When files and folders in SharePoint Online and OneDrive are shared externally, it’s crucial to monitor them and revoke links that no longer need access. Using PnP PowerShell, administrators can:
✔ List all externally shared links
✔ Identify sensitive file shares
✔ Revoke specific sharing links
✔ Automate the process to enhance security
This guide walks through the process step by step.
Step 1: Install and Connect PnP PowerShell
Ensure you have PnP PowerShell installed:
Install-Module -Name PnP.PowerShell -Force -AllowClobber
Update-Module -Name PnP.PowerShell
Connect to SharePoint Online with admin credentials:
Connect-PnPOnline -Url "https://yourtenant-admin.sharepoint.com" -Interactive
Step 2: Retrieve Externally Shared Links
To list all externally shared files in a specific site:
$siteUrl = "https://yourtenant.sharepoint.com/sites/YourSite"
# Connect to the site
Connect-PnPOnline -Url $siteUrl -Interactive
# Get all shared files
$sharedFiles = Get-PnPListItem -List "Documents" | Where-Object { $_.FieldValues["SharedWithUsers"] -ne $null }
# Display results
foreach ($file in $sharedFiles) {
Write-Host "File: $($file.FieldValues['FileRef'])"
Write-Host "Shared With: $($file.FieldValues['SharedWithUsers'])"
Write-Host "--------------------------------"
}
✔ Identifies all externally shared files within a site.
Step 3: Export External Sharing Report
To generate a report of all externally shared files and export it to CSV:
$reportPath = "C:\Reports\ExternalSharingReport.csv"
$siteUrl = "https://yourtenant.sharepoint.com/sites/YourSite"
# Connect to the site
Connect-PnPOnline -Url $siteUrl -Interactive
# Fetch shared files
$sharedFiles = Get-PnPListItem -List "Documents" | Where-Object { $_.FieldValues["SharedWithUsers"] -ne $null }
$reportData = @()
foreach ($file in $sharedFiles) {
$reportData += [PSCustomObject]@{
FileName = $file.FieldValues["FileRef"]
SharedWith = $file.FieldValues["SharedWithUsers"]
SharedBy = $file.FieldValues["Author"]
SharingTime = $file.FieldValues["Created"]
}
}
# Export to CSV
$reportData | Export-Csv -Path $reportPath -NoTypeInformation
Write-Host "External sharing report generated: $reportPath"
✔ Creates a CSV report with details of externally shared files.
Step 4: Revoke a Specific Sharing Link
To remove a specific sharing link from a file:
$fileUrl = "/Shared Documents/SensitiveFile.pdf"
# Revoke all sharing links on the file
Revoke-PnPFileSharingLink -FileUrl $fileUrl
Write-Host "All sharing links revoked for: $fileUrl"
✔ Ensures that no external user can access the file anymore.
Step 5: Bulk Revoke External Sharing Links
To remove all external sharing links across an entire SharePoint site:
$siteUrl = "https://yourtenant.sharepoint.com/sites/YourSite"
# Connect to the site
Connect-PnPOnline -Url $siteUrl -Interactive
# Fetch all externally shared files
$sharedFiles = Get-PnPListItem -List "Documents" | Where-Object { $_.FieldValues["SharedWithUsers"] -ne $null }
foreach ($file in $sharedFiles) {
Revoke-PnPFileSharingLink -FileUrl $file.FieldValues["FileRef"]
Write-Host "Revoked sharing for: $($file.FieldValues['FileRef'])"
}
Write-Host "All external sharing links have been revoked."
✔ Removes all external links from shared files.
Step 6: Automate Monitoring and Revocation
To schedule automatic monitoring and revocation of external links:
- Save the script as
RevokeExternalSharing.ps1. - Open Task Scheduler → Create Basic Task.
- Set Trigger → Daily or Weekly.
- Set Action → Start a Program.
- Use the following PowerShell command:
-ExecutionPolicy Bypass -File "C:\Scripts\RevokeExternalSharing.ps1"
✔ Automatically removes outdated external sharing links.