cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Assign Contitional Access Policy to a SharePoint Group

Oliver McErlane
Brass Contributor

‎Apr 18 2019 03:48 AM - last edited on ‎Feb 10 2023 02:31 PM by

‎Apr 18 2019 03:48 AM - last edited on ‎Feb 10 2023 02:31 PM by

Assign Contitional Access Policy to a SharePoint Group

Hi,

 

I have set up a Conditional Access Policy so that some of our Guest accounts are required to have MFA to access the SharePoint Online subsite that they have been invited to.

These Guests are added to a SharePoint Group and internal staff added to an on-prem AD group which is synced up to Azure AD and this domain group given access.

 

When a set up the CA, see screenshot, I can add individual guest accounts.

This means that when I invite an external user to the group, I also have to manually add them to the CA policy.

 

Is it possible to include the SharePoint group to the policy rather than individual guest accounts?

 

Thank you,

Ollie

 

 

Preview file
113 KB
1,150 Views
0 Likes
3 Replies
Reply
3 Replies
Vasil Michev

‎Apr 18 2019 10:09 AM

‎Apr 18 2019 10:09 AM

Re: Assign Contitional Access Policy to a SharePoint Group

It needs to be a group that exists in Azure AD, "pure" SPO groups don't qualify. But a group synced from AD should be OK. Do note that the picker control only lists a limited set of results, so search for the group.

1 Like
Reply
Oliver McErlane

‎Apr 19 2019 02:41 AM

‎Apr 19 2019 02:41 AM

Re: Assign Contitional Access Policy to a SharePoint Group

@Vasil Michev 

Thanks for this Vasil.

We usually invite guests to pure SPO groups.

Is it possible to add a guest as a contact in our on-prem AD group which is synced up to Azure, then add the Azure AD group to the CA policy.

 

Otherwise, every time we invite a guest to the SPO group that has access to a subsite with sensitive information, we will have to manually add them to the CA policy.

 

Ollie

0 Likes
Reply
Vasil Michev

‎Apr 19 2019 10:50 AM

‎Apr 19 2019 10:50 AM

Re: Assign Contitional Access Policy to a SharePoint Group

I don't think so, that would be a different object, not related to the guest user object you will have in your tenant.

0 Likes
Reply