Limited access will also apply to users on managed devices, if they use one of the following browser and operating system combinations:.(At this moment) First Release must be enabled in Office 365.A subscription to Microsoft Intune is required.A subscriptions to Azure AD Premium is required.Important notesīefore configuring the limited access to SharePoint Online, be sure to be familiar with the following important notes: In this section I’ll start with a few important notes and follow that by the required steps to make the earlier mentioned configurations. To limit access, the administrator should configure two conditional access policies and configure a setting in the SharePoint Online. To block access, the administrator usually configures one conditional access policy. The administrator can block or limit access to SharePoint Online content on devices that are not managed, not compliant and/or not joined to a domain.
I’ll end this post with the end-user experience with app enforced restrictions. In this post I’ll go through the required configuration to get SharePoint Online configured with conditional access and app enforced restrictions. This enables the cloud app to know if the user is coming from a (non-)compliant device or (non-)domain joined device.Ĭurrently Session controls are only supported with SharePoint Online as the cloud app. In other words, these controls can be used to require Azure AD to pass the device information to the cloud app. The great thing about Session controls is is that those controls are enforced by the cloud apps and that those controls rely on additional information provided by Azure AD to the cloud app, about the session. Session controls enable a limiting experience within a cloud app. More specific, the Session control of app enforced restrictions.
This blog post is about a recently introduced feature in conditional access, named Session controls.