In addition to the previous section where we discussed managing how users can share information, you can also manage under what conditions they can access it. Under Device access in the OneDrive Admin Center, you can configure additional access security restrictions, as shown in the following screenshot:
- Allow access only from specific IP address locations: Use this option to specify networks that OneDrive is accessible from. If you're specifying your corporate network, be sure to include all of your public addresses. If you lock yourself out, you will need to contact support to regain access.
This setting will affect access to SharePoint Online as well as any other services that require access to SharePoint Online, such as Microsoft Teams. If you begin configuring restrictions here, you should ensure that other connected applications that use SharePoint as a storage service continue to work as anticipated.
- Allow access from apps that don't use modern authentication: This can be used to enable or disable access from third-party applications as well as older versions of the OneDrive for Business synchronization client.
Under Mobile application management, there are additional policy options that apply to mobile devices, as follows:
SETTING | OPTION |
Block downloading files in the apps | On/Off |
Block taking screenshots in Android apps | On/Off |
Block copying files and content within files | On/Off |
Block printing files in the apps | On/Off |
Block backing up app data | On/Off |
Require app passcode | Number of attempts before the app is reset (numeric value) Passcode length (numeric value) Require complex passcode (On/Off) Allow a fingerprint instead of a passcode (iOS only) (On/Off) |
Block opening OneDrive and SharePoint files in other apps | On/Off |
Encrypt app data when the device is locked | On/Off |
Require Office 365 sign-in every seven days | On/Off |
Minutes to verify user access after | Numeric value |
Days to wipe app data after | Numeric value |
If you have Intune, you may wish to configure additional settings there as well.
In the next section, we'll move on from access control restrictions in the OneDrive for Business admin center to the SharePoint admin center.