Microsoft Previews Conditional Access Feature for SharePoint Online -- Redmond Channel Partner

Microsoft Previews Conditional Access Feature for SharePoint Online

By Kurt Mackie
January 20, 2017

A preview of a new conditional access capability for Microsoft SharePoint Online and OneDrive for Business users is now rolling out to "first release" testers.

Microsoft described the feature as a "conditional access by network location" security capability. It's a free addition to those services that's designed to thwart "data leakage" scenarios in which restricted information could get dispersed.

The company expects to release the feature on Jan. 20 to all "commercial and GCC [Government Community Cloud] tenants, and will not require additional licensing," Microsoft explained in a Microsoft Tech Community blog post late last week.

IT pros can use the SharePoint Admin console to define the network boundaries for this feature. Essentially, they provide "whitelisted address ranges" for end users in an organization. A user who tries to access SharePoint Online or OneDrive for Business outside those whitelisted addresses will get blocked and will see an "access restricted" message. Policy set via the console in this way will apply across an organization's Office 365 tenant for the SharePoint Online and OneDrive for Business services.

The new conditional access capability is just for SharePoint Online and OneDrive for Business users, though. It's not for SharePoint Server users.

"These policies do not affect SharePoint Server, and we have no information about plans to include on premises SharePoint Sever in the scope of these access policies," Microsoft's announcement explained.

The new conditional access feature is turned off by default. IT pros wanting to use it have to enable it via the console. Microsoft noted some caveats, though, when activating it. If an IT pro omits his or her machine's IP address from the range of whitelisted IP addresses, then it'll "lock out the admin session." In such cases, Microsoft support will need to be contacted.

Conditional access policy configurations using Microsoft's Azure Active Directory Premium service will get "interpreted first, followed by the SharePoint policy," Microsoft explained. For instance, if an IP address was blocked with the Azure Active Directory Premium service, it cannot be enabled using the SharePoint Online conditional access feature.

Microsoft also warned that users of its collaboration applications could see "unpredictable results" under certain conditions when using the new conditional access feature, especially users who aren't on the whitelist.

"For collaborative apps that use SharePoint team sites to provide file storage, such as Microsoft Teams or Planner, users will see unpredictable results when accessed outside the whitelist."

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.

Free Webcast! Learn about Password Management Best Practices

Featured

2020 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.
Microsoft Offers Resources for Orgs Stuck on Windows Server 2008

For organizations that still haven't transitioned away from Windows Server 2008, which lost support on Jan. 14, Microsoft is extending some help.
Microsoft Commits $1 Billion to Going 'Carbon Negative' in 10 Years

Microsoft is aiming to become "carbon negative" by 2030 thanks to a companywide carbon-reduction initiative it announced on Thursday.
Chromium-Based Microsoft Edge Hits a Release Milestone

The first "stable" release of Microsoft's Chromium-based Edge browser is now commercially available, Microsoft announced on Wednesday.

RCP Update

Email Address:

Country

Terms and Privacy Policy consent

Yes, I agree No, I don't agree

I agree to this site's Privacy Policy.