Updates from: 01/23/2024 04:38:24
Service Microsoft Docs article Related commit history on GitHub Change details
SharePoint Block Download From Sites https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/block-download-from-sites.md
Previously updated : 08/30/2023 Last updated : 1/19/2024 Title: Block download policy for SharePoint sites and OneDrive
SharePoint Business Requirements https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/business-requirements.md
ms.localizationpriority: medium
+ - essentials-get-started
search.appverid: MET150 description: Identify your business requirements for SharePoint and OneDrive as you plan your rollout.
SharePoint Change User Storage https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/change-user-storage.md
search.appverid:
- Strat_OD_admin - M365-collaboration
+- Essentials-manage
- seo-marvel-apr2020 - onedrive-toc
SharePoint Enable Conditional Access https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/enable-conditional-access.md
search.appverid:
- Strat_OD_admin - M365-collaboration
+- essentials-compliance
+- essentials-security
- seo-marvel-apr2020 - onedrive-toc
SharePoint Hybrid https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/hybrid.md
ms.localizationpriority: medium
+ - essentials-get-started
search.appverid: MET150 description: Learn about setting up hybrid OneDrive and SharePoint in Microsoft 365.
SharePoint Limit Access https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/limit-access.md
- Tier1 - M365-sam - M365-collaboration
+- essentials-compliance
+- essentials-security
search.appverid: ms.assetid:
SharePoint List Onedrive Urls https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/list-onedrive-urls.md
search.appverid:
- GOB150 - GOB160 - MET150-+
+ - M365-collaboration
+ - Essentials-manage
- seo-marvel-apr2020 - onedrive-toc
SharePoint Onedrive Overview https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/onedrive-overview.md
search.appverid:
- Strat_OD_admin - M365-collaboration
+- essentials-overview
- admindeeplinkSPO - onedrive-toc
SharePoint Onedrive Site Access Restriction https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/onedrive-site-access-restriction.md
- Tier1 - M365-sam - M365-collaboration
+- essentials-compliance
+- essentials-security
search.appverid: ms.assetid:
SharePoint Plan File Sync https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/plan-file-sync.md
f1.keywords: NOCSH
ms.localizationpriority: medium-+
+ - essentials-get-started
search.appverid: MET150 description: Learn how to plan file sync for SharePoint and OneDrive in your organization
SharePoint Pre Provision Accounts https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/pre-provision-accounts.md
search.appverid:
- Strat_OD_admin - M365-collaboration
+- essentials-manage
ms.assetid: ceef6623-f54f-404d-8ee3-3ce1e338db07 - seo-marvel-apr2020
SharePoint Restore Deleted Onedrive https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/restore-deleted-onedrive.md
ms.localizationpriority: medium
- Strat_OD_admin - M365-collaboration
+- Essentials-manage
- admindeeplinkSPO - onedrive-toc
SharePoint Restricted Access Control https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/restricted-access-control.md
Previously updated : 10/11/2023 Title: "Restrict SharePoint site access to members of a group" Last updated : 01/19/2024
+ Title: "Restrict SharePoint site access with Microsoft 365 groups and Entra security groups"
recommendations: true
- has-azure-ad-ps-ref - M365-collaboration
+- M365-SAM
- Highpri - Tier1 search.appverid:
-description: "Learn how to restrict access to SharePoint sites to members of a group."
+description: "Learn how to restrict access to SharePoint sites to members of a Microsoft 365 or Entra security group."
-# Restrict SharePoint site access to members of a group
+# Restrict SharePoint site access with Microsoft 365 groups and Entra security groups
[!INCLUDE[Advanced Management](includes/advanced-management.md)] You can restrict access to SharePoint sites and content to users in a specific group by using a site access restriction policy. Users not in the specified group can't access the site or its content, even if they had prior permissions or a shared link. This policy can be used with Microsoft 365 group-connected, Teams-connected, and non-group connected sites.
-Site access restriction policies are applied when a user attempts to open a site or access a file. Users can still see files in search results if they have direct permissions to the file, but they won't be able to access the file if they're not part of the specified group.
+Site access restriction policies are applied when a user attempts to open a site or access a file. Users with direct permissions to the file can still view files in search results. However, they can't access the files if they're not part of the specified group.
Restricting site access via group membership can minimize the risk of oversharing content. For insights into data sharing, see [Data access governance reports](data-access-governance-reports.md).
The site access restriction policy requires [Microsoft Syntex - SharePoint Advan
## Enable site access restriction for your organization
-You must enable site access restriction for your organization before you can configure it for individual sites.
+You must enable site-level access restriction for your organization before you can configure it for individual sites.
-To enable site access restriction for your organization in SharePoint admin center:
+To enable site-level access restriction for your organization in SharePoint admin center:
1. Expand **Policies** and select **Access control**.
-1. Select **Site access restriction**.
-1. Select **Allow access restriction** and then select **Save**.:::image type="content" source="media/rac-spac/1-RAC-SPAC-dashboard.png" alt-text="screenshot of site access restriction in sharepoint admin center dashboard." lightbox="media/rac-spac/1-RAC-SPAC-dashboard.png":::
+2. Select **Site-level access restriction**.
+3. Select **Allow access restriction** and then select **Save**.:::image type="content" source="media/rac-spac/restricted-access-control-site-level-restriction-page.png" alt-text="screenshot of site access restriction in sharepoint admin center dashboard." lightbox="media/rac-spac/restricted-access-control-site-level-restriction-page.png":::
-To enable site access restriction for your organization using PowerShell, run the following command:
+To enable site-level access restriction for your organization using PowerShell, run the following command:
```Powershell Set-SPOTenant -EnableRestrictedAccessControl $true
Set-SPOSite -Identity <siteurl> -RestrictedAccessControl $false
## Restrict site access to non-group connected sites
-You can restrict access to non-group connected sites by specifying [Microsoft Entra security groups](/azure/active-directory/fundamentals/how-to-manage-groups) that contain the people who should be allowed access to the site. You can configure up to 10 Microsoft Entra security groups. Once the policy is applied, users in the specified security group who have site access permissions are granted access to the site and its content. You can use [dynamic security groups](/azure/active-directory/enterprise-users/groups-create-rule) if you want to base group membership on user properties.
+You can restrict access to non-group connected sites by specifying [Entra security groups](/azure/active-directory/fundamentals/how-to-manage-groups) or Microsoft 365 groups that contain the people who should be allowed access to the site. You can configure up to 10 Entra security groups or Microsoft 365 groups. Once the policy is applied, users in the specified security group who have site access permissions are granted access to the site and its content. You can use [dynamic security groups](/azure/active-directory/enterprise-users/groups-create-rule) if you want to base group membership on user properties.
To manage site access to a non-group connected site: 1. In SharePoint admin center, expand **Sites** and select **Active sites**. 1. Select the site you want to manage and the site details panel appears. 1. In **Settings** tab, select **Edit** in the **Restricted site access** section.
-1. Select the **Restrict SharePoint site access to only users in specified security groups** check box.
-1. Add or remove your security groups and select **Save**.
+1. Select the **Restrict SharePoint site access to only users in specified groups** check box.
+1. Add or remove your security groups or Microsoft 365 groups and select **Save**.
In order for site access restriction to be applied to the site, you must add at least one group to the site access restriction policy. To manage site access restriction for non-group connected sites using PowerShell, use the following commands: | Action | PowerShell command | ||| |Enable site access restriction |`Set-SPOSite -Identity <siteurl> -RestrictedAccessControl $true`|
-|Add security group |`Set-SPOSite -Identity <siteurl> -AddRestrictedAccessControlGroups <comma separated group GUIDS>` |
-|Edit security group |`Set-SPOSite -Identity <siteurl> -RestrictedAccessControlGroups <comma separated group GUIDS>` |
-|View security group |`Get-SPOSite -Identity <siteurl> | Select RestrictedAccessControl, RestrictedAccessControlGroups` |
-|Remove security group |`Set-SPOSite -Identity <siteurl> -RemoveRestrictedAccessControlGroups <comma separated group GUIDS>` |
+|Add group |`Set-SPOSite -Identity <siteurl> -AddRestrictedAccessControlGroups <comma separated group GUIDS>` |
+|Edit group |`Set-SPOSite -Identity <siteurl> -RestrictedAccessControlGroups <comma separated group GUIDS>` |
+|View group |`Get-SPOSite -Identity <siteurl> Select RestrictedAccessControl, RestrictedAccessControlGroups` |
+|Remove group |`Set-SPOSite -Identity <siteurl> -RemoveRestrictedAccessControlGroups <comma separated group GUIDS>` |
|Reset site access restriction |`Set-SPOSite -Identity <siteurl> -ClearRestrictedAccessControl` |
-#### Shared and private channel sites
+## Shared and private channel sites
Shared and private channel sites [are separate from the Microsoft 365 group-connected site that standard channels use](teams-connected-sites.md). Because shared and private channel sites aren't connected to the Microsoft 365 group, site access restriction policies applied to the team don't affect them. You must enable site access restriction for each shared or private channel site separately as non-group connected sites. For shared channel sites, only internal users in the resource tenant are subject to site access restriction. External channel participants are excluded from site access restriction policy and only evaluated per the site's existing site permissions. > [!IMPORTANT]
-> Since adding people to the security group won't give users access to the channel in Teams, be sure to add or remove the same users to the teams channel in Microsoft Teams and the security group so users have access to both Teams and SharePoint.
+> Adding people to the security group or Microsoft 365 group won't give users access to the channel in Teams. It is recommended to add or remove the same users of the teams channel in Teams and the security group or Microsoft 365 group so users have access to both Teams and SharePoint.
## Auditing
-[Audit events](/office/office-365-management-api/office-365-management-activity-api-schema) are available in the Microsoft Purview compliance portal to help you monitor site access restriction activities. Audit events are logged for the following activities:
+[Audit events](/office/office-365-management-api/office-365-management-activity-api-schema) are available in the Purview compliance portal to help you monitor site access restriction activities. Audit events are logged for the following activities:
- Applying site access restriction for site - Removing site access restriction for site
SharePoint Retention And Deletion https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/retention-and-deletion.md
ms.localizationpriority: medium
- Strat_OD_admin - M365-collaboration
+- Essentials-manage
search.appverid: - ODB160 - MET150
SharePoint Set Default Storage Space https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/set-default-storage-space.md
ms.localizationpriority: medium
- Strat_OD_admin - M365-collaboration
+- essentials-manage
search.appverid: - ODB160 - ODB150
SharePoint Set Retention https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/set-retention.md
ms.localizationpriority: medium
- Strat_OD_admin - M365-collaboration
+- Essentials-manage
search.appverid: - ODB160 - ODB150
SharePoint Sync Client Update Process https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/sync-client-update-process.md
Previously updated : 07/11/2018 Last updated : 01/19/2024 Title: "The OneDrive sync app update process"---+++ audience: Admin f1.keywords:
ms.localizationpriority: medium
- Strat_OD_admin - M365-collaboration
+- essentials-overview
search.appverid: - ODB160
description: "Learn about the Production and Deferred rings for OneDrive sync ap
# The OneDrive sync app update process
-This article is for IT admins who manage the new OneDrive sync app (OneDrive.exe) in an enterprise environment. It explains how we release updates to the sync app for Windows and the standalone sync app for Mac through rings of validation, and how the sync app checks for updates. Note that if you deploy the sync app alongside Office (via the Office Deployment Tool or some other means), it will continue to check for updates independent of any Office update restrictions you set.
+This article is for IT admins who manage the OneDrive sync app (OneDrive.exe) in an enterprise environment. It explains how we release updates to the sync app for Windows and the standalone sync app for Mac through rings of validation, and how the app checks for updates. If you deploy the sync app alongside Office (via the Office Deployment Tool or some other means), it continues to check for updates independent of any Office update restrictions you set.
> [!NOTE] > If you allow your users to sync personal OneDrive accounts, the update process described in this article and any settings you select apply to all instances of the sync app.
->
+>
> The sync app installed from the Mac App Store follows a separate update process. After we finish rolling out updates within the Production ring, we publish them to the Mac App Store, where they're immediately released to everyone. ## How we release updates through multiple rings
-After we validate updates through rings within Microsoft, we release them to the first public ring, Insiders. To try these latest features, join the [Windows Insider program](https://insider.windows.com/) or the [Office Insider](https://products.office.com/office-insider) program. It takes about three days to roll out to this ring. Later, we release to organizations in the default update ring, Production. We roll them out to a small percentage of users in the ring at first, and slowly roll them out to everyone in the ring. This typically takes one to two weeks. At each increase along the way, we monitor telemetry for quality assurance purposes. In the rare case we detect an issue, we suspend the release, address the issue, and release a new update to users in the same order. After updates have completely rolled out within the Production ring, we release them to the next ring, Deferred.
+After we validate updates through rings within Microsoft, we release them to the first public ring, Insiders. To try these latest features, join the [Windows Insider program](https://insider.windows.com/) or the [Office Insider](https://products.office.com/office-insider) program. It takes about three days to roll out to this ring. Later, we release to organizations in the default update ring, Production. We roll them out to a small percentage of users in the ring at first, and slowly roll them out to everyone in the ring. This process typically takes one to two weeks. At each increase along the way, we monitor telemetry for quality assurance purposes. In the rare case when we detect an issue, we suspend the release, address the issue, and release a new update to users in the same order. After updates roll out completely within the Production ring, and remain in Production for at least 60 days, we release them to the next ring, Deferred.
|Insiders|>|Production|>|Deferred| |::|:--:|:--:|:|::|
-|1-2 times per week|>|1-2 times per week|>|Every 2-3 months with 60-day window|
+|1-2 times per week|>|1-2 times per week|>|Every 2-3 months|
> [!IMPORTANT] > We recommend selecting several people in your IT department as early adopters to join the Insiders ring and receive features early. We recommend leaving everyone else in the organization in the default Production ring to ensure they receive bug fixes and new features in a timely fashion. [See all our recommendations for configuring the sync app](ideal-state-configuration.md)
-The Deferred ring provides builds that have been monitored throughout the Production rollout, so fewer releases are suspended. The Deferred ring also lets you as an admin:
+The Deferred ring provides builds that were monitored throughout the Production rollout, so fewer releases are suspended. The Deferred ring also lets you as an admin:
- Control when you deploy updates (within 60 days of their release).
The Deferred ring provides builds that have been monitored throughout the Produc
However, as the slowest ring, the Deferred ring receives performance improvements, reliability fixes, and new features last. > [!NOTE]
-> Microsoft reserves the right to bypass the 60-day grace period for critical updates.
+> Microsoft reserves the right to bypass the 60-day grace period for critical updates.
-To learn how to set the Deferred ring for the Windows sync app using Group Policy, see [Set the sync app update ring](use-group-policy.md#set-the-sync-app-update-ring). To learn how to set it for the Mac sync app, see [Configure the new OneDrive sync app on macOS](deploy-and-configure-on-macos.md). For info about the Microsoft 365 update process, see [Overview of update channels for Microsoft 365 Apps for enterprise](/DeployOffice/overview-of-update-channels-for-office-365-proplus). For info about the Windows 10 update process, see [Build deployment rings for Windows 10 updates](/windows/deployment/update/waas-deployment-rings-windows-10-updates).
+- To learn how to set the Deferred ring for the Windows sync app using Group Policy, see [Set the sync app update ring](use-group-policy.md#set-the-sync-app-update-ring).
+
+- To learn how to set it for the Mac sync app, see [Configure the new OneDrive sync app on macOS](deploy-and-configure-on-macos.md).
+
+- For info about the Microsoft 365 update process, see [Overview of update channels for Microsoft 365 Apps for enterprise](/DeployOffice/overview-of-update-channels-for-office-365-proplus).
+
+- For info about the Windows 10 update process, see [Build deployment rings for Windows 10 updates](/windows/deployment/update/waas-deployment-rings-windows-10-updates).
## How the sync app checks for and applies updates
-The OneDrive sync app checks for available updates every 24 hours when it's running. If it has stopped and hasn't checked for updates in more than 24 hours, the sync app will check for updates as soon as it's started. Windows 10 also has a scheduled task that updates the sync app even when it's not running.
+The OneDrive sync app checks for available updates every 24 hours when it's running. If it stops and doesn't check for updates in more than 24 hours, the sync app checks for updates as soon as it starts. Windows 10 also has a scheduled task that updates the sync app even when it's not running.
To determine if an update is available, the OneDrive sync app checks if: -- The latest version released to the update ring is higher than what's installed on the computer. If the installed version is too old to be updated to the current version, the sync app will first be updated to the minimum version within the ring.
-
+- The latest version released to the update ring is higher than what is installed on the computer. If the installed version is too old to be updated to the current version, the sync app first updates to the minimum version within the ring.
+ - The update is available to the computer based on the rollout percentage we set within the ring.
-
-If both of these are true, OneDrive downloads the update to a hidden folder without any user interaction. After the download is complete, OneDrive verifies and installs it. If OneDrive is running, it's stopped and then restarted. Users don't need to sign in again, and they don't need administrative rights to install the update.
+
+If both of these conditions are true, OneDrive downloads the update to a hidden folder without any user interaction. After the download is complete, OneDrive verifies and installs it. If OneDrive is running, it stops and then restarts. Users don't need to sign in again, and they don't need administrative rights to install the update.
For info about the latest releases, see [New OneDrive sync app release notes](https://support.office.com/article/845dcf18-f921-435e-bf28-4e24b95e5fc0). > [!NOTE]
-> To apply sync app updates, computers in your organization must be able to reach the following: "oneclient.sfx.ms" and "g.live.com." Make sure you don't block these URLs. They are also used to enable and disable features and apply bug fixes. See [More info about the URLs and IP address ranges used in Microsoft 365](/office365/enterprise/urls-and-ip-address-ranges).
+> To apply sync app updates, computers in your organization must be able to reach the following: "oneclient.sfx.ms" and "g.live.com." Make sure you don't block these URLs. They are also used to enable and disable features and apply bug fixes. See [More info about the URLs and IP address ranges used in Microsoft 365](/office365/enterprise/urls-and-ip-address-ranges).
## Deploying updates in the Deferred ring
-At any given time, the next planned Deferred ring release is published on the [OneDrive sync app release notes](https://support.office.com/article/845dcf18-f921-435e-bf28-4e24b95e5fc0) page with a link to the corresponding installer and the target date when that version will be released. On the specified date, the "Rolling out" version for the Deferred ring becomes the new minimum. All sync apps below that version will automatically download the installer from the Internet and update themselves.
+At any given time, the next planned Deferred ring release publishes on the [OneDrive sync app release notes](https://support.office.com/article/845dcf18-f921-435e-bf28-4e24b95e5fc0) page with a link to the corresponding installer and the version's targeted release date. On the specified date, the "Rolling out" version for the Deferred ring becomes the new minimum. All sync apps below that version automatically download the installer from the Internet and update themselves.
To deploy an updated version of the sync app for Windows, run the following command using Microsoft Endpoint Configuration
Execute <pathToExecutable>\OneDriveSetup.exe /update /restart
Where pathToExecutable is a location on the local computer or an accessible network share and OneDriveSetup.exe is the target version downloaded from the release notes page. Running this command restarts OneDrive.exe on all computers. If you don't want to restart the sync app, remove the /restart parameter. See [Deploy using Microsoft Endpoint Configuration Manager](deploy-on-windows.md) for tips on how to set up the Microsoft Endpoint Configuration Manager deployment package. To deploy an updated version of the sync app for Mac, deploy the OneDrive.pkg with the target version by using your MDM solution.-
SharePoint Use Group Policy https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/use-group-policy.md
ms.localizationpriority: medium
- Strat_OD_admin - M365-collaboration
+- Essentials-manage
- seo-marvel-apr2020 - onedrive-toc
SharePoint Set Up And Configure Access Services For Access Apps https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointServer/administration/set-up-and-configure-access-services-for-access-apps.md
description: "Learn how to install, set up, and provision Access Services for Ac
[!INCLUDE[appliesto-2013-xxx-xxx-xxx-xxx-md](../includes/appliesto-2013-xxx-xxx-xxx-xxx-md.md)]
-To install, set up, and provision Access apps for SharePoint in Access Services in SharePoint Server 2013, perform the following steps:
+To install, set up, and provision Access apps for SharePoint in Access Services in SharePoint Server 2016 or 2019, perform the following steps:
-1. Install and configure SQL Server 2012 Enterprise software, because an Access app stores its data in a separate SQL Server back-end database.
+1. Install and configure SQL Server 2016 Enterprise software, because an Access app stores its data in a separate SQL Server back-end database.
-2. Configure SharePoint 2013 for apps for SharePoint, because an Access app is an app for SharePoint.
+2. Configure SharePoint 2016/2019 for apps for SharePoint, because an Access app is an app for SharePoint.
3. Configure Access Services for Access apps so that Access Services can successfully run Access apps. 4. Create a dedicated SharePoint site collection for Access apps, because each Access app requires its own subsite.
-For information about how to set up and configure Access Services for Access apps, see the following white paper:
-
-- [White Paper: Office 2013--Access Services Setup for an On-Premises Installation](https://go.microsoft.com/fwlink/?LinkId=267146)
+For information about how to set up and configure Access Services for Access apps, see the following white paper:
+
+- [White Paper: Access Services Setup for an On-Premise Installation of SharePoint 2016 and 2019](https://go.microsoft.com/fwlink/?linkid=2212473)
+
+NOTE: For Access Services for SharePoint 2013, please see - [White Paper: Office 2013--Access Services Setup for an On-Premises Installation](https://go.microsoft.com/fwlink/?LinkId=267146)
## See also