In one of my previous blogs I explained how you can use Intune and SharePoint Online together. The blog ended with me being somewhat annoyed by the fact that I couldn’t get the site-collection based conditional access working.
In the meantime, Microsoft has released a new version of the SharePoint Online PowerShell management shell and after importing the new cmdlets: it works!
Just follow the steps in the previous blog (at the end), and you will notice that you can set a conditional access policy based on one or more specific site collections.
This is the cmdlet involved:
Set-SPOSite -Identity <your site-collection URL> -ConditionalAccessPolicy AllowLimitedAccess
Which will modify your site-collection like this:
If you want to disable the conditional access, run this cmdlet:
Set-SPOSite -Identity <your site-collection URL> -ConditionalAccessPolicy AllowFullAccess
And your site-collection will not be protected by a conditional access policy.
I’m missing the part where you can create your own policies or select them from the Azure AD policies
See the earlier blog for that 😄
can we apply the same conditional access for subsites (i am getting an error in powershell “The managed path is not a managed path in this tenant)
No. As far as I’m aware, this function only works for site-collections. Site-collections have been a best-practise by Microsoft for some time. Although there’s still a lot of subsites in use.
Hello Albert, is it possible to give a full access to a site collection only for some users not all?
Sorry about the late reply. It depends on what you consider “Full access”. SharePoint has multiple levels of access. On the highest level you have the site-collection owner and site-collection administrators. On the site-level you have the site-owner. A site-owner has full-access to the site, but does not have access to the site-collection options.
These are the options you can configure in SharePoint.
For conditional access, you can configure the policy to work for specific users or for the entire organisation.
Hope this helps.