How to Block a Specific User’s SharePoint Online Access
Josh Reese
|
Jan 27 2023
|
3 min read
As an M365 Administrator, there will most likely come a time when you’ll want to block a specific user’s access to SharePoint Online. I ran into this issue recently for a client of mine, and I found the resources online lacking, so why not share what I’ve learned?
Before we begin, please note that blocking SharePoint Online access will block access to OneDrive as well. We accomplished blocking SharePoint Online using a Conditional Access policy. To utilize Conditional Access policies, your organization needs to have one of the following licenses:
Azure Active Directory Premium P1 or P2,
Microsoft 365 Business Premium,
Microsoft 365 E3 or E5, or
Enterprise Mobility and Security E3 or E5.
You may already be using Conditional Access policies for a variety of reasons. Some include enforcing MFA while excluding trusted location, or maybe you only allow logins to your tenant from within certain countries. Conditional Access policies offer a wide variety of options. For more information on Conditional Access policies in Azure see: Building a Conditional Access policy – Azure Active Directory – Microsoft Entra | Microsoft Learn.
The first step in building our Conditional Access policy is to log into the Azure Active Directory Admin Center. Then under “Security” there is a “Conditional Access” tab.
Then under “Conditional Access,” we can select the “Policies” tab and then “New policy.”
Next, we name our policy, “Block SharePoint Online,” then select the users or groups we want to block. In my situation I targeted one specific user, but in other situations you may want to create a security group and target that instead.
Next, you’ll click “Cloud app or actions” and include “Office 365 SharePoint Online.”
Next, you’ll set your conditions. Here I’m targeting “Any Device” for “Device Platforms,” “Any location” for “Locations,” and all “Client Apps.”
Next set “Grant” to “Block Access.”
Next, set “Session” to “Use app enforced restrictions.” This is key, and the policy will not work if this is not set.
Once you are ready, change the policy from “Report-only” to “On.”
With this policy enabled, users will not be able to access SharePoint or OneDrive from any device.
In my situation, my client required a third party user to have an email address within their tenant, but of course they did not want this third party to have access to all the company data within SharePoint. This Conditional Access policy allows the third party to continue using email while protecting the company data.
If you have questions or need assistance, please reach out to us!
This publication contains general information only and Sikich is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or any other professional advice or services. This publication is not a substitute for such professional advice or services, nor should you use it as a basis for any decision, action or omission that may affect you or your business. Before making any decision, taking any action or omitting an action that may affect you or your business, you should consult a qualified professional advisor. In addition, this publication may contain certain content generated by an artificial intelligence (AI) language model. You acknowledge that Sikich shall not be responsible for any loss sustained by you or any person who relies on this publication.
About the Author
Josh Reese
Josh Reese is a Senior Network Consultant at Sikich, assisting clients in achieving their business objectives through technology and trusted advice. He holds a Bachelor’s degree in Computer Information Systems from The University of Akron, as well as several Microsoft certifications. His primary area of focus revolves around Microsoft’s Cloud services. This includes working with both Azure and Microsoft 365 environments in order to drive clients toward full cloud enablement.
Sign up for Insights
Join 14,000+ Business executives and decision makers.
Latest Insights
Oracle Cloud
Redefining Internal Audit: How Oracle RMC Elevates Efficienc...
December 20, 2024
Oracle Cloud
Redefining Internal Audit: How Oracle RMC Elevates Efficienc...
December 20, 2024
Implementing Oracle Risk Management and Compliance (RMC) redefines the role of Internal Audit Managers, transforming the traditional audit process in...
From Paper to Automation: Rethinking Shop Floor Reporting
December 18, 2024
Technology
From Paper to Automation: Rethinking Shop Floor Reporting
December 18, 2024
Traditionally, manufacturers have relied heavily on manual shop floor reporting methods involving paper logs, spreadsheets, chalkboards, and color-co...
Enhancing Disaster Recovery with Microsoft Azure Site Recove...
December 17, 2024
Article
Enhancing Disaster Recovery with Microsoft Azure Site Recove...
December 17, 2024
Ensuring business continuity and minimizing downtime during unexpected disruptions is always paramount for any business. Microsoft Azure Site Recover...
The Cost of Free Custom Code in Multi-Company Organizations
December 16, 2024
Dynamics 365
The Cost of Free Custom Code in Multi-Company Organizations
December 16, 2024
If you are part of a large, multi-company organization, or if you have various "affiliated" companies, you may find yourself in a situation where cus...
Transforming the Role of Risk Managers with Oracle RMC: From...
December 13, 2024
Oracle Cloud
Transforming the Role of Risk Managers with Oracle RMC: From...
December 13, 2024
In the evolving world of risk and compliance, the role of the Risk Manager is transforming at an unprecedented pace. Traditionally, managing risk mea...
Only One Microsoft Dynamics 365 ERP System Is the Right Solu...
December 12, 2024
Technology
Only One Microsoft Dynamics 365 ERP System Is the Right Solu...
December 12, 2024
Are you looking to upgrade from an older Microsoft ERP system, like Dynamics AX, Dynamics NAV, Dynamics GP, or Dynamics SL? Or are you considering Mi...
For the second year running, I attended the Association of Equipment Manufacturers annual conference. This year it was in sunny and warm Indian Wells...
Managing user privileges is a critical part of maintaining robust security policies. Traditional methods of managing privileges, such as using local ...
Setting Up Delegate Approval Functionality in NetSuite
December 9, 2024
Technology
Setting Up Delegate Approval Functionality in NetSuite
December 9, 2024
Unexpected delays can halt critical approval processes. Even the most benign activities can slow or stop business operations. Scheduled vacations, il...
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookies
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.