SharePoint Expiring Access Policy Controls Sharing Links Issued to Guests
In the summer, Microsoft introduced an expiring access policy for external users in SharePoint Online sites and OneDrive for Business accounts. In a nutshell, a tenant can set a policy to control the number of days a sharing link lasts after a user shares some content with an Azure AD guest account (created automatically when sharing with an external user). The expiring access policy doesn’t apply to guest accounts who access content through their membership of Microsoft 365 groups (teams). Their ability to work with content in SharePoint Online is controlled by the guest’s membership instead of a sharing link.
By default, the expiring access policy is not set. A tenant or SharePoint administrator must enable it and define the sharing period in the Sharing section of the SharePoint Online admin center (Figure 1). The period can be from 30 to 730 days.
Figure 1: Configuring an external access expiration policy in the SharePoint Online admin center
Once set, the policy applies to new sharing links. It also applies retrospectively to old links. The policy defined in the SharePoint Online admin center applies to all SharePoint sites and OneDrive for Business accounts. You can override the expiration period on a per-site basis.
Unlike other expiration policies used in Microsoft 365, like the Teams meeting recording auto-expiration policy or even retention policies and labels, content remains unaffected when an expiration period lapses. The only effect is on the sharing link which becomes invalid and unusable for access.
What Happens When Sharing Links Expire
As sharing links approach expiration, users receive warnings through two means. First, a banner appears in OneDrive for Business (Figure 2). The text could be better as it’s a sharing link which expires rather than a user. The Azure AD guest account will remain and can be used for other purposes, such as other sharing links or as a member of a group or team. The logic here might be that people manage sharing access on a user-by-user basis, so it’s appropriate to refer to users expiring.
Figure 2: OneDrive for Business flags that some sharing links are expiring
The second method is email. SharePoint sends a note to people to advise them when sharing links are within ten days of expiration (Figure 3). In both cases, the Manage (or Manage access) link allows the user to update the soon-to-expire sharing links.
Figure 3: SharePoint sends email to notify about approaching expirations
Clicking the link brings up the Access Expiration fly-out pane (Figure 4), which lists all sharing links created by the user subject to the expiring access policy. As you can see, some of the links are quite a long way off because the tenant has a 120-day expiration policy.
Figure 4: Managing the expiration of sharing links
To extend the validity of a sharing link, select a user and click Yes, extend (Figure 5). SharePoint Online will then extend the sharing link by the maximum period allowed, in this case 120 days from the current date. You can also remove a sharing link if it’s no longer needed.
Figure 5: Extending access for a sharing link
Good Practice to Implement Expiring Access Policy
It’s good practice and makes good sense for Microsoft 365 tenants to implement an expiring access policy. Many expiring sharing links will need no intervention by content owners when they expire. Other links will need an extension, which is a quick and low friction action. Overall, there’s nothing much to dislike about implementing an expiring access policy where links expire after a reasonable period, like 90 to 120 days. Organizations which store more sensitive content in SharePoint could reduce the expiration period and couple expiration with the targeted availability to content available with sensitivity labels.
Learn how to exploit the Office 365 data available to tenant administrators through the Office 365 for IT Pros eBook. We love figuring out how things work.
Regarding the message: “Review users who will lose access to [Tony Redmond] soon.”
What kind of resource is [Tony Redmond]? Is it the name of a shared file, a folder or the SPO/ODfB site name?
I don’t believe so. You might be able to scan the Office 365 audit log for sharing link creation events and use that to generate email to site owners to remind them that links will expire.
{"id":null,"mode":"button","open_style":"in_modal","currency_code":"EUR","currency_symbol":"\u20ac","currency_type":"decimal","blank_flag_url":"https:\/\/office365itpros.com\/wp-content\/plugins\/tip-jar-wp\/\/assets\/images\/flags\/blank.gif","flag_sprite_url":"https:\/\/office365itpros.com\/wp-content\/plugins\/tip-jar-wp\/\/assets\/images\/flags\/flags.png","default_amount":100,"top_media_type":"featured_image","featured_image_url":"https:\/\/office365itpros.com\/wp-content\/uploads\/2022\/11\/cover-141x200.jpg","featured_embed":"","header_media":null,"file_download_attachment_data":null,"recurring_options_enabled":true,"recurring_options":{"never":{"selected":true,"after_output":"One time only"},"weekly":{"selected":false,"after_output":"Every week"},"monthly":{"selected":false,"after_output":"Every month"},"yearly":{"selected":false,"after_output":"Every year"}},"strings":{"current_user_email":"","current_user_name":"","link_text":"Virtual Tip Jar","complete_payment_button_error_text":"Check info and try again","payment_verb":"Pay","payment_request_label":"Office 365 for IT Pros","form_has_an_error":"Please check and fix the errors above","general_server_error":"Something isn't working right at the moment. Please try again.","form_title":"Office 365 for IT Pros","form_subtitle":null,"currency_search_text":"Country or Currency here","other_payment_option":"Other payment option","manage_payments_button_text":"Manage your payments","thank_you_message":"Thank you for supporting the work of Office 365 for IT Pros!","payment_confirmation_title":"Office 365 for IT Pros","receipt_title":"Your Receipt","print_receipt":"Print Receipt","email_receipt":"Email Receipt","email_receipt_sending":"Sending receipt...","email_receipt_success":"Email receipt successfully sent","email_receipt_failed":"Email receipt failed to send. Please try again.","receipt_payee":"Paid to","receipt_statement_descriptor":"This will show up on your statement as","receipt_date":"Date","receipt_transaction_id":"Transaction ID","receipt_transaction_amount":"Amount","refund_payer":"Refund from","login":"Log in to manage your payments","manage_payments":"Manage Payments","transactions_title":"Your Transactions","transaction_title":"Transaction Receipt","transaction_period":"Plan Period","arrangements_title":"Your Plans","arrangement_title":"Manage Plan","arrangement_details":"Plan Details","arrangement_id_title":"Plan ID","arrangement_payment_method_title":"Payment Method","arrangement_amount_title":"Plan Amount","arrangement_renewal_title":"Next renewal date","arrangement_action_cancel":"Cancel Plan","arrangement_action_cant_cancel":"Cancelling is currently not available.","arrangement_action_cancel_double":"Are you sure you'd like to cancel?","arrangement_cancelling":"Cancelling Plan...","arrangement_cancelled":"Plan Cancelled","arrangement_failed_to_cancel":"Failed to cancel plan","back_to_plans":"\u2190 Back to Plans","update_payment_method_verb":"Update","sca_auth_description":"Your have a pending renewal payment which requires authorization.","sca_auth_verb":"Authorize renewal payment","sca_authing_verb":"Authorizing payment","sca_authed_verb":"Payment successfully authorized!","sca_auth_failed":"Unable to authorize! Please try again.","login_button_text":"Log in","login_form_has_an_error":"Please check and fix the errors above","uppercase_search":"Search","lowercase_search":"search","uppercase_page":"Page","lowercase_page":"page","uppercase_items":"Items","lowercase_items":"items","uppercase_per":"Per","lowercase_per":"per","uppercase_of":"Of","lowercase_of":"of","back":"Back to plans","zip_code_placeholder":"Zip\/Postal Code","download_file_button_text":"Download File","input_field_instructions":{"tip_amount":{"placeholder_text":"How much would you like to tip?","initial":{"instruction_type":"normal","instruction_message":"How much would you like to tip? Choose any currency."},"empty":{"instruction_type":"error","instruction_message":"How much would you like to tip? Choose any currency."},"invalid_curency":{"instruction_type":"error","instruction_message":"Please choose a valid currency."}},"recurring":{"placeholder_text":"Recurring","initial":{"instruction_type":"normal","instruction_message":"How often would you like to give this?"},"success":{"instruction_type":"success","instruction_message":"How often would you like to give this?"},"empty":{"instruction_type":"error","instruction_message":"How often would you like to give this?"}},"name":{"placeholder_text":"Name on Credit Card","initial":{"instruction_type":"normal","instruction_message":"Enter the name on your card."},"success":{"instruction_type":"success","instruction_message":"Enter the name on your card."},"empty":{"instruction_type":"error","instruction_message":"Please enter the name on your card."}},"privacy_policy":{"terms_title":"Terms and conditions","terms_body":null,"terms_show_text":"View Terms","terms_hide_text":"Hide Terms","initial":{"instruction_type":"normal","instruction_message":"I agree to the terms."},"unchecked":{"instruction_type":"error","instruction_message":"Please agree to the terms."},"checked":{"instruction_type":"success","instruction_message":"I agree to the terms."}},"email":{"placeholder_text":"Your email address","initial":{"instruction_type":"normal","instruction_message":"Enter your email address"},"success":{"instruction_type":"success","instruction_message":"Enter your email address"},"blank":{"instruction_type":"error","instruction_message":"Enter your email address"},"not_an_email_address":{"instruction_type":"error","instruction_message":"Make sure you have entered a valid email address"}},"note_with_tip":{"placeholder_text":"Your note here...","initial":{"instruction_type":"normal","instruction_message":"Attach a note to your tip (optional)"},"empty":{"instruction_type":"normal","instruction_message":"Attach a note to your tip (optional)"},"not_empty_initial":{"instruction_type":"normal","instruction_message":"Attach a note to your tip (optional)"},"saving":{"instruction_type":"normal","instruction_message":"Saving note..."},"success":{"instruction_type":"success","instruction_message":"Note successfully saved!"},"error":{"instruction_type":"error","instruction_message":"Unable to save note note at this time. Please try again."}},"email_for_login_code":{"placeholder_text":"Your email address","initial":{"instruction_type":"normal","instruction_message":"Enter your email to log in."},"success":{"instruction_type":"success","instruction_message":"Enter your email to log in."},"blank":{"instruction_type":"error","instruction_message":"Enter your email to log in."},"empty":{"instruction_type":"error","instruction_message":"Enter your email to log in."}},"login_code":{"initial":{"instruction_type":"normal","instruction_message":"Check your email and enter the login code."},"success":{"instruction_type":"success","instruction_message":"Check your email and enter the login code."},"blank":{"instruction_type":"error","instruction_message":"Check your email and enter the login code."},"empty":{"instruction_type":"error","instruction_message":"Check your email and enter the login code."}},"stripe_all_in_one":{"initial":{"instruction_type":"normal","instruction_message":"Enter your credit card details here."},"empty":{"instruction_type":"error","instruction_message":"Enter your credit card details here."},"success":{"instruction_type":"normal","instruction_message":"Enter your credit card details here."},"invalid_number":{"instruction_type":"error","instruction_message":"The card number is not a valid credit card number."},"invalid_expiry_month":{"instruction_type":"error","instruction_message":"The card's expiration month is invalid."},"invalid_expiry_year":{"instruction_type":"error","instruction_message":"The card's expiration year is invalid."},"invalid_cvc":{"instruction_type":"error","instruction_message":"The card's security code is invalid."},"incorrect_number":{"instruction_type":"error","instruction_message":"The card number is incorrect."},"incomplete_number":{"instruction_type":"error","instruction_message":"The card number is incomplete."},"incomplete_cvc":{"instruction_type":"error","instruction_message":"The card's security code is incomplete."},"incomplete_expiry":{"instruction_type":"error","instruction_message":"The card's expiration date is incomplete."},"incomplete_zip":{"instruction_type":"error","instruction_message":"The card's zip code is incomplete."},"expired_card":{"instruction_type":"error","instruction_message":"The card has expired."},"incorrect_cvc":{"instruction_type":"error","instruction_message":"The card's security code is incorrect."},"incorrect_zip":{"instruction_type":"error","instruction_message":"The card's zip code failed validation."},"invalid_expiry_year_past":{"instruction_type":"error","instruction_message":"The card's expiration year is in the past"},"card_declined":{"instruction_type":"error","instruction_message":"The card was declined."},"missing":{"instruction_type":"error","instruction_message":"There is no card on a customer that is being charged."},"processing_error":{"instruction_type":"error","instruction_message":"An error occurred while processing the card."},"invalid_request_error":{"instruction_type":"error","instruction_message":"Unable to process this payment, please try again or use alternative method."},"invalid_sofort_country":{"instruction_type":"error","instruction_message":"The billing country is not accepted by SOFORT. Please try another country."}}}},"fetched_oembed_html":false}
Regarding the message: “Review users who will lose access to [Tony Redmond] soon.”
What kind of resource is [Tony Redmond]? Is it the name of a shared file, a folder or the SPO/ODfB site name?
It’s a quirky kind of text. In this instance, I believe it’s “lose access to content shared by Tony Redmond.” At least, that would make more sense.
Is it possible to send reminder mail to Site Owner ?
I don’t believe so. You might be able to scan the Office 365 audit log for sharing link creation events and use that to generate email to site owners to remind them that links will expire.
Invited users recieve reminder of the expiration? or only who create the links?
If not, is there any way to do it?
Thanks!
Site administrators get the reminder. Users don’t. It’s up to the administrators to take action.