Updates from: 06/17/2021 03:15:59
Service Microsoft Docs article Related commit history on GitHub Change details
SharePoint Authentication Context Example https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/live/SharePoint/SharePointOnline/authentication-context-example.md
- M365-collaboration search.appverid: - MET150
-description: "Learn about how to use Azure Active Directory authentication context with SharePoint sites."
+description: "Learn about how to use Azure Active Directory conditional access and authentication context with SharePoint sites and sensitivity labels."
# Manage site access based on sensitivity label
Some apps do not currently work with authentication contexts. If you have Office
- Teams web app - Workflows that use Power Apps or Power Automate - Third-party apps
+- The OneDrive sync app won't sync sites with an authentication context.
> [!NOTE] > Using authentication context with SharePoint sites requires a Microsoft 365 E5 or Microsoft 365 E5 Compliance license for each user accessing a labeled site.
SharePoint Information Barriers Compliance Assistant https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/live/SharePoint/SharePointOnline/information-barriers-compliance-assistant.md
+
+ Title: "Information barriers compliance assistant (preview)"
+description: "Learn about the information barriers compliance assistant."
+++
+recommendations: true
+
+audience: Admin
+f1.keywords:
+- CSH
++
+localization_priority: Normal
+search.appverid:
+- SPO160
+- BSA160
+- GSP150
+- MET150
++
+# Information barriers compliance assistant (preview)
+
+This article explains how you can enable the information barrier compliance assistant for group-connected SharePoint sites that do not have an associated team in Microsoft Teams. When information barriers policies are configured and the information barrier compliance assistant is enabled, users are automatically removed from these groups. This configuration may help ensure your organization remains compliant with standards, policies, and compliance regulations.
+
+## Prerequisites
+
+1. Make sure you [define policies for information barriers](/office365/securitycompliance/information-barriers-policies).
+2. [Configure information barrier segments on a SharePoint Site.](information-barriers.md)
+3. [Install the Azure PowerShell module](/powershell/azure/install-az-ps?view=azps-2.3.2)
+4. PowerShell account must have directory administrator access for the tenant.
+
+## Enable the background compliance assistant
+
+These steps create a new application in your organization's enterprise applications. For the compliance assistant to function properly, you must have explicitly added segments to a SharePoint site. Complete the following steps to enable the compliance assistant:
+
+1. Run the following PowerShell cmdlets.
+
+ ```PowerShell
+ 1. Connect-AzureAD
+ 2. Connect-AzAccount
+ 3. $appId="f46c682f-628c-48e6-b963-03309e34639e"
+ 4. $sp=Get-AzADServicePrincipal -ServicePrincipalName$appId
+ 5. if ($sp -eq $null) {New-AzADServicePrincipal -ApplicationId$appId}
+ 6. StartProcess"https://login.microsoftonline.com/common/adminconsent?client\_id=$appId"
+ ```
+
+2. When prompted, sign in using your Office 365 work or school account.
+3. In the **Permissions requested** dialog box, review the information, and select **Accept**. This action configures admin consent for the compliance assistant.
+
+## Verify a new application was created
+
+To verify that a new application was properly created in your organization's enterprise applications, complete the following steps:
+
+1. Log into portal.azure.com with directory administrator's credentials.
+2. Select **Manage Azure Active Directory.**
+3. Select **Enterprise Applications** in left navigation listing.
+4. Search for the compliance assistant using 'M365' as the search term.
+
+ ![Search for IB compliance assistant app](media/info-barriers-compliance-assistant-search.png)
+
+5. Select **M365-Group-Compliance-Assistant** from the list of search results.
+6. On the **M365-Group-Compliance-Assistant overview** page, you can review application properties.
+
+ ![Overview page for IB compliance assistant app](media/info-barriers-compliance-assistant-overview.png)
+
+7. Select **Permissions** in the left-navigation pane to review the permissions that the application is authorized for.
+
+ ![Permissions page for IB compliance assistant app](media/info-barriers-compliance-assistant-permissions.png)
+
+8. In this example, the **M365-Group-Compliance-Assistant** is authorized to add/remove non-compliant information barrier users from your Microsoft 365 groups.
+
+You can use the [Microsoft 365 compliance center](/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance) to search, review, and track audit log events for the M365-Group-Compliance-Assistant application. The audit activities associated with the compliance assistant are:
+
+- **IB assistant removed group member**: The IB non-compliant group member was removed from the group by the compliance assistant.
+- **IB assistant removed group owner**: The IB non-compliant owner was removed from the group by the compliance assistant.
+- **Identified as IB non-compliant group**: The segments on the group are non-IB compliant with each other.
+
+To search the audit log for Microsoft 365 Groups activities, see [Search the audit log](/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance#search-the-audit-log).
+
+>[!Note]
+>The compliance assistant runs periodically (every 24 hours). The assistant runs on group-connected SharePoint sites that do not have an associated team in Microsoft Teams. To enable the compliance assistant for SharePoint sites connected to Microsoft Teams, follow the instructions in the [Define information barrier policies](/microsoft-365/compliance/information-barriers-policies) article.
SharePoint Teams Connected Sites https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/live/SharePoint/SharePointOnline/teams-connected-sites.md
description: "Learn how to manage Teams connected sites."
# Manage Teams connected sites and channel sites
-In this article, learn more about how to identify, manage, and navigate between teams and channels in Microsoft Teams and SharePoint Teams connected sites and channel sites. SharePoint team sites get automatically created when new Teams and private channels are created because SharePoint is the service that helps manage, store, and organize files and folders that are shared and stored in Microsoft Teams.
+In this article, learn more about how to identify, manage, and navigate between teams and channels in Microsoft Teams and SharePoint Teams connected sites and channel sites. SharePoint team sites get automatically created when new Teams and private channels are created because SharePoint is the service that helps manage, store, and organize files and folders that are shared and uploaded in Microsoft Teams.
### What are Teams connected sites and channel sites? Today, Teams connected team sites and channel sites are created whenever a new Microsoft Team or private channel within a team is created. When you create a team in Microsoft Teams, a Microsoft 365 connected team site in SharePoint gets automatically created. This site is referred to as a *Teams connected team site*. This team site contains folders for each standard channel created from Microsoft Teams. This primary Teams connected team site is also known as the *parent team connected site*.