Questions on SPO permission sharing.

Brass Contributor

Hi Community,


One of our Partners is trying to limit a client access to SharePoint via "Network Location" option in SharePoint admin center. But this option blocks out all external guests from viewing shared links from that SharePoint site.


They have tried deploying Conditional Access.


* Removed "Network Location" IP block

* Added IP to Azure Portal Trusted Locations

* Created a new policy to block organization users from accessing SharePoint from any other IP but the trusted one.

* Excluded Guests and external users from rule

* Included apps: "SharePoint Online"; excluded apps: "MS Teams"; "Exchange"; "Planner"

* Action: Block




1. Is there a way to exclusively allow external guests to view SharePoint content from any site?


This Conditional Access policy works, as in it block access to SharePoint from any untrusted IPs for organization users, but allows external users to access shares. But it blocks MS Teams access to organization users.


2. Is there a way to circumvent this?


Any pointers would be of great help. Thanks in advance!

0 Replies