The preview of limited access for SharePoint Online and OneDrive for Business is now available.

This functionality will help you to limit data leaked from SPO or OneDrive for Business by restricting access to the service from unmanaged device using browser access only – meaning users accessing SPO and/or OneDrive for Business using a BYOD device not joined to the domain or Azure AD Joined – will be able to access the service only from the web browser, limiting the risk to get files being cached on untrusted devices.

Setup limited access

  • Connect to your Azure Portal (https://portal.azure.com)
  • Access you Azure AD directory and reach the Conditional Access option

image

  • Create a new policy

image

  • Configure the condition(s) to allow access to SharePoint Online

imageimageimage

  • Once completed, access your SharePoint Online administration portal (https://<yourtenant>-admin.sharepoint.com) and access the Device Access section to enable the web browser limited access; you can authorize (or not) the download option

image

 

It may take up to 15 minutes to get the policy applied.

Once the policy is applied the end-user accessing SPO or OneDrive for Business using web browser from an untrusted device will see a yellow banner explaining why he is getting limited functionality.