![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Microsoft 365 and Office | SharePoint | For business | Windows
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
Dear SEB015
Good day! Thank you for posting in Microsoft Community. We are happy to help you.
Based on your description, it seems that you want to know if you can setup both IP-based and ID-based access restriction in SharePoint site so that you can restrict some users to access when they are not physically at work.
If my understanding is correct, it's possible. As an admin, you can control access to SharePoint and OneDrive resources in Microsoft 365 based on defined network locations that you trust. This is also known as location-based policy.
Once you define the authorized IP address ranges, any user who attempts to access SharePoint and OneDrive from outside this network boundary (using web browser, desktop app, or mobile app on any device) will be blocked.
For this, follow the steps below:
- Go to the Access control page of the new SharePoint admin center, and sign in with an account that has admin permissions for your organization.
- Select Network location, and turn on Allow access only from specific IP address ranges.
- Enter IP addresses and address ranges separated by commas.
- Click Save.
For detailed information, see Control access to SharePoint and OneDrive data based on network location
And if you want to restrict SharePoint access for everyone expect for some users, you will need Azure AD conditional access policies. For an overview of conditional access in Azure AD, see Conditional access in Azure Active Directory. Please note, using this feature requires an Azure AD Premium P1 license.
For detailed information on how to create the policy, see Block access to SharePoint for specific users
Meanwhile, please remember that any IP addresses you include in Enter IP addresses or ranges" box are the ones which will be allowed, if you have added your IP address, you will have the access.
And you should ensure you have used correct IP address, to find IP see, Find your IP address
Valid IP address or address range values are:
- Single IP: For example, 192.168.1.1.
- IP range: For example, 192.168.0.1-192.168.0.254.
- CIDR IP: For example, 192.168.0.1/25. Valid network mask values are /24 through /32.
If this is not your scenario, please kindly post back and tell us your real requirement. We’re looking forward to your reply and will continue to help you all the time! If there are any misunderstanding or unclear, you can post back in your free time.
Your understanding and patience will be highly appreciated. I hope that you are keeping safe and well!
Sincerely,
Stacey | Microsoft Community Moderator