Forum Discussion
Conditional policies to access to SharePoint and Files (not Apps)
Hi Team!!
I'm looking for a way to restrict SharePoint access from outside of my office network (typically using the static public IP address). My understanding is that to do so, I require configuring conditional access policies in Azure (which in turn requires Entra ID P1 license for each user).
- Is my understanding correct? If so, do I have to licenses each and every user to do so?
And the other clarifications I'm looking for is;
- Does conditional access policy apply universally to all users when enabled? or only to those with Entra ID P1 license? Reason for this clarification is that I tried applying this using a trial license by setting up a policy to block SharePoint access outside our office network but it ended up applying to all users instead of the ones with trial license assigned.
- Further I noticed that, when setting this policy blocks the entire Microsoft Teams app as well, where as my objective is to limit access to the files in Teams as they are part of the SharePoint. Is there a way to control access to SharePoint files in Teams without blocking the whole Teams app?
Do let me know if I'm doing something wrong here?
If you do not have the necessary licenses to use CA policies, you can leverage the Access control > Network Location feature in the SPO admin center: Network location-based access to SharePoint and OneDrive - SharePoint in Microsoft 365 | Microsoft Learn
And yes, CA policies will apply to all users within their scope, regardless of license. It is your responsibility to make sure you meet the licensing requirements, as Microsoft rarely enforces such in code.
- azkermCopper Contributor
Thank you for your feedback. Let me try this and revert back!