Microsoft announced in a recent Microsoft 365 Admin Center message that administrators will be able to make a change to SharePoint site Sharing settings so the default Sharing Link will be for “People with existing access”. This is a useful option because it allows people to simply share a link with someone who already has access to the content, but just needs to be directed to it – for example sharing a news article from a Communication site. This type of Sharing Link does not break permission inheritance on the item as other sharing links do. In this article, we’ll walk you through making this configuration change, and see in detail how it works.
To view the current Sharing default for a site, go to the Active Sites page in the SharePoint Admin Center, select the appropriate site, and select Sharing from the menu.
You may see that this site’s default Sharing link is set to be the same as your Organization-level setting, as in this example. You can change this via the UI, but as you can see, the only options are:
- Specific people
- Only people in your organization
- Anyone with the link
[Note that Anyone with the link may be greyed out depending on your organization’s anonymous sharing policies.]
If you open the Share dialog on an item in SharePoint, and click on the chevron to see the other options, you’ll see there’s a fourth option: People with existing access.
But there isn’t a way in the Admin Center to select that as the default option for your users to see when they share. This is what the new feature remedies.
Microsoft has said that in the future this option will be available in the UI, but as of this writing (late January 2020) it must be set using PowerShell. Also, this feature is currently only available in Targeted Release tenants; Microsoft has said it will roll out generally by the end of March 2020.
Here’s how to enable this option: After connecting to SharePoint Online with the SharePoint Online Management Shell, use the Set-SPOSite cmdlet with the -DefaultLinkToExistingAccess parameter:
Set-SPOSite -identity https://YourTenant.sharepoint.com/sites/YourSite -DefaultLinkToExistingAccess 1
Here, 1 represents True.
Now, when you Share an item within that site, you should see that People with existing access is now the default.
Other options can still be selected, but it’s easier for users to accept that default option if that’s what you want them to usually do.
Compare sharing behavior
Let’s take a look at what this means for the resulting permissions…
If the default sharing link is People in your organization (and a user accepts the default), this creates a Sharing Link and also breaks permission inheritance on that item, so it no longer will inherit permissions from the list or library.
For example, here we’ve shared the Products Tour file with Test User 2 (who is in our organization).
Using Lightning Tools DeliverPoint, we can run a Discover Permissions on this document library, selecting the option to show Unique items. Here we see that the “Products Tour” file now has unique permissions, and Test User 2 now has Contribute permission via a Sharing Link.
After using PowerShell to change the default sharing setting to People with existing access, we’ll accept the default to share the “Your thoughts about permissions” file with Test User 2.
Again using DeliverPoint’s Discover Permissions report, we can see that “Your thoughts about permissions” is NOT listed as an item with unique permissions; it’s still inheriting permissions from the library.
We hope you’ve found this useful!
Reference: Microsoft documentation
If you want to learn more about how easy it can be to report on and manage permissions with DeliverPoint, check out this introductory video or enroll in one of our upcoming webinars.