Changes to link sharing defaults in SharePoint Online

Just a quick note (followed by a quick rant) on a recent change to sharing in Office 365 (both SharePoint Online and OneDrive for Business) that's caused us a couple of issues over the last week.

The issue came to light when a team member tried to get the URL of a document in a SharePoint Online document library. You'll be aware that you can't just right-click and copy the URL in SharePoint - instead you can either right-click the document and then click Get a link on the context menu, or you can select the document and click Get a link on the toolbar:

My user - who has permissions to edit the document in question - was presented with a nasty error message:

Couldn't create the link - Attempted to perform an unauthorized operation

The reason for this is that when you get a link in SharePoint Online (or OneDrive for Business), it now defaults to creating a link that grants anonymous access to the document. If you've locked down anonymous sharing on your site collection, the user will get an error message instead.

If you want to change this behaviour, head over to the SharePoint admin center and browse to the sharing settings. Then change this:

Default link type: Anonymous Access - anyone with the link

To this:

Default link type: Direct - only people who have permission

Now, when my users go to get a link, they literally get a link. They're not creating an anonymous access URL with an embedded OAuth token, they're not granting anyone access who doesn't already have access, they're literally just getting the URL for the document.

Quick rant: I really don't understand the rationale behind this new default - if I'd wanted to give new people access to a document, I'd have clicked Share. Surely the most common scenario, and the most sensible default, is to leave permissions alone and just get a link.

Note that you can configure these sharing settings separately for SharePoint and for OneDrive for Business (now that OneDrive has its own admin center in Office 365). This probably isn't a bad idea - in OneDrive I'm more likely to be inviting someone within the organisation who doesn't already have access, whereas in a SharePoint document library I want minimum deviation from the site permissions.


Popular posts from this blog

The target principal name is incorrect. Cannot generate SSPI context.

Server-side activities have been updated

Versioning SharePoint Framework Packages