Microsoft recently released a new feature in Office 365 which allows a mandatory expiration length to be set at the tenant level. This will affect sharing documents through SharePoint Online and OneDrive for Business. This feature began rolling out mid-January to tenants and will start with First Release tenants. This feature will allow better security for your organization. This feature will affect ALL anonymous links created in your tenant. End users will be required to created links that match or are shorter than the day value provided. This feature it administered using SharePoint Online Management Shell. On all current and new tenants there is no default value for anonymous link expiration. The new parameter is RequireAnonymousLinksExpireInDays. This is a parameter of the Set-SPOTenant cmdlet
The default experience will allow end users to set expiration values on a document when they use the "Get a link" option. By default, a document can be set to any day value and also never. It also includes a handy drop down with 1, 30, or 60 day options. Allowing a link never to expire can be a large security hole for you company. This is what the default experience looks like:
Steps to configure mandatory anonymous link expiration
- The latest version of SharePoint Online Management Shell (16.9.4915.1200) is needed to use this parameter.
- The value for –RequireAnonymousLinksExpireInDays must not be greater than 730 days (2 years)
- To reset the parameter back to default, use the value of 0
- If a link is already created, the mandatory expiration will not be applied to it
Run the Set-SPOTenant command with the –RequireAnonymousLinksExpireInDay and the day value
Now when someone gets either a View or Edit link it will be defaulted with an expiration date
If a user tries to change the link expiration date they will receive an error stated "Your organization's policy doesn't allow links to stay active for more than XX days."