Home » Tech Translated — IT Blog for Australian Businesses | All IT Services » Microsoft Is Locking Down SharePoint and OneDrive Sharing — What Your Team Will Notice
By — IT Engineer |

Through 2026 Microsoft is rolling out a series of changes to how shareable links work in SharePoint and OneDrive. The direction of travel is sensible — safer defaults, mandatory expiry on the riskier link types, and tighter controls on external sharing via Microsoft Entra — but your team will start to notice some of these in the everyday share dialog, and a few of them have implications for content you’re already relying on. None of it warrants panic, but it’s worth knowing what’s coming so nobody is caught out when a link behaves differently to last week.

There are five concrete changes to be across. First, the default link type is shifting from Anyone with the link to People you choose, which means users now have to name the recipients up front when they share something. The other options remain available, it’s just one extra click to get to them. Second, Anyone links — the unauthenticated ones — now expire automatically. The default sits at 30 days, and the maximum you can extend to is 180. Old “forever” links handed out years ago will quietly stop working over the coming months. Third, People in your organisation links can now be set to expire too, with a minimum of seven days, giving us a useful new lever at the tenant or site level. Fourth, Microsoft Entra B2B integration is on by default for all tenants from May 2026, which means external recipients become proper guest accounts with a cleaner audit trail and easier revocation when someone leaves. Fifth, Baseline Security Mode in the M365 admin centre is quietly tightening a number of defaults that previously required PowerShell to change. Microsoft has the official guidance written up on Microsoft Learn if you want the deeper read.

Day-to-day sharing still works exactly as you’d expect — people just need to specify who they’re sharing with by default. The bigger thing to think about is the existing long-lived Anyone with the link URLs that have been handed out over the years. Anything you depend on quietly in the background — a price list shared with a supplier, a portal link embedded in a third-party system, a public-ish document linked from your website — should be reviewed before it lapses. We’re working through every managed tenant’s sharing posture against the new defaults, surfacing the long-lived links that will expire, and adjusting settings so the changes land cleanly. If you’d like a heads-up specific to your environment, our cybersecurity team can prioritise yours.

Posted in Security

About All IT Services

We’re a leading IT specialist providing premium services and support to businesses across Australia’s eastern seaboard. Our strength lies in our size – big enough to tackle complex projects yet small enough to pick up the phone when you call.  At All IT Services, our approach is refreshingly straightforward - no endless wait times or tech jargon. Just real people with genuine passion and expertise in IT solutions.

CONTACT US