| Service | Microsoft Docs article | Related commit history on GitHub | Change details |
|---|---|---|---|
| SharePoint | Advanced Management | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/advanced-management.md | SharePoint Advanced Management features are administered by SharePoint administr ## Advanced access policies for secure content collaboration -**[Conditional access policy for SharePoint sites and OneDrive](authentication-context-example.md)** - With Azure Active Directory authentication context, you can enforce more stringent access conditions when users access SharePoint sites. Authentication contexts can be directly applied to sites or used with sensitivity labels to connect Azure AD conditional access policies to labeled sites. --**[Data access governance insights for SharePoint sites](data-access-governance-reports.md)** - These reports help you discover sites that contain potentially overshared or sensitive content. You can use these reports to assess and apply appropriate security and compliance policies. +**[Restricted access control for SharePoint sites](restricted-access-control.md)** - You can restrict the access of a SharePoint site and its content only to the members of Microsoft 365 group connected to the site. Users who are not in the Microsoft 365 group won't have access even if they previously had site access permissions to a file. **[Restricted access control policy for OneDrive](limit-access.md)** - You can limit OneDrive access to members of a specific security group if you want to allow only certain users to have access. Even if other users outside of these security groups are licensed for OneDrive, they won't have access to their own OneDrive or any shared OneDrive content. -**[Restricted access control for SharePoint sites](restricted-access-control.md)** - You can restrict the access of a SharePoint site and its content only to the members of Microsoft 365 group connected to the site. Users who are not in the Microsoft 365 group won't have access even if they previously had site access permissions to a file. +**[Data access governance insights for SharePoint sites](data-access-governance-reports.md)** - These reports help you discover sites that contain potentially overshared or sensitive content. You can use these reports to assess and apply appropriate security and compliance policies. ++**[Conditional access policy for SharePoint sites and OneDrive](authentication-context-example.md)** - With Azure Active Directory authentication context, you can enforce more stringent access conditions when users access SharePoint sites. Authentication contexts can be directly applied to sites or used with sensitivity labels to connect Azure AD conditional access policies to labeled sites. **[Secure SharePoint document libraries](/microsoft-365/compliance/sensitivity-labels-sharepoint-default-label)** - When SharePoint is enabled for sensitivity labels, you can configure a default label for document libraries. Then, any new files uploaded to that library, or existing files edited in the library will have that label applied if they don't already have a sensitivity label, or they have a sensitivity label but with lower priority. SharePoint Advanced Management features are administered by SharePoint administr **[Block download policy for SharePoint sites and OneDrive](block-download-from-sites.md)** - You can block download of files from SharePoint sites or OneDrive without needing to use Azure Active Directory conditional access policies. Users have browser-only access with no ability to download, print, or sync files. They also won't be able to access content through apps, including the Microsoft Office desktop apps. -**[Block download of Teams meeting recording files from SharePoint or OneDrive (Preview)](/microsoftteams/block-download-meeting-recording)** - You can restrict the download of Teams meeting recordings stored in OneDrive and SharePoint to members of a security group. This provides additional governance capabilities for meeting recordings. - **[Recent SharePoint admin actions](recent-actions-panel.md)** - You can review and export the most recent site-related actions you made in the SharePoint admin center in the last 30 days by using the recent actions panel. Site property changes like site name, site creation and deletion, site URL, sharing settings, and storage quota are listed as actions in the panel. Note that changes made to organization-level settings, and changes made by other admins are not shown in the panel. ## Licensing SharePoint Advanced Management is available for Commercial, WW Commercial Public SharePoint Advanced Management is $3 per user per month for commercial customers. -Articles that cover features that use SharePoint Advanced Management are designated with [!INCLUDE[Advanced Management](includes/advanced-management.md)] at the top. +Licensing details for each feature listed above are included in those articles. ## Related topics |
| SharePoint | Authentication Context Example | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/authentication-context-example.md | To create a conditional access policy You can directly apply an authentication context to a SharePoint site by using the [Set-SPOSite](/powershell/module/sharepoint-online/set-sposite) PowerShell cmdlet. +> [!NOTE] +> This capability requires a Microsoft 365 E5 or Microsoft Syntex - SharePoint Advanced Management license. + In the following example, we apply the authentication context we created above to a site called "research." ```powershell Set-SPOSite -Identity https://contoso.sharepoint.com/sites/research -Conditional If you want to use a sensitivity label to apply the authentication context, update a sensitivity label (or create a new one) to use the authentication context. +> [!NOTE] +> Sensitivity labels require Microsoft 365 E5 or Microsoft 365 E3 plus the Advanced Compliance license. + To update a sensitivity label 1. In the [Microsoft Purview compliance portal](https://compliance.microsoft.com/informationprotection), on the **Information protection** tab, click the label that you want to update and then click **Edit label**. |
| SharePoint | Block Download From Sites | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/block-download-from-sites.md | Blocking download may impact the user experience in some apps, including some Of ## Related topics -[SharePoint and OneDrive unmanaged device access controls for administrators](/sharepoint/control-access-from-unmanaged-devices). +[Conditional access policy for SharePoint sites and OneDrive](authentication-context-example.md) -[Policy recommendations for securing SharePoint sites and files](/microsoft-365/enterprise/sharepoint-file-access-policies) --[Control access to SharePoint and OneDrive data based on defined network locations](control-access-based-on-network-location.md) +[Restrict OneDrive access by security group](limit-access.md) +[Configure a default sensitivity label for a SharePoint document library](/microsoft-365/compliance/sensitivity-labels-sharepoint-default-label) |
| SharePoint | Data Access Governance Reports | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/data-access-governance-reports.md | description: "In this article, you'll learn about reports that can help you gove [!INCLUDE[Advanced Management](includes/advanced-management.md)] -As security and compliance requirements increase across industries and the amount of business data grows exponentially, organizations need tools to help govern their data. Data access governance reports provide info that helps you govern access to SharePoint data. The reports help you discover sites that contain potentially overshared or sensitive content. You can use these reports to assess and apply appropriate security and compliance policies. +As sprawl and oversharing of SharePoint sites increase with exponential data growth, organizations need to help govern their data. Data access governance reports provide info that helps you govern access to SharePoint data. The reports help you discover sites that contain potentially overshared or sensitive content. You can use these reports to assess and apply appropriate security and compliance policies. ++## Requirements ++This feature requires a Microsoft Syntex - SharePoint Advanced Management license. ## Access the reports in the SharePoint admin center |
| SharePoint | Home Site | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/home-site.md | The site will continue to be an organization news site. To remove it as an organ ## Add a home site after youΓÇÖve set up Viva Connections -If your organization is already using [Viva Connections](/viva/connections/viva-connections-overview), you can add a home site at any time. If you add a home site after youΓÇÖve set up content in the Viva Connections dashboard and navigation in Microsoft Teams, you may need to copy some content to the home site in some cases. +If your organization is already using [Viva Connections](/viva/connections/viva-connections-overview), you can add a home site at any time. If you add a home site after youΓÇÖve set up content in the Viva Connections dashboard and navigation in Microsoft Teams, you may need to copy some content to the home site in some cases. [Learn more about how Viva Connections and home sites work together to create employee experiences](/viva/connections/viva-connections-overview#how-sharepoint-home-sites-and-viva-connections-work-together). **To add a home site after setting up Viva Connections:** 1. Go to **Settings** in the [SharePoint admin center](https://go.microsoft.com/fwlink/?linkid=2185072), and sign in with an account that has admin permissions for your organization. |
| SharePoint | Limit Access | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/limit-access.md | To enable this feature: - Enabled Restricted OneDrive access and sharing - Disabled Restricted OneDrive access and sharing +## Related topics ++[Restrict access control for SharePoint sites](restricted-access-control.md) ++[Data access governance insights for SharePoint sites](data-access-governance-reports.md) |
| SharePoint | Lists Sync Policies Macos | https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/lists-sync-policies-macos.md | + Last updated : 03/03/2023 + Title: "Configure lists sync on Mac" ++++audience: Admin +f1.keywords: +++ms.localizationpriority: high +search.appverid: ++- M365-collaboration +description: "Learn how to configure lists sync on Mac by using Group Policy objects (GPOs)." +++# Use macOS preferences to control Lists sync settings ++This article describes macOS preferences for Microsoft Lists (and SharePoint lists). For info about controlling OneDrive sync settings on macOS, see [Deploy and configure OneDrive on macOS](/sharepoint/deploy-and-configure-on-macos). ++## Manage Lists sync settings on macOS using property list files ++Lists sync gets packaged, installed, and updated through the OneDrive sync standalone (non-App Store) app's existing update mechanism. As a result, some Lists sync preferences are listed under the OneDrive group domain. After the OneDrive sync app for Mac is installed, users can configure settings for Lists sync. As an administrator, you might want to provide users in your organization with a standard set of preferences. Preferences for the Lists sync app for Mac are stored in property list `.plist` files. + +|| Lists sync preferences | OneDrive group preferences | +|:--|:--|:--| +|**.plist location** |~/Library/Preferences/com.microsoft.SharePoint-mac.plist |~/Library/Group Containers/UBF8T346G9.OneDriveStandaloneSuite/Library/Preferences/UBF8T346G9.OneDriveStandaloneSuite.plist | ++## List of policies by string ID ++- `DisableNucleusSync` - [Prevent Lists sync from running on the device](lists-sync-policies-macos.md#prevent-lists-sync-from-running-on-the-device) ++- `BlockExternalListSync` - [Prevent users from syncing lists shared from other organizations](lists-sync-policies-macos.md#prevent-users-from-syncing-lists-shared-from-other-organizations) ++- `DisableNucleusSilentConfig` - [Prevent users from getting silently signed in to Lists sync with existing Microsoft account credentials being used across Microsoft apps on macOS](lists-sync-policies-macos.md#prevent-users-from-getting-silently-signed-in-to-lists-sync-with-existing-microsoft-account-credentials-being-used-across-microsoft-apps-on-macos) ++### Prevent Lists sync from running on the device ++By default, Lists sync is turned on for users of Microsoft Lists. If you set this preference, Lists sync will be blocked from running on the device. ++**Location**: [Lists Sync preferences](lists-sync-policies-macos.md#manage-lists-sync-settings-on-macos-using-property-list-files) ++Prevent Lists sync from running on the device: ++```xml +<key>DisableNucleusSync</key> +<integer>1</integer> +``` ++Re-enable Lists sync on the device: ++```xml +<key>DisableNucleusSync</key> +<integer>0</integer> +``` ++### Prevent users from syncing lists shared from other organizations ++Enabling this setting prevents users at your organization from syncing lists that are shared from other organizations. After the setting is enabled (value 1) on a computer, lists shared from other organizations won't sync. Disable the setting (value 0) to allow your users to sync external lists. ++**Location**: [Lists Sync preferences](lists-sync-policies-macos.md#manage-lists-sync-settings-on-macos-using-property-list-files) ++Prevent external List sync with: ++```xml +<key>BlockExternalListSync</key> +<integer>1</integer> +``` ++Restore external List sync with: ++```xml +<key>BlockExternalListSync</key> +<integer>0</integer> +``` ++### Prevent users from getting silently signed in to Lists sync with existing Microsoft account credentials being used across Microsoft apps on macOS ++Lists sync is set up to automatically sign users in with credentials being used across other Microsoft apps on macOS like OneDrive. If you enable this setting, automatic sign-in and Lists sync setup wouldn't occur. ++**Location**: [OneDrive group preferences](lists-sync-policies-macos.md#manage-lists-sync-settings-on-macos-using-property-list-files) ++Prevent Lists sync silent configuration: ++```xml +<key>DisableNucleusSilentConfig</key> +<integer>1</integer> +``` ++Restore Lists sync silent configuration with: ++```xml +<key>DisableNucleusSilentConfig</key> +<integer>0</integer> +``` |