How do I delete an anonymous link via PnP PowerShell?

Question

I would like to delete all anonymous OneDrive links in the tenant. I can identify them, I can delete them, they no longer appear in the portal, but they still work, and I can still find them via PowerShell (one way, but not the other - hopefully that will make sense).

High level, this is what I did.

• Create 2 dummy files. Share them anonymously (view and edit, respectively). Success
• Confirm sharing link in portal. Success
• Confirm sharing link via PowerShell. Success
• Remove sharing link via PowerShell (using roles). Success
• Confirm sharing link removed in portal. Success
• Test sharing link. Fail: Link still allowed anonymous access
• Check for sharing link via PowerShell (using roles). Link doesn't exist
• Check for sharing link via PowerShell (using Microsoft.SharePoint.Client.ObjectSharingInformation). Link exists

This is basically the setup for what I was doing, and it worked as expected. I can loop through sites, lists, and items, and execute actions on items that have unique permissions.

#	Connect to site
Connect-PnPOnline -Url $Site.Url @connectionsParams

#	Get lists, context
$ctx = Get-PnPContext
$Lists = Get-PnPList

#	Loop through each list
ForEach($List in $Lists)
{
  #	Get items
  $items = Get-PnPListItem -List $listName

  #	Loop through each item
  ForEach ($item in $items)
  {
    #	Check for unique permissions
    $HasUniquePermissions = Get-PnPProperty -ClientObject $item -Property "HasUniqueRoleAssignments"

    If($HasUniquePermissions)
    {
		#	Execute code below
    }
  }
}

What I was doing to delete the link:

#	Get the roles/role assignments
$roles = $item.RoleAssignments
$ctx.Load($roles)
$ctx.ExecuteQuery()

#	Loop through each role assignment    
ForEach ($role in $roles)
{
	#	Get the member of the role assignment        
	$member = $role.Member
	#	If the member is an anonymous link, delete
	If ($member.Title -like "*Anonymous*")
	{
		#	Delete the role assignment
		$role.DeleteObject()
		$ctx.ExecuteQuery()
	}
}

This seemed to work. When I went to the OneDrive portal, the link was no longer listed for the items, but when I actually tried to use the link, the link would allow anonymous access.

I executed a different set of commands inside $HasUniquePermissions to get more information about sharing links.

$SharingInfo = [Microsoft.SharePoint.Client.ObjectSharingInformation]::GetObjectSharingInformation($ctx, $item, $false, $false, $false, $true, $true, $true, $true)

$ctx.Load($SharingInfo)
$ctx.ExecuteQuery()

ForEach($ShareLink in $SharingInfo.SharingLinks) 
{
	If($ShareLink.Url)
	{
		$SharingLink = New-Object PSObject
		$SharingLink | Add-Member NoteProperty SiteTitle($Site.Title)
		$SharingLink | Add-Member NoteProperty SiteUrl($Site.Url)
		$SharingLink | Add-Member NoteProperty ListTitle($listName)
		$SharingLink | Add-Member NoteProperty ListUrl($List.DefaultViewUrl)
		$SharingLink | Add-Member NoteProperty Item($item.FieldValues.FileLeafRef)
		$SharingLink | Add-Member NoteProperty ItemUrl($item.FieldValues.FileRef)
		$SharingLink | Add-Member NoteProperty ItemSharedWithUsers($item.FieldValues.SharedWithUsers)
		$SharingLink | Add-Member NoteProperty ItemSharedWithDetails($item.FieldValues.SharedWithDetails)
		$SharingLink | Add-Member NoteProperty ItemDisplayName($item.DisplayName)
		$SharingLink | Add-Member NoteProperty ItemTitle($item.FieldValues.Title)
		$SharingLink | Add-Member NoteProperty Created($ShareLink.Created)
		$SharingLink | Add-Member NoteProperty AllowsAnonymousAccess($ShareLink.AllowsAnonymousAccess)

		$SharingLinkSingleCollection += $SharingLink
	}
}

When I exported $SharingLinkSingleCollection, it would contain all the sharing links for the single site collection, and it would still show the anonymous link exists.

I'm not really sure how to remove these test links I've created, and I'm not really sure the "proper" way I should be removing these links.