Forum Discussion
ChrisFicek
Jan 25, 2023Iron Contributor
Confidentiality or Terms of Use Notice Dialog/Popup on SharePoint
We are current exploring options as to how we could potentially implement a confidentiality or terms of use notice dialog/popup for users to review and accept before they can access the specific site. While there are some SPFX solutions and 3rd party web parts available for modern experience, we were curious if there was an M365 service that we are not thinking of that we should look into. We did find Terms of Use service - https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/terms-of-use#edit-terms-of-use-details but this appears to be applying it to all M365, not to a specific site. Any pointers would greatly be appreciated.
Thank you,
Chris
You have the possibility to add an authentication context to a container label in which you can be very specific only for that particular site. You specify the authentication context from AAD in the container label setting. And that AC can have a terms of use for that site. Bear in mind there are some limitations (still) when using AC's for Teams.
Authentication context
https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-cloud-apps#authentication-context
Container labels
https://learn.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels-teams-groups-sites?view=o365-worldwideIf you don't want to set up the site with other external access and sharing controls you can simply add an AC using Set-SPOSite.
Set-SPOSite -Identity https://contoso.sharepoint.com/sites/research -ConditionalAccessPolicy AuthenticationContext -AuthenticationContextName "MFA" (example).
You have the possibility to add an authentication context to a container label in which you can be very specific only for that particular site. You specify the authentication context from AAD in the container label setting. And that AC can have a terms of use for that site. Bear in mind there are some limitations (still) when using AC's for Teams.
Authentication context
https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-cloud-apps#authentication-context
Container labels
https://learn.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels-teams-groups-sites?view=o365-worldwideIf you don't want to set up the site with other external access and sharing controls you can simply add an AC using Set-SPOSite.
Set-SPOSite -Identity https://contoso.sharepoint.com/sites/research -ConditionalAccessPolicy AuthenticationContext -AuthenticationContextName "MFA" (example).
- Well I never thought of that. Very neat!
- ChrisFicekIron ContributorThank you for the response. We will check this out.
Thank you,
Chris
The Conditional Access TOU is the only method I know of. When you set up a new TOU, there is the option at the bottom to target your CA policy to Users and Apps. You should be able to target to groups as well. You test this - but only if your SPO sites are permissioned by AAD groups as opposed to SPO groups. That's the only way I could see this working for you in such a specific manner.