Table of Contents
Impose Expiration for Company-Wide Sharing Links
A company-wide sharing link allows any authenticated user account in the organization to access a file or folder shared from SharePoint Online or OneDrive for Business. Company-wide links (also known as “People in your organization”) are very useful for tenants that want to share content broadly with tenant users while restricting access externally. The need for authentication means that an external user cannot use a company-wide sharing link. Authenticated access also includes use of company-wide sharing links by Microsoft 365 Copilot, but only after links are redeemed.
Having sharing links in circulation that never expire doesn’t seem like a great idea. To address the issue, Microsoft added the facility to set expiration dates for company-wide sharing links in 2024. Now, MC1242772 (published 2 March 2026, Microsoft 365 roadmap item Microsoft 365 roadmap item 553220) announces that tenants can impose time limits for company-wide sharing links generated for both SharePoint Online and OneDrive for Business. Once the expiration date is reached, SharePoint nullifies the sharing link, and it can no longer be used to access the shared file.
Microsoft plans to roll out the update to apply a policy to expire company-wide links in mid-March 2026. All commercial tenants should have the update by late May 2026. The roll-out starts for government tenants in March 2026 but won’t complete until late June 2026.
Configuring the Expiration Policy for Company-Wide Links
By default, Microsoft 365 tenants don’t have to define an expiration policy for company-wide links. If they don’t, company-wide links work as they do now and never expire unless explicitly set by the user who creates a company-wide link to share a file.
The SharePoint admin center doesn’t include UX to control the expiration policy for company-wide links, so the policy must be configured using PowerShell. You must use version 16.0.27011.12008 or later of the Microsoft.Online.SharePoint.PowerShell module (released March 2, 2026).
The policy consists of two settings to govern the maximum expiration period and a recommended expiration period for SharePoint Online and two settings to do the same for OneDrive for Business. The values are expressed in days, and expiration can be configured for between 7 and 730 days. Here’s how to run the Set-SPOTenant cmdlet to configure a maximum expiration period of 60 days and a suggested period of 30 days for both workloads:
Set-SPOTenant -CoreOrganizationSharingLinkMaxExpirationInDays 60 Set-SPOTenant -CoreOrganizationSharingLinkRecommendedExpirationInDays 30 Set-SPOTenant -OneDriveOrganizationSharingLinkRecommendedExpirationInDays 30 Set-SPOTenant -OneDriveOrganizationSharingLinkMaxExpirationInDays 60
To check the values, use the Get-SPOTenant cmdlet:
Get-SPOTenant | Format-List *SharingLink*Days OneDriveOrganizationSharingLinkMaxExpirationInDays : 60 OneDriveOrganizationSharingLinkRecommendedExpirationInDays : 30 CoreOrganizationSharingLinkMaxExpirationInDays : 60 CoreOrganizationSharingLinkRecommendedExpirationInDays : 30
Existing company-wide sharing links are unaffected by the expiration policy. SharePoint Online only monitors new links created after the policy goes into effect to deactivate sharing after the expiration period lapses.
Site-Level Overrides
I don’t see any reason to have a maximum link expiration of more than 60 days. If someone hasn’t accessed and made use of the information in a shared file within two months, they’re hardly likely to discover the file and attempt to access it after that.
Site-level overrides are supported by configuring explicit expiration policy values for the site with the Set-SPOSite cmdlet:
$Uri = " https://office365itpros.sharepoint.com/sites/BlogsAndProjects" Set-SPOSite -Identity $Url -OverrideTenantOrganizationSharingLinkExpirationPolicy $True –OrganizationSharingLinkMaxExpirationInDays 150 -OrganizationSharingLinkRecommendedExpirationInDays 45
To check the link expiration settings for a site, run the Get-SPOSite cmdlet:
Get-SPOSite -Identity $url -detailed | Format-List *SharingLink*Days OrganizationSharingLinkMaxExpirationInDays : 150 OrganizationSharingLinkRecommendedExpirationInDays : 45
Some Closing Points
Sites that hold confidential information should be protected by sensitivity labels that control the default link setting. For instance, confidential sites often limit sharing links to specific people. If Microsoft 365 Copilot is used in the organization, consider restricting content discovery for these sites. These steps make sure that information from the site won’t end up being recycled by Copilot in its responses.
Finally, SharePoint Online and OneDrive for Business capture audit events for sharing events. Analyzing those audit events can often reveal some interesting insights about usage patterns within a tenant.
Learn about managing SharePoint Online and the rest of the Microsoft 365 ecosystem by subscribing to the Office 365 for IT Pros eBook. Use our experience to understand what’s important and how best to protect your tenant.
Hi Tony, do you know how this affects the Forms experience in lists/libraries?
As it may generate more-permanent company-wide sharing links.
I have no idea. But it should be easy to test.