This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi, we have a conditional access rule to restrict Sharepoint online app to trusted IPs, by blocking access to any location except trusted IPs.
I found that rule also block access to admin portals such as admin.microsoft.com and admin.exchange.microsoft.com. Is that by design or error?
can you share the detail of your Conditional Access Policy?
Cloud apps: Office 365 SharePoint Online
Conditions: any location and exclude all trusted locations
Grant: block access
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 65%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
How did you set the conditional access rule? Via SharePoint admin center > Policies > Access control > Network location?
It's set to off as we still have some random odd cases where we need external access to sharepoint.
If that is by design, then how can we secure SharePoint to trusted IPs with some except for external users?
So you mean you want to restrict some IPs which used by external users within your trusted IP range to access SharePoint? I'm afraid it is not supported as per my knowledge.
I want to restrict internal users to trusted IP ranges, but allow guest from external IPs. This will be similar to how conditional access are setup.
Hi @Anonymous ,
So in your case, you set conditional access in Azure AD. As per my test, I can also reproduce this scenario on my end. It is by design from my point of view.
----------
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.