access to SharePoint specific Site based on ip adress

Question

We have 2 sharepoint sites the public one must be accesible from all ip adresses and the second one must be secured on ip adress. In sharepoint we can set a restriction only on ip adress for the whole sharepoint.
How to setup up ip resctriction for different sites ?

Answer 1

Hi @PatrickJ

I know at a tenant level (All SharePoint sites) you can set a conditional access policy or restrict it from within SharePoint Admin Center, but below might be a solution at a site level.

You might be able to do this with a combination of sensitivity labels, conditional access and AAD authentication context.

You would need to create named network locations in a CA policy that contain the IP address you want to lock the site down too. And then apply a Authentication Context to the site:

https://learn.microsoft.com/en-us/sharepoint/authentication-context-example

However it is and E5 feature. I've tested this before on a different type of CA policy than named locations and it seemed to work fine.

Cited from https://www.reddit.com/r/sharepoint/comments/t6nuby/restrict_access_by_ip_at_site_level/

---

If this is helpful please accept answer.

Answer 2

Hello @PatrickJ and thanks for reaching out. As pointed out by @Dillon Silzer an provided the requirements are covered, you can Add an authentication context, Create a conditional access policy that applies to the former, enforces location you create and block access when the policy is matches.

You can test your policy using the What If tool.

Let us know if you need additional assistance. If the answer was helpful, please accept it and complete the quality survey so that others can find a solution.