Data sharing and access are capabilities businesses and organizations require the most these days. Remote working and mobile access to resources and collaboration platforms made it easier to access data and resources from anywhere, anytime. Employees want to access documents and email from different devices, and from various locations at a time. This might result in data loss and overexposure of critical data. Microsoft SharePoint and OneDrive are solutions that are providing the best security features and configuration options to avoid these security risks effortlessly. You can control data access in SharePoint and OneDrive by setting up a location-based policy. Want to control access to SharePoint Online and OneDrive? Let us tell you more about how to define a location-based policy to control data access in SharePoint and OneDrive.
To ensure that your business’s data and resources are safe, you can control access to SharePoint Online and OneDrive data in Microsoft 365 by allowing access only from a list of trusted network locations that your trust. This is also known as a location-based policy. You can learn more about securing SharePoint Online here. You can easily learn how to access SharePoint Online safely.
Benefits of Controlling Access Based on Network Location
The main benefit of setting up such a location-based policy is in avoiding data leakage. Once you have defined the trusted network locations, no one can access your SharePoint and OneDrive data from a different network location/device. Access from untrusted networks is always a threat to businesses. IT admins need to create a list of network locations they trust by specifying known authorized IP addresses. Users who are trying to access your SharePoint or OneDrive from outside your defined network locations will be denied. This applies to everyone accessing SharePoint and OneDrive from a web browser, mobile platforms, and desktop devices.
Once the network locations are accurately defined, you can safely Manage SharePoint Document Libraries.
Factors That Get Effected with A Location-Based Policy
Few factors need to be considered at the time of configuring the trusted network locations from your SharePoint and OneDrive users. It is essential to keep these considerations in mind to ensure that your location-based policy turns out to be effective and accurate. Handle the access to SharePoint Online and OneDrive to secure your data. Let us get into the details here:
External Sharing Settings
Once you have defined a location-based policy, no one can access files or resources from outside the network. If you have shared any documents with guest users outside your organization, they may not be able to access those files again. This happens if they are outside the IP addresses you defined in the policy.
First and Third-party Apps Access
By default, SharePoint documents can be accessed from Microsoft applications like Yammer, Teams, Exchange, OneNote, Power Apps, and more. Currently, not all apps in this list are supporting location-based policies, so those which are not supporting them will be denied data access once the policy is activated. However, Teams, Yammer, and Exchange apps are supporting the location-based policy feature.
Dynamic IP Ranges
If your organization has a working atmosphere where you cannot determine the IP addresses in which your users will be accessing these platforms, the location-based policy might not work well for you. Especially when you are utilizing services and service providers who are hosting apps from dynamic originating IP addresses, this should be considered before defining a location-based policy. This is important to provide error-free and easy access to SharePoint Online.
SharePoint consists of other excellent facilities like Document Co-authoring, versioning, and more.
How to Configure a Location-based Policy
Here are the steps to configure a location-based policy for your organization:
- Visit the Access control page of the new admin center.
- Sign in with an admin account with necessary permissions.
- Choose Network location and enable Allow access only from specific IP address ranges
- In the text box provided below, enter IP addresses or address ranges accurately.
- Ensure that each address is separated by a comma.
- Click on ‘Save’ once you are done.
Tips to Achieve the Best from These Controls
For these options to work perfectly, you need to take care of some extra factors too. Here are some tips to achieve the best out of these security options:
- You must enter your IP address in the list. This is important to avoid blocking your access to important data.
- Once the policy is active, you are not only denying access to SharePoint sites and OneDrive but also to their admin centers. You will not be able to run any commands in PowerShell cmdlets too.
- In case you are locked out of access by mistake, you must contact support.
- If you have saved overlapping IP addresses, an error message ‘The Input IP allow list has overlaps’ will be shown.
Keep these factors in mind and you can easily define a location-based policy to control data access in SharePoint and OneDrive. You need to ensure that organization-level sharing settings are properly configured to let your team utilize the potentials of SharePoint as a collaboration platform. Hope you find this blog post useful. Keep visiting our blog to explore more SharePoint and other Microsoft Solutions.
Written by Alex K Joseph
Alex Joseph is a Digital Marketing Strategist with explicit knowledge in Content Marketing and Microsoft Technologies. A writer by day, Alex is a night owl and a DIYer. Alex's theory is to make businesses achieve success with modern solutions and smart exploitation of resources.