Jan 25 2023 02:29 PM
We are current exploring options as to how we could potentially implement a confidentiality or terms of use notice dialog/popup for users to review and accept before they can access the specific site. While there are some SPFX solutions and 3rd party web parts available for modern experience, we were curious if there was an M365 service that we are not thinking of that we should look into. We did find Terms of Use service - https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/terms-of-use#edit-terms-... but this appears to be applying it to all M365, not to a specific site. Any pointers would greatly be appreciated.
Thank you,
Chris
Jan 29 2023 04:52 AM
The Conditional Access TOU is the only method I know of. When you set up a new TOU, there is the option at the bottom to target your CA policy to Users and Apps. You should be able to target to groups as well. You test this - but only if your SPO sites are permissioned by AAD groups as opposed to SPO groups. That's the only way I could see this working for you in such a specific manner.
Jan 29 2023 06:52 AM - edited Jan 29 2023 10:27 AM
SolutionYou have the possibility to add an authentication context to a container label in which you can be very specific only for that particular site. You specify the authentication context from AAD in the container label setting. And that AC can have a terms of use for that site. Bear in mind there are some limitations (still) when using AC's for Teams.
Authentication context
https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-acce...
Container labels
https://learn.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels-teams-groups-sites?vie...
If you don't want to set up the site with other external access and sharing controls you can simply add an AC using Set-SPOSite.
Set-SPOSite -Identity https://contoso.sharepoint.com/sites/research -ConditionalAccessPolicy AuthenticationContext -AuthenticationContextName "MFA" (example).
Jan 30 2023 06:15 AM
Feb 01 2023 07:53 AM
Jan 29 2023 06:52 AM - edited Jan 29 2023 10:27 AM
SolutionYou have the possibility to add an authentication context to a container label in which you can be very specific only for that particular site. You specify the authentication context from AAD in the container label setting. And that AC can have a terms of use for that site. Bear in mind there are some limitations (still) when using AC's for Teams.
Authentication context
https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-acce...
Container labels
https://learn.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels-teams-groups-sites?vie...
If you don't want to set up the site with other external access and sharing controls you can simply add an AC using Set-SPOSite.
Set-SPOSite -Identity https://contoso.sharepoint.com/sites/research -ConditionalAccessPolicy AuthenticationContext -AuthenticationContextName "MFA" (example).