Introduction
SharePoint Online and OneDrive for Business offer internal sharing links that allow any authenticated user in the organization to access shared files. These links, called "people in your organization", ensure secure internal use while preventing external access.
However, the circulation of links that are not automatically deleted can lead to compromise risks. To address this issue, Microsoft introduced in 2026 a new feature allowing you to set expiration dates for these links in SharePoint Online and OneDrive.
[IMAGE:index:url:alt]
Good to know
Internal sharing links are compatible with Microsoft 365 Copilot once they have been claimed.
Configure a link expiration policy
Settings and configuration via PowerShell
By default, no expiration policy is set for internal links in Microsoft 365. However, administrators can configure this policy to enforce uniform limits. This can only be done using PowerShell, as the SharePoint Online web administration interface does not contain these options.
Attention
Make sure you are using version 16.0.27011.12008 or later of the Microsoft.Online.SharePoint.PowerShell module.
Configure maximum and recommended expiration
Use the commands below to set a maximum expiration of 60 days and a recommended duration of 30 days for SharePoint Online and OneDrive for Business:
1Set-SPOTenant -CoreOrganizationSharingLinkMaxExpirationInDays 602Set-SPOTenant -CoreOrganizationSharingLinkRecommendedExpirationInDays 303Set-SPOTenant -OneDriveOrganizationSharingLinkRecommendedExpirationInDays 304Set-SPOTenant -OneDriveOrganizationSharingLinkMaxExpirationInDays 60Verify current configuration
Examine the settings defined using the following command:
1Get-SPOTenant | Format-List *SharingLink*DaysThis will display values such as:
1OneDriveOrganizationSharingLinkMaxExpirationInDays : 602OneDriveOrganizationSharingLinkRecommendedExpirationInDays : 303CoreOrganizationSharingLinkMaxExpirationInDays : 604CoreOrganizationSharingLinkRecommendedExpirationInDays : 30Site-level exceptions
Administrators can also implement specific policies for certain sites. For example, you can set a maximum expiration of 150 days for a specific site with the following command:
1$Uri = "https://office365itpros.sharepoint.com/sites/BlogsAndProjects"2Set-SPOSite -Identity $Uri -OverrideTenantOrganizationSharingLinkExpirationPolicy $True -OrganizationSharingLinkMaxExpirationInDays 150 -OrganizationSharingLinkRecommendedExpirationInDays 45To verify these settings:
1Get-SPOSite -Identity $Uri -Detailed | Format-List *SharingLink*DaysThis will display:
1OrganizationSharingLinkMaxExpirationInDays : 1502OrganizationSharingLinkRecommendedExpirationInDays : 45Tip
Configure specific policies for sensitive sites, especially those containing confidential information.
Additional tips
Managing security for sensitive sites
Ensure protection of confidential sites by applying sensitivity labels to limit sharing options. You can also block content discovery for Microsoft 365 Copilot through specific restrictions.
Auditing sharing events
Use the audit logs generated by SharePoint Online and OneDrive to analyze sharing events. These data, accessible through analytical tools, allow you to identify trends and potential risks. More information is available in the official documentation.
Useful links
- Microsoft documentation on shareable links: Read here
- Microsoft 365 Roadmap: Consult here
- Tutorial on sensitivity labels: Learn more
Glossary of terms
- Internal links: Links accessible only to authenticated users in the organization.
- Set-SPOTenant cmdlet: PowerShell command used to configure settings at the tenant level.
- Sensitivity labels: Security settings applied to SharePoint sites to limit data distribution.
Tags
- "SharePoint Online"
- "OneDrive"
- "Sharing links"
- "Link expiration"
- "M365 security"
- "PowerShell"
