Lockdown SharePoint Onedrive access to certain IP / computers

%3CLINGO-SUB%20id%3D%22lingo-sub-750020%22%20slang%3D%22en-US%22%3ELockdown%20SharePoint%20Onedrive%20access%20to%20certain%20IP%20%2F%20computers%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-750020%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20using%26nbsp%3B%3CSTRONG%3E%3CFONT%20face%3D%22Calibri%22%20size%3D%222%22%20color%3D%22black%22%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FFONT%3E%3C%2FSTRONG%3E%3CSPAN%3EOffice%20365%20Business%20Premium%20and%20Office365%20Business%20Essentials%20which%20is%20connected%20to%20to%20our%20local%20domain%20controllers%20using%20AD%20Connect.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EAt%20the%20moment%20users%20can%20logon%20to%20any%20computer%20and%20access%20OneDrive%20%2F%20SharePoint%20however%20we%20would%20like%20to%20restrict%20this%20so%20access%20is%20only%20from%26nbsp%3BCompany%20approved%20computers%20and%2For%20IP%20addresses.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EAnyone%20know%20if%20this%20is%20possible%3F%20Is%20so%20would%20we%20be%20licensed%20for%20this%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EThanks%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-750020%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOneDrive%20for%20Business%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-750238%22%20slang%3D%22en-US%22%3ERe%3A%20Lockdown%20SharePoint%20Onedrive%20access%20to%20certain%20IP%20%2F%20computers%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-750238%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F272339%22%20target%3D%22_blank%22%3E%40Pn1995%3C%2FA%3E%26nbsp%3B%20the%20cleanest%20and%20simplest%20approach%20would%20be%20Conditional%20access%20policies%20but%20that%20will%20require%20you%20to%20have%20EMS%20licenses.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWithout%20EMS%20you%20could%20try%20the%20following%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFor%20the%20OneDrive%20Sync%20client%3A%20You%20could%20add%20a%20restriction%20to%20only%20allow%20syncing%20from%20machines%20that%20are%20joined%20to%20your%20AD%20Domain.%3C%2FP%3E%3CP%3ENote%3AWith%20this%20approach%2C%20you%20either%20allow%20all%20Macs%20or%20Block%20All.%20And%20this%20does%20not%20affect%20Mobile%20devices.%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fonedrive%2Fallow-syncing-only-on-specific-domains%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fonedrive%2Fallow-syncing-only-on-specific-domains%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFor%20Browser%20based%20access%3A%20SharePoint%20Online%20does%20have%20a%20feature%20that%20lets%20you%20restrict%20access%20to%20particular%20IPs.%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsharepoint%2Fcontrol-access-based-on-network-location%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsharepoint%2Fcontrol-access-based-on-network-location%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Contributor

Hi 

 

We are using  Office 365 Business Premium and Office365 Business Essentials which is connected to to our local domain controllers using AD Connect.

 

At the moment users can logon to any computer and access OneDrive / SharePoint however we would like to restrict this so access is only from Company approved computers and/or IP addresses.

 

Anyone know if this is possible? Is so would we be licensed for this?

 

Thanks

1 Reply
Highlighted

@Pn1995  the cleanest and simplest approach would be Conditional access policies but that will require you to have EMS licenses.

 

Without EMS you could try the following:

 

For the OneDrive Sync client: You could add a restriction to only allow syncing from machines that are joined to your AD Domain.

Note:With this approach, you either allow all Macs or Block All. And this does not affect Mobile devices.

https://docs.microsoft.com/en-us/onedrive/allow-syncing-only-on-specific-domains

 

For Browser based access: SharePoint Online does have a feature that lets you restrict access to particular IPs.

https://docs.microsoft.com/en-us/sharepoint/control-access-based-on-network-location