News

Microsoft Previews Conditional Access Feature for SharePoint Online

A preview of a new conditional access capability for Microsoft SharePoint Online and OneDrive for Business users is now rolling out to "first release" testers.

Microsoft described the feature as a "conditional access by network location" security capability. It's a free addition to those services that's designed to thwart "data leakage" scenarios in which restricted information could get dispersed.

The company expects to release the feature on Jan. 20 to all "commercial and GCC [Government Community Cloud] tenants, and will not require additional licensing," Microsoft explained in a Microsoft Tech Community blog post late last week.

IT pros can use the SharePoint Admin console to define the network boundaries for this feature. Essentially, they provide "whitelisted address ranges" for end users in an organization. A user who tries to access SharePoint Online or OneDrive for Business outside those whitelisted addresses will get blocked and will see an "access restricted" message. Policy set via the console in this way will apply across an organization's Office 365 tenant for the SharePoint Online and OneDrive for Business services.

The new conditional access capability is just for SharePoint Online and OneDrive for Business users, though. It's not for SharePoint Server users.

"These policies do not affect SharePoint Server, and we have no information about plans to include on premises SharePoint Sever in the scope of these access policies," Microsoft's announcement explained.

The new conditional access feature is turned off by default. IT pros wanting to use it have to enable it via the console. Microsoft noted some caveats, though, when activating it. If an IT pro omits his or her machine's IP address from the range of whitelisted IP addresses, then it'll "lock out the admin session." In such cases, Microsoft support will need to be contacted.

Conditional access policy configurations using Microsoft's Azure Active Directory Premium service will get "interpreted first, followed by the SharePoint policy," Microsoft explained. For instance, if an IP address was blocked with the Azure Active Directory Premium service, it cannot be enabled using the SharePoint Online conditional access feature.

Microsoft also warned that users of its collaboration applications could see "unpredictable results" under certain conditions when using the new conditional access feature, especially users who aren't on the whitelist.

"For collaborative apps that use SharePoint team sites to provide file storage, such as Microsoft Teams or Planner, users will see unpredictable results when accessed outside the whitelist."

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • Microsoft Offers Support Extensions for Exchange 2016 and 2019

    Microsoft has introduced a paid Extended Security Update (ESU) program for on-premises Exchange Server 2016 and 2019, offering a crucial safety cushion as both versions near their Oct. 14, 2025 end-of-support date.

  • An image of planes flying around a globe

    2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • Notebook

    Microsoft Centers AI, Security and Partner Dogfooding at MCAPS

    Microsoft's second annual MCAPS for Partners event took place Tuesday, delivering a volley of updates and directives for its partners for fiscal 2026.

  • Microsoft Layoffs: AI Is the Obvious Elephant in the Room

    As Microsoft doubles down on an $80 billion bet on AI this fiscal year, its workforce reductions are drawing scrutiny over whether AI's ascent is quietly reshaping its human capital strategy, even as official messaging avoids drawing a direct line.