Conditional access for site-collections in SharePoint Online

In one of my previous blogs I explained how you can use Intune and SharePoint Online together. The blog ended with me being somewhat annoyed by the fact that I couldn’t get the site-collection based conditional access working.

In the meantime, Microsoft has released a new version of the SharePoint Online PowerShell management shell and after importing the new cmdlets: it works!

Just follow the steps in the previous blog (at the end), and you will notice that you can set a conditional access policy based on one or more specific site collections.

This is the cmdlet involved:

Set-SPOSite -Identity <your site-collection URL> -ConditionalAccessPolicy AllowLimitedAccess

Which will modify your site-collection like this:

after

If you want to disable the conditional access, run this cmdlet:

Set-SPOSite -Identity <your site-collection URL> -ConditionalAccessPolicy AllowFullAccess

And your site-collection will not be protected by a conditional access policy.

before

Great stuff!!

2 Comments

  1. I’m missing the part where you can create your own policies or select them from the Azure AD policies

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s