check extensively but the label for this report is "Shared with external users" BUT the CSV I got seemed to have information about files or folders shared with external and internal users.HiDorje-McKinnon ,
I have tested your suggested procedure and got something that is "almost" what is needed for my situation (very similar one to Original Post).
My company is planning a migration of our prod. tenant to a new tenant in a different geo-region. We need to know who has access to what in SharePoint, and we are trying to get a report of all SharePoint sites showing all specific permissions granted to specific files or folders through sharing links.After I generate the report you mentioned above, I got a file that shows the following in many lines:
It states "SharingLink" but where it should specify the user email, it's blank. Then shows the type is "SharePointGroup", but no information about which group the access was granted to.
Any ideas how to fix that or any alternative way to get this information in an automated way?
We have over 150 SharePoint sites, checking every file/folder shared manually would be undoable.Thank you!
Hi AlejandroGombao ,
Below is a screen shot of the report filtered for one file, and the matching SharePoint "Manage access" screens.
You'll see the Sharing link doesn't have any email addresses, BUT the next row under it does. And from my example you'll see how each row in the spreadsheet matches the "Manage access" permissions.
Note also that "Can edit" actually translates into two rows in the spreadsheet, an Edit row AND a Contribute row.
Sharepoint online > Site usage > Shared with external > Run report CSV related to "manage access" screens
You mention "user email is blank" on the "SharingLink" rows, I think you just need to look at the following row or rows for the actual people the link was shared with. But remember the person sharing a link may have used the copy link function, and manually sent an email. In which case there will be no record of the email addresses the link was sent to in this spreadsheet, because SharePoint wasn't given that information.
You mention that you're migrating 150 sites from one tenant to another tenant in a different region.
I've done migrations like this using PowerShell and the products built to do migrations. I would strongly recommend you either buy a product or engage a contractor who has a migration tool. This sort of migration done manually is VERY challenging. Using a tool built for the purpose will give you and your users a much improved experience. It also has a report that gives you this security type information.
I hope this helps.
- Agree - this is a high priority need for anyone managing a tenant. With the volume of self-setting permissions and bad practices of sharing individual files and folders with internal and external people, you'd think there would be something in SharePoint admin where you could run such a report. I support your question 🙋
