Update for OneDrive and Office.com shared links

We recently made a small but important change in how OneDrive and Office.com handle links to shared content. This won’t change how customers use either service, but on the backend, this update will help better secure documents that customers share.


The new update resolves an issue that could allow a shared document to be accessible by a third-party administrator in certain circumstances. If a customer shared a document or commented on a shared file that contained a hyperlink to a third-party website, and the recipient of the document opened the embedded link, then the administrator of the third-party website could have received header information that could have allowed them to access the document.
While we haven’t received any reports of unauthorized access, we took this necessary step to make sure that shared documents are only accessible to the sender and the recipient. OneDrive for Business is not impacted.
This update automatically resolves this issue for any shared document that customers create. For previously shared documents, header information will no longer be sent when clicking third-party links. We chose not to disable all previously shared links, because the change only applies to a small fraction of shared files. If customers disable and then re-share a document, this will prevent further access to a document that might have been accessed.
Instructions to disable and then re-share a document can be found here.

Omar Shahine

Group Program Manager, OneDrive.com
Editor’s note 6/16/2014: This blog post was updated after publication for clarity.