+**[Data access governance reports](data-access-governance-reports.md)** - These reports help you discover sites that contain potentially overshared or sensitive content. You can use these reports to assess and apply appropriate security and compliance policies.

+**[Limit OneDrive access by security group](limit-access.md)** - You can limit OneDrive access to members of a specific security group if you want to allow only certain users to have access. Even if other users outside of these security groups are licensed for OneDrive, they won't have access to their own OneDrive or any shared OneDrive content. For details, see

+**[Review recent SharePoint site actions](recent-actions-panel.md)** - You can review and export the most recent site-related actions you made in the SharePoint admin center in the last 30 days by using the recent actions panel. Site property changes like site name, site creation and deletion, site URL, sharing settings, and storage quota are listed as actions in the panel. Note that changes made to organization-level settings, and changes made by other admins are not shown in the panel.

+**[Manage site access based on sensitivity label](authentication-context-example.md)** - With Azure Active Directory authentication context, you can enforce more stringent access conditions when users access SharePoint sites. Authentication contexts can be directly applied to sites or used with sensitivity labels to connect Azure AD conditional access policies to labeled sites.

+**[Configure a default sensitivity label for a SharePoint document library](/microsoft-365/compliance/sensitivity-labels-sharepoint-default-label)** - When SharePoint is enabled for sensitivity labels, you can configure a default label for document libraries. Then, any new files uploaded to that library, or existing files edited in the library will have that label applied if they don't already have a sensitivity label, or they have a sensitivity label but with lower priority.

+**[Restricted Access Control for SharePoint sites](restricted-access-control.md)** - You can restrict the access of a SharePoint site and its content only to the members of Microsoft 365 group connected to the site. Users who are not in the Microsoft 365 group won't have access even if they previously had site access permissions to a file.

+**[Block the download of files from a SharePoint site or OneDrive](block-download-from-sites.md)** - You can block download of files from SharePoint sites or OneDrive without needing to use Azure Active Directory conditional access policies. Users have browser-only access with no ability to download, print, or sync files. They also won't be able to access content through apps, including the Microsoft Office desktop apps.

+With the [file request feature](https://support.microsoft.com/office/create-a-file-request-f54aa7f8-2589-4421-b351-d415fc3b83af) in OneDrive or SharePoint, you can choose a folder where others can upload files using a link that you send them. People you request files from can only upload files; they can't see the content of the folder, edit, delete, or download files, or even see who else has uploaded files.

+> This is a newly released feature and may not be available to all tenants yet.

+>

+> Note that if your tenant currently has Anyone Links enabled for SharePoint, we will be enabling this feature for SharePoint sites by default during the rollout. If you do not want File Requests to appear on SharePoint sites, you can opt out by running the following SharePoint Online management shell command: "Set-SPOTenant -CoreRequestFilesLinkEnabled $False".

+ **This feature is in preview and will require a [Microsoft Syntex Advanced Management](/sharepoint/advanced-management) license when the feature becomes generally available (GA)**

+Sharing of sites with users is based on the IB mode of the site.

+>[!TIP]

+>If you want to allow sharing of *Open* mode sites with mail-enabled security groups, see the [Allow sharing of Open mode sites with mail-enabled security groups (preview)](#allow-sharing-of-open-mode-sites-with-mail-enabled-security-groups-preview) section in this article.

+Access to sites by users is based on the IB mode of the site.

+

+## Allow sharing of Open mode sites with mail-enabled security groups (preview)

+IB supports an opt-in capability available in the [SharePoint PowerShell module](/powershell/sharepoint/sharepoint-online/connect-sharepoint-online) for sites in *Open* mode to be shared with [mail-enabled security groups](/microsoft-365/admin/email/create-edit-or-delete-a-security-group) for site permissions, sharing, and audience targeting. This is only supported in *Open* mode sites. SharePoint admins can enable this support in your organization and we recommend you ensure the security group membership is IB compliant.

+Before enabling group support, verify that you've met the following prerequisites:

+- Your organization has only IB [*Block* policies](/microsoft-365/compliance/information-barriers-policies#configuration-concepts)

+- Your organization is enabled for SharePoint IB (see [this section](#enable-sharepoint-and-onedrive-information-barriers-in-your-organization) in this article).

+To configure mail-enabled security group support in *Open* mode sites, run the following command:

+```powershell

+Set-SPOTenant -ShowPeoplePickerGroupSuggestionsForIB $true

+```