In one of my previous blogs I explained how you can use Intune and SharePoint Online together. The blog ended with me being somewhat annoyed by the fact that I couldn’t get the site-collection based conditional access working.

In the meantime, Microsoft has released a new version of the SharePoint Online PowerShell management shell and after importing the new cmdlets: it works!

Just follow the steps in the previous blog (at the end), and you will notice that you can set a conditional access policy based on one or more specific site collections.

This is the cmdlet involved:

Set-SPOSite -Identity <your site-collection URL> -ConditionalAccessPolicy AllowLimitedAccess

Which will modify your site-collection like this:

after

If you want to disable the conditional access, run this cmdlet:

Set-SPOSite -Identity <your site-collection URL> -ConditionalAccessPolicy AllowFullAccess

And your site-collection will not be protected by a conditional access policy.

before

Great stuff!!

Posted by Albert Hoitingh

I'm an Office 365 businessconsultant/architect. My focus is on Office 365, information-management, security and governance. I'm honored to be a Microsoft MVP. I like to present and share information, most recently @ SharePoint Saturday London, Cambridge and Lisbon.

3 Comments

  1. I’m missing the part where you can create your own policies or select them from the Azure AD policies

    Reply

    1. See the earlier blog for that 😄

      Reply

  2. […] sensitivity label. In short, it’s using site-collection conditional access policies (see this article on this) – by simply adding a […]

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s