In one of my previous blogs I explained how you can use Intune and SharePoint Online together. The blog ended with me being somewhat annoyed by the fact that I couldn’t get the site-collection based conditional access working.

In the meantime, Microsoft has released a new version of the SharePoint Online PowerShell management shell and after importing the new cmdlets: it works!

Just follow the steps in the previous blog (at the end), and you will notice that you can set a conditional access policy based on one or more specific site collections.

This is the cmdlet involved:

Set-SPOSite -Identity <your site-collection URL> -ConditionalAccessPolicy AllowLimitedAccess

Which will modify your site-collection like this:


If you want to disable the conditional access, run this cmdlet:

Set-SPOSite -Identity <your site-collection URL> -ConditionalAccessPolicy AllowFullAccess

And your site-collection will not be protected by a conditional access policy.


Great stuff!!

Posted by Albert Hoitingh

I'm an Office 365 businessconsultant/architect. My focus is on Office 365, information-management, security and governance. I'm honored to be a Microsoft MVP. I like to present and share information, most recently @ SharePoint Saturday London, Cambridge and Lisbon.


  1. I’m missing the part where you can create your own policies or select them from the Azure AD policies


    1. See the earlier blog for that 😄


  2. […] sensitivity label. In short, it’s using site-collection conditional access policies (see this article on this) – by simply adding a […]


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s