Microsoft 365 Enterprise Blog | Updates, News & Insights

Orchestry New Features for Sharing Links & Broken Inheritance

Written by David Francoeur | Jul 10, 2025 5:25:05 PM

In the world of Microsoft 365, controlling file and folder access can quickly spiral into chaos, with thousands of shared files creating permissions sprawl and security risks like data exfiltration. Without proper auditing, it's nearly impossible to see who has access to what. The challenge lies in these "unknown unknowns," the problems you don't even know you have, that keep organizations blind to potential threats. 

But even with comprehensive reporting, the sheer scale of cleanup for most organizations makes manual fixes or unreliable scripts unfeasible. These issues, from uncontrolled access to audit failures, are what keep IT teams up at night. We know these problems all too well. So we've introduced a set of powerful security and permissions features to help you tackle these challenges: sharing links and broken inheritance reporting and remediation.

Controlling Sharing Links with Reporting and Remediation

In the world of security and permissions, sharing links are invisible offenders, bypassing the protective measures put in place through SharePoint and Teams, and often going unnoticed due to subpar admin visibility. They can take a number of problematic forms: anonymous links, organization-wide links, and links for specific people like guests. More often than not, the creation of these kinds of links ends in unmanaged exposure, permissions sprawl, and audit failures.

And unfortunately, they're a nightmare to manage. There's no out-of-the-box global reporting, and even SharePoint Advanced Management is limited to reporting only the past 28 days—for a paltry limit of 100 sites. Even if you had complete visibility or auditing, you'd still be stuck manually deleting links one by one, file by file. Or you could develop and run a script, though the larger your tenant, the less reliable script cleanup is.

It's no wonder we thought it was high time we addressed these issues and gave you the tools you need to handle out-of-control sharing links. With our new sharing links reporting and remediation feature, we're delivering the only scalable, admin-friendly solution to fully expose and eliminate unmanaged access pathways. Now, with just a few clicks, you'll get:

Workspace-Wide Sharing Link Reporting

  • Whether they're Teams or SharePoint sharing links, you'll get full visibility for all of them, regardless of type, creator or creation date. Plus, we'll present insights on sharing behavior and recommendations based on link risk profile, age, and usage.


Robust Link Filtering

  • Narrow your focus by choosing to display only links that match a specified creator, recipient, link type, date created, or date last accessed.

Bulk and Individual Link Deletion

  • If you've got one link to get rid of or 1,000, you can easily remove them.

Creation Visibility

  • For any sharing link, you'll see who created it and when it was created.

Data Access

  • Gauge whether a link is still actively used by viewing who accessed it last and when they did.

Smart Actions

  • Let Orchestry recommend fast and effective steps that can have an immediate impact on your sharing profile, with just a click or two.

With sharing links reporting and remediation, we're giving you what no one else can: full-spectrum visibility, investigation, and remediation of all sharing links across your entire Microsoft 365 environment.

A New Solution for the Familiar Broken Inheritance Problem

Sharing links are just one example of how the security of your data can go sideways. Another major problem that every admin faces is SharePoint broken inheritance. In theory, properly established permissions should protect all your data. Set them at the group or site level and have them enforced through libraries, folders, and files, and everything should inherit the correct permissions.

But broken inheritance in SharePoint can be the result of custom permissions being created—accidentally or intentionally—at a lower level. And just like with sharing links, detecting and managing these breaks, especially at scale, is incredibly difficult. No central visibility makes tracking and resolving broken inheritance impossible—in turn taking your governance along for the ride.

With our new tools, though, you can fix both. Broken inheritance reporting and remediation helps you find the unmanaged access risk and bring order back to your sites and groups. Here's how it helps you fix your organization's permissions issues:

Detection

  • Orchestry can now display all items with non-inherited permissions in an easy-to-digest tabular format

Classification

  • You'll see users with Owner, Member, or Reader access that has been granted by breaking permissions

Source

  • You'll see where Orchestry believes the broken inheritance originated, helping to guide your training and change efforts with users

Controls

  • Resetting and restoring the originally created permissions is simple—in one click, you can force re-inheritance

For over two decades, SharePoint admins, security & compliance teams, and governance officers have had to contend with the scourge of broken permissions. But now, we're both shining a light on the issues in your M365 environment and giving you the tools you need to easily restore order at scale.

We've Only Just Begun

While these two features represent a huge leap forward for M365 permissions and security, we've got more in store. Right now, you'll be able to use these features at the workspace level, but in the coming months, we'll be enhancing them with team owner delegation, tenant-level insights, and include other sharing markers to compute an overall risk rating. We're excited to bring these features to Orchestry customers—especially those of you who've been languishing in permissions purgatory—and can't wait to make them even more powerful. 
View full post