Oversharing, the trilogy: this time we fix it!

In February 2025 I told you to go and find your overshared files. In December 2025 I told you about Personal Content Mode and the Copilot button that finally lets users hide their own mess. And now, in April 2026, Microsoft has handed us the thing we’ve been quietly muttering about for over a year: a way to actually clean it all up. In bulk. From the admin centre. Without PowerShell heroics.

It only took, what, three years?

Quick recap, because we are all goldfish

If you missed the earlier posts, here is the short version.

In Have you overshared files within Microsoft365? I walked through how to see what your users had shared with “Anyone with the link”, “People in your organisation”, and the dreaded Everyone except external users. The tooling existed. The fix did not. You could find the problem and then go cry about it.

In Oversharing hangover I covered Personal Content Mode in Microsoft 365 Copilot, a button that lets users tell Copilot to ignore content they personally have access to but didn’t ask to see. Useful. Necessary. Still not a fix for the underlying oversharing, more of a bandaid to a bleeding wound.

So now we have step three. The mop.

What is new

Microsoft has rolled out bulk overshared link remediation inside Purview Data Security Posture Management (DSPM), with surfacing in the Microsoft 365 admin centre. In plain language: you can now find overshared SharePoint links across the tenant and disable them at scale, in one go, without writing a single line of PnP PowerShell at midnight.

This sits inside the new DSPM experience that goes GA in early May 2026, but the remediation surface is already showing up in tenants on the rollout.

What “overshared” means here:

• Files shared with “Everyone except external users” in tenants where that group is a thinly disguised “everyone in the company”.
• Files with “Anyone” links (anonymous) that nobody can remember creating.
• Site- or library-level sharing that drags inherited permissions across half the intranet.

DSPM identifies them, ranks them by sensitivity, and offers you the bulk action.

How it does it work?

Here is the workflow in my demo tenant.

1. Open Purview -> Data Security Posture Management -> Remediation actions. 
2. Run a Data Risk Assessment scoped to the sites you care about. Start with your top-N most active SharePoint sites, not the whole tenant, the report is more useful when it is not 400 pages of noise.
3. Review the findings. You get a sortable list of overshared items, with the sensitivity label, the share type, and the count of unique recipients.
4. Bulk disable. Select the links you want to kill, hit Remediate, and confirm. Behind the scenes Purview calls into SharePoint and revokes the sharing links. Existing file permissions on individual users stay intact.
5. Verify in the unified audit log. The actions show up as SharingLinkUpdated / SharingRevoked events with the admin as the actor. Keep this for your auditor.

The thing nobody mentions in the marketing: the bulk action is not instant on huge libraries. I’ve seen that this remediation across about 1500 links can take roughly twelve minutes to fully propagate. Plan accordingly.

What it doesn’t do..

Let us be honest, because that is the whole point of this blog.

• It does not fix permissions inheritance at the library level. If a library is configured to share with “Everyone” by default, you can disable every link you find and tomorrow there will be new ones. Fix the library default first.
• It does not retroactively notify the people who created the links. If your VP shared a deck with “Anyone” in 2023 and you nuke the link in 2026, they will find out when their external partner pings them. Have a comms plan.
• It does not protect against re-creation. Pair this with a sharing policy that actually restricts what users can do, or you will be running this remediation every quarter forever.

The Monday morning script

Because someone will complain, and that someone will be senior. Here is what I’ll tell my customers to send before they run a bulk remediation:

“To improve how Microsoft 365 Copilot works with our content, and to reduce the risk of sensitive files being surfaced to people who should not see them, we are tightening sharing on a large set of legacy files this week. If you find a file you previously shared no longer opens for a colleague, please re-share it explicitly to the people who need it. This is intentional. Yes, it might be slightly annoying. No, we are not going back.”

Stick that in Viva Engage and Teams the day before. Half the complaints disappear.

So where does this leave us

For years, oversharing has felt like pushing the same boulder up the same hill every quarter. Q1, Q2, Q3, Q4, repeat. You’d clean up, turn your back, and the rock would already be rolling down again.

We finally have the full triangle: discover (2025), user-side mitigation (late 2025), bulk admin remediation (2026). For the first time, you can put the boulder down. Oversharing is now a project with an end date instead of a permanent state of mild despair.

If you haven’t run a Data Risk Assessment in the last quarter, do it now. Because Copilot is reading your tenant whether your data is ready or not.

Run the assessment, or accept that “mild despair” is now a part of your job description...