cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
DenisMolodtsov
Kudo Kingpin
Kudo Kingpin

Disable "Create share link" action or the entiore "OneDrive for Business connector"

We are trying to figure out how to disable/block OneDrive for business connector completely or the "Create Share link" actions. Is it possible? On the photo below, you can see that at some M365 tenant it was possible to block this action somehow. The only issue is that the user who took this photo is not my colleague and they have no idea how it was set up. Basically, we are trying to disable this feature in our organization:

 

Photo.jpg

From what I can see we can't block OOB connectors such as OneDrive for Business:

 

!!!.jpg

Sharing capabilities are disabled at the Tenant level

- Sharing capabilities and anonymous links are completely disabled on the Tenant level and on OneDrive sites level. SharingCapability : Disabled

 

Any help will be greatly appreciated!

12 REPLIES 12
ScottShearer
Super User
Super User

@DenisMolodtsov 

Have you verified that the link that is created actually works as expected?  

If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.

Scott

hi @ScottShearer. Well, the expected behaviour for the link is not to work. The problem is that:

- While the tenant has the most restrictive policies possible, I can create the link and it works. The generated link contains a pre-authenticated WJT token which is good for one hour. It meas tenants affected by this issue cannot prevent users from creating these links.

- The produced link can be opened from an unmanaged device without a credentials priompt.

jinivthakkar
Community Champion
Community Champion

@DenisMolodtsov I have seen your other post also I was able to reproduce the issue on my tenant as well

VictorIvanidze
Community Champion
Community Champion

Hi @DenisMolodtsov,

 

it's just a shot in the dark, but anyway: can you filter/block already created links in the already existing emails instead of preventing their creation? 

________________________________________________________

Welcome to my web site.


@VictorIvanidze wrote:

Hi @DenisMolodtsov,

 

it's just a shot in the dark, but anyway: can you filter/block already created links in the already existing emails instead of preventing their creation? 



Do you know where would I find a repository of these pre-authenticated links? Do you think it might be possible via API? 

 

When I go to the file's Manage Access, the panel says that there are no links giving access. But I know for a fact that there are "preauthenticated" links. These links just don't show up here for some reason:

DenisMolodtsov_1-1623331474152.png

 

 


@jinivthakkar wrote:

@DenisMolodtsov I have seen your other post also I was able to reproduce the issue on my tenant as well


Thank you for checking! I am glad a few other people were able to verify this issue independently. 

jinivthakkar
Community Champion
Community Champion

@DenisMolodtsov get sharing report

 

To run the report (OneDrive)

  1. From the Microsoft 365 app launcher, select the OneDrive tile.
  2. On the Settings menu, click OneDrive settings.
  3. Click More settings, and then click Run sharing report.
  4. Choose a location to save the report, and then click Save.

Link - https://docs.microsoft.com/en-us/sharepoint/sharing-reports

 

--------------------------------------------------------------------------------
If this post helps answer your question, please click on “Accept as Solution” to help other members find it more quickly. If you thought this post was helpful, please give it a Thumbs Up.

Thank you for the suggestion. Unfortunately, this report does not list any of these "pre-authenticated" links. This is despite the fact that I can see that these links are working:

 

Shared links reportpng.png

jinivthakkar
Community Champion
Community Champion

@DamoBird365 Hi Damien, can you please help on this ?

Hi @DenisMolodtsov 

 

I've not got time to test the scenarios at the moment but have you explored here:

 

DamoBird365_0-1623398057059.png

 

Not sure if flow honours these settings (you would hope) but you could implement a security group in AAD and then choose the type of sharing that you allow (authenitcated guests or anyone).

 

I saw a discussion about OneDrive sharing here https://onedrive.uservoice.com/forums/913531-onedrive-sharing-collaboration/suggestions/17715682-dis... and one suggestion is DLP - for which I don't have the necessary experience of I am afraid.

 

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Cheers,
Damien


P.S. take a look at my new blog here and like & subscribe to my YouTube Channel thanks 😉

jinivthakkar
Community Champion
Community Champion

@DamoBird365 thanks Damien, even I have very less experience in DLP but I had tried creating a DLP but even then it did not block the anonymous link creation(may be I did not create DLP correctly)

 

Thank you,  @DamoBird365. I want to add more information for the context.

 

Least permissive policy

External sharing settings are not applicable when we choose the "least permissive" sharing policies. Notice how the "More external sharing settings" is greyed out:

DenisMolodtsov_0-1623450228970.png

 

We can verify that it is impossible to generate the anonymous links via the user interface: 

DenisMolodtsov_1-1623450251275.png

 

 

 

Blocking sharing altogether

https://onedrive.uservoice.com/forums/913531-onedrive-sharing-collaboration/suggestions/17715682-dis... <- this suggestion is about blocking sharing altogether. This is not quite what we are trying to do. We merely want Power Automate/OneDrive to respect the tenant settings that prohibit Anonymous links. Looks like the Power Automate OneDrive for business connector somehow bypasses all restrictions and just creates these "pre-authenticated links" that work no matter what. 

 

 

Blocking OneDrive for business connector and DLP

The DLP policies don't allow blocking certain connectors like Teams, Outlook, SharePoint and OneDrive for business:

DenisMolodtsov_2-1623450391563.png

 

Pre-authenticated links vs Anonymous links

As one Microsoft representative pointed out, the Anonymous links is not the same as "pre-authenticated" links. The latter work only for 1 hour and contain a JWT token that will let you download a document using. However, it does not make sense to have the least permissive sharing policy while you can easily bypass it by using Power Automate "Share a file" action.

 

 

Replication steps

- Make sure the tenant has the "Least permissive" sharing policy

- Create a flow with a single "Create share link" ation

- Run the flow

- Try opening the resulting string from a different browser/computer/device :

 

DenisMolodtsov_3-1623450459359.png

 

Note that there was at least one person who was not able to reproduce this issue. He is a Tenant admin and he has no idea what he did to fix this issue. 

 

Helpful resources

Announcements

Exclusive LIVE Community Event: Power Apps Copilot Coffee Chat with Copilot Studio Product Team

It's time for the SECOND Power Apps Copilot Coffee Chat featuring the Copilot Studio product team, which will be held LIVE on April 3, 2024 at 9:30 AM Pacific Daylight Time (PDT).     This is an incredible opportunity to connect with members of the Copilot Studio product team and ask them anything about Copilot Studio. We'll share our special guests with you shortly--but we want to encourage to mark your calendars now because you will not want to miss the conversation.   This live event will give you the unique opportunity to learn more about Copilot Studio plans, where we’ll focus, and get insight into upcoming features. We’re looking forward to hearing from the community, so bring your questions!   TO GET ACCESS TO THIS EXCLUSIVE AMA: Kudo this post to reserve your spot! Reserve your spot now by kudoing this post.  Reservations will be prioritized on when your kudo for the post comes through, so don't wait! Click that "kudo button" today.   Invitations will be sent on April 2nd.Users posting Kudos after April 2nd at 9AM PDT may not receive an invitation but will be able to view the session online after conclusion of the event. Give your "kudo" today and mark your calendars for April 3, 2024 at 9:30 AM PDT and join us for an engaging and informative session!

Tuesday Tip: Unlocking Community Achievements and Earning Badges

TUESDAY TIPS are our way of communicating helpful things we've learned or shared that have helped members of the Community. Whether you're just getting started or you're a seasoned pro, Tuesday Tips will help you know where to go, what to look for, and navigate your way through the ever-growing--and ever-changing--world of the Power Platform Community! We cover basics about the Community, provide a few "insider tips" to make your experience even better, and share best practices gleaned from our most active community members and Super Users.   With so many new Community members joining us each week, we'll also review a few of our "best practices" so you know just "how" the Community works, so make sure to watch the News & Announcements each week for the latest and greatest Tuesday Tips!     THIS WEEK'S TIP: Unlocking Achievements and Earning BadgesAcross the Communities, you'll see badges on users profile that recognize and reward their engagement and contributions. These badges each signify a different achievement--and all of those achievements are available to any Community member! If you're a seasoned pro or just getting started, you too can earn badges for the great work you do. Check out some details on Community badges below--and find out more in the detailed link at the end of the article!       A Diverse Range of Badges to Collect The badges you can earn in the Community cover a wide array of activities, including: Kudos Received: Acknowledges the number of times a user’s post has been appreciated with a “Kudo.”Kudos Given: Highlights the user’s generosity in recognizing others’ contributions.Topics Created: Tracks the number of discussions initiated by a user.Solutions Provided: Celebrates the instances where a user’s response is marked as the correct solution.Reply: Counts the number of times a user has engaged with community discussions.Blog Contributor: Honors those who contribute valuable content and are invited to write for the community blog.       A Community Evolving Together Badges are not only a great way to recognize outstanding contributions of our amazing Community members--they are also a way to continue fostering a collaborative and supportive environment. As you continue to share your knowledge and assist each other these badges serve as a visual representation of your valuable contributions.   Find out more about badges in these Community Support pages in each Community: All About Community Badges - Power Apps CommunityAll About Community Badges - Power Automate CommunityAll About Community Badges - Copilot Studio CommunityAll About Community Badges - Power Pages Community

Tuesday Tips: Powering Up Your Community Profile

TUESDAY TIPS are our way of communicating helpful things we've learned or shared that have helped members of the Community. Whether you're just getting started or you're a seasoned pro, Tuesday Tips will help you know where to go, what to look for, and navigate your way through the ever-growing--and ever-changing--world of the Power Platform Community! We cover basics about the Community, provide a few "insider tips" to make your experience even better, and share best practices gleaned from our most active community members and Super Users.   With so many new Community members joining us each week, we'll also review a few of our "best practices" so you know just "how" the Community works, so make sure to watch the News & Announcements each week for the latest and greatest Tuesday Tips!   This Week's Tip: Power Up Your Profile!  🚀 It's where every Community member gets their start, and it's essential that you keep it updated! Your Community User Profile is how you're able to get messages, post solutions, ask questions--and as you rank up, it's where your badges will appear and how you'll be known when you start blogging in the Community Blog. Your Community User Profile is how the Community knows you--so it's essential that it works the way you need it to! From changing your username to updating contact information, this Knowledge Base Article is your best resource for powering up your profile.     Password Puzzles? No Problem! Find out how to sync your Azure AD password with your community account, ensuring a seamless sign-in. No separate passwords to remember! Job Jumps & Email Swaps Changed jobs? Got a new email? Fear not! You'll find out how to link your shiny new email to your existing community account, keeping your contributions and connections intact. Username Uncertainties Unraveled Picking the perfect username is crucial--and sometimes the original choice you signed up with doesn't fit as well as you may have thought. There's a quick way to request an update here--but remember, your username is your community identity, so choose wisely. "Need Admin Approval" Warning Window? If you see this error message while using the community, don't worry. A simple process will help you get where you need to go. If you still need assistance, find out how to contact your Community Support team. Whatever you're looking for, when it comes to your profile, the Community Account Support Knowledge Base article is your treasure trove of tips as you navigate the nuances of your Community Profile. It’s the ultimate resource for keeping your digital identity in tip-top shape while engaging with the Power Platform Community. So, dive in and power up your profile today!  💪🚀   Community Account Support | Power Apps Community Account Support | Power AutomateCommunity Account Support | Copilot Studio  Community Account Support | Power Pages

Super User of the Month | Chris Piasecki

In our 2nd installment of this new ongoing feature in the Community, we're thrilled to announce that Chris Piasecki is our Super User of the Month for March 2024. If you've been in the Community for a while, we're sure you've seen a comment or marked one of Chris' helpful tips as a solution--he's been a Super User for SEVEN consecutive seasons!   Since authoring his first reply in April 2020 to his most recent achievement organizing the Canadian Power Platform Summit this month, Chris has helped countless Community members with his insights and expertise. In addition to being a Super User, Chris is also a User Group leader, Microsoft MVP, and a featured speaker at the Microsoft Power Platform Conference. His contributions to the new SUIT program, along with his joyous personality and willingness to jump in and help so many members has made Chris a fixture in the Power Platform Community.   When Chris isn't authoring solutions or organizing events, he's actively leading Piasecki Consulting, specializing in solution architecture, integration, DevOps, and more--helping clients discover how to strategize and implement Microsoft's technology platforms. We are grateful for Chris' insightful help in the Community and look forward to even more amazing milestones as he continues to assist so many with his great tips, solutions--always with a smile and a great sense of humor.You can find Chris in the Community and on LinkedIn. Thanks for being such a SUPER user, Chris! 💪 🌠  

Find Out What Makes Super Users So Super

We know many of you visit the Power Platform Communities to ask questions and receive answers. But do you know that many of our best answers and solutions come from Community members who are super active, helping anyone who needs a little help getting unstuck with Business Applications products? We call these dedicated Community members Super Users because they are the real heroes in the Community, willing to jump in whenever they can to help! Maybe you've encountered them yourself and they've solved some of your biggest questions. Have you ever wondered, "Why?"We interviewed several of our Super Users to understand what drives them to help in the Community--and discover the difference it has made in their lives as well! Take a look in our gallery today: What Motivates a Super User? - Power Platform Community (microsoft.com)

March User Group Update: New Groups and Upcoming Events!

  Welcome to this month’s celebration of our Community User Groups and exciting User Group events. We’re thrilled to introduce some brand-new user groups that have recently joined our vibrant community. Plus, we’ve got a lineup of engaging events you won’t want to miss. Let’s jump right in: New User Groups   Sacramento Power Platform GroupANZ Power Platform COE User GroupPower Platform MongoliaPower Platform User Group OmanPower Platform User Group Delta StateMid Michigan Power Platform Upcoming Events  DUG4MFG - Quarterly Meetup - Microsoft Demand PlanningDate: 19 Mar 2024 | 10:30 AM to 12:30 PM Central America Standard TimeDescription: Dive into the world of manufacturing with a focus on Demand Planning. Learn from industry experts and share your insights. Dynamics User Group HoustonDate: 07 Mar 2024 | 11:00 AM to 01:00 PM Central America Standard TimeDescription: Houston, get ready for an immersive session on Dynamics 365 and the Power Platform. Connect with fellow professionals and expand your knowledge. Reading Dynamics 365 & Power Platform User Group (Q1)Date: 05 Mar 2024 | 06:00 PM to 09:00 PM GMT Standard TimeDescription: Join our virtual meetup for insightful discussions, demos, and community updates. Let’s kick off Q1 with a bang! Leaders, Create Your Events!  Leaders of existing User Groups, don’t forget to create your events within the Community platform. By doing so, you’ll enable us to share them in future posts and newsletters. Let’s spread the word and make these gatherings even more impactful! Stay tuned for more updates, inspiring stories, and collaborative opportunities from and for our Community User Groups.   P.S. Have an event or success story to share? Reach out to us – we’d love to feature you!

Users online (10,595)