Monday, December 10, 2018

Enforce Multi-Factor Authentication for external users' in #SharePointOnline


Many of the organizations are using  SharePoint Online in Office 365 as their content management system and it is essential to protect data so that the sensitive data does not slip into false hands. It is here we can use Multi-Factor Authentication and we can do this through Azure AD for that tenant by creating a Dynamics group for ‘External users’ and then create a conditional access policy and apply it to SharePoint Online.

Creating a Group for External Users:

  1. Login to Azure AD Portal and go to Azure AD > Users and Groups > All Groups and click New Group.
  2. Provide a name and description to this group and select membership type (Dynamic User). Click Add query -> Create to make the group dynamic.
    It will take some time for the group to populate.
  3. After Group is created, you need to provide Conditional access to this Group.

Create a Conditional Access Policy for SharePoint Online:

  1. Login to Azure AD Portal, go to Enterprise Application > Conditional Access and click on New Policy.
  2. Provide the name to the policy. Under Assignment > Users and Groups, select Include > Select Users and groups > Select, and then chose the group whom you want to provide the policy (External users).
  3. Under Assignment, go to Cloud Apps >Include > Select, and then choose the application (Office 365 SharePoint Application).
  4. Under Condition, select Condition if you want.
  5. Under Access Control, go to Grant and select Grant access and then choose Require multi-factor authentication.
  6. At last, toggle the Enable policy switch to ON and click Create.
  7. To verify if the policy is created, navigate to Conditional Access and check the policy name and if it is enabled.
  8. Wait for few minutes for the policy to take effect, after that you can check by sharing a document from SharePoint to an external user. It will ask for authentication (see below image).


In this way, you can create a conditional access policy and protect the sensitive data in your SharePoint Online. Hope this will be useful.

No comments:

Post a Comment

Change the default email address and anonymous user to send email to Public Folder

An Exchange public folder can be used by several people in Outlook Web App or in their local Outlook installations. It allows a group of us...