Restrict OfB Access by IP Address

%3CLINGO-SUB%20id%3D%22lingo-sub-1732885%22%20slang%3D%22en-US%22%3ERestrict%20OfB%20Access%20by%20IP%20Address%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1732885%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Team%2C%3C%2FP%3E%3CP%3EIs%20it%20possible%20to%20restrict%20ondrive%20for%20business%20access%20based%20on%20the%20IP%20of%20the%20device%3F%20This%20is%20required%20for%20a%20Telco%20who%20is%20planning%20to%20bundle%20this%20along%20with%20their%20connectivity%20options%20and%20they%20would%20like%20users%20to%20have%20access%20only%20from%20their%20network.%20Understand%2C%20OfB%20has%20internet%20end%20points%2C%20therefore%2C%20not%20sure%20if%20this%20is%20a%20possible%20scenario.%20If%20not%2C%20are%20there%20any%20alternate%20options%20for%20such%20a%20requirement%3F%3C%2FP%3E%3CP%3EThanks%2C%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1732885%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EOneDrive%20for%20Business%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1733247%22%20slang%3D%22en-US%22%3ERe%3A%20Restrict%20OfB%20Access%20by%20IP%20Address%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1733247%22%20slang%3D%22en-US%22%3EYou%20can%20restrict%20access%20to%20SharePoint%20Online%20and%20hence%20to%20OneDrive%20For%20Business%20trough%20the%20SPO%20Admin%20Center.%20Be%20careful%20when%20doing%20this%20because%20you%20might%20be%20blocking%20access%20to%20yourself%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsharepoint%2Fcontrol-access-based-on-network-location%3FWT.mc_id%3DM365-MVP-4015732%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsharepoint%2Fcontrol-access-based-on-network-location%3FWT.mc_id%3DM365-MVP-4015732%3C%2FA%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Hi Team,

Is it possible to restrict ondrive for business access based on the IP of the device? This is required for a Telco who is planning to bundle this along with their connectivity options and they would like users to have access only from their network. Understand, OfB has internet end points, therefore, not sure if this is a possible scenario. If not, are there any alternate options for such a requirement?

Thanks,

4 Replies
You can restrict access to SharePoint Online and hence to OneDrive For Business trough the SPO Admin Center. Be careful when doing this because you might be blocking access to yourself https://docs.microsoft.com/en-us/sharepoint/control-access-based-on-network-location?WT.mc_id=M365-M...

Thanks for the inputs @Juan Carlos González Martín . If the AD conditional access is added, then the overall cost of the offering will go up by few more $$ for the customer. :-(.

 

The Telco is planning to bundle OfB with their connectivity offering, however, as the idea is to drive connectivity usage, they would like to ensure OfB is used primarily using their connectivity. 

Hi!
The feature I have explained does not rely on conditional access, it's a feature you have in the SPO Admin Center and it does not require additional licensing

@Juan Carlos González Martín 

the article you shared states the following in a separate box. As AAD Conditional Access Policy restricts based on IP, wondering if this is a must to apply the IP based restrictions. In any case, I feel, for a Telco network which could be pretty vast, not sure if such a setting is viable and recommended. 

 

 Important

This feature relies on Azure AD Conditional Access policies being available. You will need an Azure AD Premium P1 or P2 subscription for this to work. For more info about this, refer to the announcement in the Azure Active Directory Identity Blog.

 

 

Thanks again for looking into this.