How to disable access to SharePoint for all users


A business may decide to disable access to SharePoint for specific users if, for example, a member of staff is no longer with the company. You will need to remove their ability to access SharePoint as not to allow a security breach.

Below, I have created a guide that will cover how you can remove someone’s access to SharePoint. This guide will cover a method that involves Office 365, that works on both Windows and Mac and can be done on a browser.

Method – Block access to Microsoft 365 on unmanaged devices

  • Go to https://www.office.com and sign in.
  • Find the “App launcher” in the left corner.
  • Click on “Admin.”
  • Press “Show all.”
  • Then click “SharePoint”
  • Next to “Policies,” press the dropdown, then “Access Control.”
  • Now click “Unmanaged devices, then choose “block access.”
  • Choose “Save.”

This is the first step of the method because when you remove SharePoint access for all users, you should also block access for their devices as a security concern to ensure that they cannot get back onto the system and purposely or accidentally leak any of the businesses data.

Method – Block user access to SharePoint.

  • Now go to “Azure Active Directory” by going back to “Admin” and clicking “Show all.”
  • Press the menu called “All Services” and find “Conditional Access Policies.”
  • Create “New Policy.”
  • Update the users included for the policy. Here you can include all users or exclude specific users.
  • Then choose “SharePoint” in the “Cloud app or actions” menu.
  • Then update the “conditions” menu so you can include desktop users.
  • Under “Access Controls,” enable “Block access.”
  • Next, under “Session,” enable “User enforced restrictions.”
  • Finally, enable the policy and click “Create.”

Once you follow this part of the guide, your policy will be enabled, and any user you have listed will have lost their access to SharePoint. You will need to sign out from Microsoft apps that connect to SharePoint, such as OneDrive or Teams, as it will allow it to sync and test if the policy has worked. You will know it has worked as you will receive a message saying either “Access Denied” from SharePoint or “This item doesn’t exist” on Teams.

Content list

Why would you need to disable access to SharePoint?

One of the primary reasons an admin should need to disable SharePoint access is that many users may be no longer in the company. You would need to remove their access privileges over the potential that somehow they could leak data by still being able to log into a company site. This is a security risk, so it should be done as soon as somebody has been removed from the company. Alternatively, the company may need to keep all users on the system but not allow them to view SharePoint; this can be quickly done by creating a policy as you can choose specific software that a changeable group of users won’t have access to. Doing this allows you to keep all your users with full access to other Microsoft systems that you choose to give them without being able to go on SharePoint.

How to remove Microsoft 365 access on unmanaged devices – with Screenshots

This method should be done on top of removing SharePoint access because it is for the benefit of security and privacy in the business, that any user that you need to remove from accessing SharePoint should also not be allowed to access Microsoft 365 while on any device that isn’t listed on Azure AD.

  • To start, go to https://www.office.com and sign in with your Microsoft account.
  • Next, find the “App launcher” in the left corner. This is shown by the nine-dot icon in the top left corner of the screen.
  • After this click the menu on the left and then press “Show all.”
  • Then click on “SharePoint,” which will take you to the SharePoint admin center.
  • Next to “Policies,” press the dropdown, then “Access Control.”
  • Now click “Unmanaged devices, then choose “block access.”
  • After doing this press “Save.”

After following these steps, users will not be able to access Microsoft 365 software and features without company-approved devices.

How to block access to SharePoint for all users – with Screenshots

After you do this method, you should focus on creating a policy to block access to SharePoint for all or specific users. You do this by going to the Azure admin center and making a policy here.

  • Firstly go to “Azure Active Directory” by going back to “Admin” and clicking “Show all.”
  • Press the menu called “All Services” and find “Conditional Access Policies.”
  • Create “New Policy.”
  • Update the users included in the policy. Here you can include all users or exclude specific users.
  • Then choose “SharePoint” in the “Cloud app or actions” menu.
  • Then update the “conditions” menu so you can include desktop clients.
  • Under “Access Controls,” enable “Block access.”
  • Next, under “Session,” enable “User enforced restrictions.”
  • Finally, enable the policy and click “Create.”

Once you have followed these steps to create the “Policy,” you will need to refresh or sign out of Microsoft Teams and OneDrive as these are both connected to SharePoint. Once you do that, you will see different messages when trying to access them.

SharePoint

Source – Microsoft

Microsoft Teams

Source – Microsoft

Conclusion

To conclude, if you are in the position to remove users’ access to certain features, you can find it using Azure AD, which will allow you to create a policy specifically tailored for either singular or groups of users. By carefully following the steps laid out to you, making a policy is simple.

Thank you for taking the time to read through this guide. I hope you have been able to find what you are looking for. As always, you can contact our staff if you have any queries about this or other topics, and be sure to check our other guides if you have any other tech problems.

Recent Posts