How to block someone from accessing SharePoint

Businesses can go through many shift-ups during their lifetime; sometimes it can be financial problems, others it can be members of staff changing; for the latter, the business will need to set policies in place for anyone that leaves the business while also updating their own for remaining staff.

I have created this guide that covers how you can block someone from accessing SharePoint. These methods will work on Mac and Windows, as you can do it from a browser using Office 365, and you will need to be on an admin account for permissions. Read on to find out more.

Method – Block user access to SharePoint.

  • First, go to Office.com, then click on the app launcher in the top left corner.
  • Click on “Admin,” then click “Show all.”
  • Then go to “Azure Active Directory.”
  • Press the “All Services” menu and find “Conditional Access Policies.”
  • Create “New Policy.”
  • Update the users included in the policy. Here, you can include specific people or choose “all users.”
  • In the “Cloud app or actions” section, you can choose “SharePoint Online.”
  • Update the “conditions” to include desktop users.
  • Then, in “Access Controls,” enable “Block access.”
  • Then enable “User enforced restrictions” in “Session.”
  • Lastly, click “Create” to enable the policy.

Once you follow this part of the guide, you will enable your policy, and any user you have listed will have lost their access to SharePoint. You will need to sign out from Microsoft apps that connect to SharePoint, such as OneDrive or Teams, as it will allow it to sync and test if the policy has worked. You will know it has worked as you will receive a message saying either “Access Denied” from SharePoint or “This item doesn’t exist” on Teams.

Other than covering how to block someone’s access to SharePoint, this guide will cover how you can add users to the site and block user access from unmanaged devices.

Content List

Why would you need to block users in SharePoint?

The business may block specific users from their SharePoint by using Azure Active Directory. One of the main reasons you would need to block a user from accessing SharePoint would be if a member of staff leaves the company, they would need to remove their ability to connect to the company SharePoint site. This access would be a breach of security and privacy if they could still connect to it after leaving the business, and there would be the risk of company information being leaked.

Another reason could be that a user accidentally added a user into their group on SharePoint; if a user gets added to an Office 365 group, they will have access to Teams and the Teams SharePoint site, so by using Azure AD, you can view groups and remove members you don’t want in the team and their account access to your business site.

How to add people to the SharePoint site

To make sure that only the people you need are added to your SharePoint site, you need to go to SharePoint on office.com. You can change the site permissions here; also, this will change users’ access privileges on SharePoint. To do this, you will need to go to the site settings.

  • Once on the site, press the settings icon and choose “site permissions.”
  • From here, there is the option to “Add members” click that to show the option to either “Add members to group” or “Share site only.”

If “Add members to group” is chosen, they will be added to the Office 365 group, letting them access Teams. If you want to add someone only to the SharePoint site, click “Share site only.” you can view a few more things here; these include.

  • Here you can view the different levels of access on the SharePoint site, and by clicking these, you can view who is under what category.
  • Site Sharing is where you can change what permissions the site has set for the users.
  • There is the option for “Advanced permissions settings—” this is where you can change user site permissions and view them for the different levels of users. To edit other user permissions, you need to be one of the site’s “Owners.”

How to block user access for SharePoint

For this guide, you need to go to office.com and to the admin app, where you can find Azure Active Directory; this is where users can create policies and set rules for the business. You can also find ample information about the business and the users because it is a database. It is where users can find their access privileges and permissions the business has set. Changes made in Azure will affect your access across other Microsoft software, including SharePoint, as it affects everything connected to your work account.

  • First, go to Office.com, then click on the app launcher in the top left corner.
  • Click on “Admin,” then click “Show all.”
  • Then go to “Azure Active Directory.”
  • Press the “All Services” menu and find “Conditional Access Policies.”
This image has an empty alt attribute; its file name is image-568.png
  • Create “New Policy.”
This image has an empty alt attribute; its file name is image-569.png
  • Update the users included in the policy. Here, you can include specific people or choose “all users.”
This image has an empty alt attribute; its file name is image-570.png

You need to click “users and groups” and search for the user.

  • In the “Cloud app or actions” section, you can choose “SharePoint Online.”
  • Update the “conditions” to include desktop users.
This image has an empty alt attribute; its file name is image-574.png
  • Then, in “Access Controls,” enable “Block access.”
  • Then enable “User enforced restrictions” in “Session.”
  • Lastly, click “Create” to enable the policy.

After you have followed this guide, you will have created the “Policy,” you should sign out of Microsoft Teams and OneDrive because these are connected to SharePoint, which will refresh them. At this point, you cannot sign into or access parts of software that have a connection to the business, such as the business OneDrive so all the work in there will be inaccessible to the user and any team in Microsoft Teams that your business uses, from then you will see messages saying you have no access to the feature in varying ways.

Microsoft Teams

Source – Microsoft

SharePoint

Source – Microsoft

How to block user access from Unmanaged devices

After removing a specific user’s access to SharePoint, you could consider making a policy that blocks users from signing onto Microsoft 365 with their own devices, meaning that people in the business can log in on company devices; read below for how to do this.

Method

  • Go back to Office 365
  • Go to the app launcher and Click “Admin.”
  • Click “Show All”
This image has an empty alt attribute; its file name is image-554.png
  • Press “SharePoint”
  • Under “Policies,” then “Access Control.”
  • Press “Unmanaged devices,” then “Block Access.”
  • Finally, click “Save.”

Conclusion

If a business wants to remove access for individuals, they will need to create a policy that will stop them from accessing SharePoint or other Microsoft software business-wide. You can also remove user permissions from SharePoint users by visiting site settings, then site permissions and advanced site permissions. You can only add or remove user permissions if you are one of the site owners.

Thank you for reading this guide; if you think it covered everything you wanted or have any other questions about this or other topics, you can contact the staff. We also have many other guides on numerous topics that you can check out.

Need help? This is a free service for Business Tech Planet readers. Pop in your problem below and we'll be in touch soon!

Siddra Afzal

Siddra Afzal has been a researcher and content writer at Business Tech Planet since 2021. Siddra formerly wrote newsletters for the NHS and was a PR and Communications Officer. She now combines her passion for photography and video editing with her knowledge of communications, writing, and research to the art of crafting the perfect tech guides for BTP. You can connect with Siddra on LinkedIn.

Recent Posts