-description: "In this article, you learn how to allow only users in specified security groups to access OneDrive."

-# Restrict OneDrive access

-You can use restricted access control policy for OneDrive to allow only users in specified security groups to access OneDrive. Restricted access control of a OneDrive account and its content is managed using SharePoint PowerShell or SharePoint admin center. Even if other users outside of these security groups are licensed for OneDrive, they can't access to their own OneDrive or any shared OneDrive content.

-You can use restricted access control to prevent oversharing of OneDrive content. For example, you can restrict OneDrive access to your users, preventing guests from accessing any OneDrive content even if it's shared with them.

-To access and use the feature, your organization must have **one** of the following subscriptions:

-## Restrict OneDrive access using SharePoint admin center

-### Requirements for SharePoint admin center method

-To access and use restricted access control of OneDrive accounts, your organization must:

- 1. Go to [Access control in the SharePoint admin center](https://go.microsoft.com/fwlink/?linkid=2185071), and sign in with an account that has [admin permissions](sharepoint-admin-role.md) for your organization.

- 2. Select **Restrict OneDrive access**.

- 3. Select **Restrict OneDrive access to only users in specified security groups**.:::image type="content" source="media/restrictonedriveaccess.png" alt-text="Restrict OneDrive access on the Access control page in the SharePoint admin center":::

- 4. Add the security groups (maximum of 10) you want to be able to use OneDrive.

- 5. Select **Save**.

-> [!NOTE]

-> Users who aren't included in the security groups you added will lose access to their own OneDrive and any shared OneDrive content.

-## Restrict OneDrive access using PowerShell

-### Requirements for PowerShell method

-To enable restricted access control of OneDrive accounts as a **Microsoft Syntex - SharePoint Advanced Management subscriber.**:

-1. Download the latest **[SharePoint PowerShell module](/powershell/sharepoint/sharepoint-online/introduction-sharepoint-online-management-shell)**

-2. Enable **restricted access control for your organization** by running the following command in PowerShell:

- ```Powershell

- Set-SPOTenant -EnableRestrictedAccessControl $true

- ```

-3. Wait for approximately 1 hour.

-> [!IMPORTANT]

-> If you have Microsoft 365 Multi-Geo, you must run this command for each geo-location you want to use restricted access control.

-### Enable restricted access control of a OneDrive account using PowerShell

-To enable restricted access control of a OneDrive account, run the following commands:

-```powershell

-Set-SPOSite -Identity <siteurl> -RestrictedAccessControl $true

-```

-```powershell

-Set-SPOSite -Identity <siteurl> -AddRestrictedAccessControlGroups <comma separated group GUIDS>

-```

-> [!NOTE]

-> For restricted access control to be enforced on the site, you must add at least one security group whose members are allowed site access. You can add up to 10 Security Groups for a given site. Once users are added to a security group, access to the site is automatically applied.

-**For example:**

-`Set-SPOSite -Identity <https://contoso-my.sharepoint.com/personal/user_contoso_onmicrosoft_com> -RestrictedAccessControl $true`

-`Set-SPOSite -Identity <https://contoso-my.sharepoint.com/personal/user_contoso_onmicrosoft_com> -AddRestrictedAccessControlGroups afd516b5-c350-4c2a-8339-600b93c56791`

-Once the commands are run, site access is restricted to members of the specified security group (Employees_ResearchDepartment).

-> [!TIP]

-> To identify the corresponding GUID for a given security group such as Employees_ResearchDepartment, run the following commands:

->

->```powershell

->Install-Module -Name MSOnline

-> Import-Module -Name MSOnline

-> Connect- MsolService

->

-> $group = Get-MsolGroup | Where-Object {$_.DisplayName -eq " Employees_ MarketingDepartment"}

-> $group.ObjectId

->```

-### Manage restricted access control security groups using PowerShell

-You can add up to 10 Azure AD security groups whose members are allowed access to the site. The specified security groups can be managed as restricted access control groups when the setting is applied. Restricted access control limits the site access to members of the specified security groups. Dynamic membership of security groups is also supported for restricted access control policy.

-To manage a restricted access control group for a OneDrive site, run the following command:

-```powershell

-Set-SPOSite -Identity <siteurl> -RestrictedAccessControlGroups <comma separated group GUIDS>

-```

-**For example**:

-`Set-SPOSite -Identity <https://contoso-my.sharepoint.com/personal/user_contoso_onmicrosoft_com> -RestrictedAccessControlGroups afd516b5-c350-4c2a-8339-600b93c56791,053e8286-f18a-40d6-a12a-a323b89c5d63`

-> The Security Groups specified will automatically get access to the site permissions.

->

-> The policy is enforced only when it is enabled on the site and has at least one security group added.

-### Remove restricted access control groups of a OneDrive account using PowerShell

-To limit access control on user OneDrive account, remove security groups by running the following command:

-```powershell

-Set-SPOSite -Identity <siteurl> -RemoveRestrictedAccessControlGroups <comma separated group GUIDS>

-```

-**For example**:

-`Set-SPOSite -Identity <https://contoso-my.sharepoint.com/personal/user_contoso_onmicrosoft_com> -RemoveRestrictedAccessControlGroups afd516b5-c350-4c2a-8339-600b93c56791`

-### View restricted access control of a OneDrive account using PowerShell

-To view the restricted access control configuration for a OneDrive account, run the following command:

-```powershell

-Get-SPOSite -Identity <siteurl> | Select RestrictedAccessControl, RestrictedAccessControlGroups

-```

-To view a complete list of security groups added in the restricted access control configuration for a OneDrive account, run the following command:

-```powershell

-Get-SPOSite -Identity <siteurl> | Select -EXPAND RestrictedAccessControlGroups

-```

-### Disable restricted access control of a OneDrive account using PowerShell

-To disable restricted access control for a OneDrive account, run the following command:

-```powershell

-Set-SPOSite -Identity <siteurl> -RestrictedAccessControl $false

-```

-**For example**:

-`Set-SPOSite -Identity <https://contoso-my.sharepoint.com/personal/user_contoso_onmicrosoft_com> -RestrictedAccessControl $false`

-### Reset restricted access control of a OneDrive account

-To remove restricted access control configuration for a OneDrive account, run the following command:

-```powershell

-Set-SPOSite -Identity <siteurl> -ClearRestrictedAccessControl

-```

-**For example**:

-`Set-SPOSite -Identity <https://contoso-my.sharepoint.com/personal/user_contoso_onmicrosoft_com> -ClearRestrictedAccessControl`

-This command resets the restricted access control configuration for the given site by clearing both attributes: RestrictedAccessControl, RestrictedAccessControlGroups.

-### Known experiences

-Restricted access control policy is enforced only when the user is trying to access the OneDrive account or the content in. This behavior is like any other conditional access policies configured for a site.

-Unified Search connected experiences don't enforce restricted access control policy. Users see search results if they have existing access permissions to the content or the site. When the user selects a search result item to open the content, they're denied access if they aren't part of the policy.

-## Auditing

-Audit events are available in [Microsoft Purview compliance portal](/microsoft-365/compliance/microsoft-365-compliance-center) to help you monitor restricted access control activities. Audit events are logged for the following activities:

-1. Applying restricted access control for site

-2. Removing restricted access control for site

-3. Changing restricted access control groups for site

-## Related articles

- > **You must enable this setting on the devices from which you want to get reports.** This setting has does not affect users. We recommend a gradual rollout starting with a few test devices per day, then up to 100 devices per day, then gradually up to 10,000 devices per day until you finish.

-recommendations: true

-localization_priority: Normal

-description: Learn about the formatting changes in Microsoft Viva Amplify

-# Formatting changes for Microsoft Viva Amplify - Private preview

-> [!NOTE]

-> Microsoft Viva Amplify is currently in Private preview and, hence, available only to Private preview customers.

-Microsoft Viva Amplify is an internal communication campaign that allows you to create something once and publish it to multiple distribution channels to share throughout the organization. Hence, creating a campaign is the first step in the end-to-end content management process that involves creating content and publishing it.

-Once you create a campaign, you can create the content on the **Main canvas** screen, and then publish the content.

-To create a campaign, perform the following steps:

-1. Go to the Microsoft Viva Amplify portal.

-2. Provide your credentials and sign in.

-3. Select **+ Create a campaign**.

- The **Create a new campaign** screen is displayed.

-4. Select **Create a campaign** on the bottom-left corner of the screen.

-5. Enter the details for the text boxes and select **Next**.

-6. From the **Add members to your campaign** text box, choose the person whom you want to add as a member of your campaign.

-7. Select **Add to list**.

- The chosen person is successfully added as a member of your campaign.

-8. Select **Create a campaign**.

- The campaign is successfully created and listed on the **Amplify Hub** screen.

-You can create content using the created campaign and then transpile it to the distribution channels. Only after you transpile the content, you can view the formatting changes that occur.

-> [!NOTE]

-> Formatting changes are applicable only to the **Outlook** distribution channel and not to the **SharePoint** distribution channel because the **Main canvas** screen itself is a type of SharePoint site. For more information, see [Formatting changes](#formatting-changes) and [Formatting changes in Outlook distribution channel](#formatting-changes-in-outlook-distribution-channel).

-For example, when you click the "preview" icon under the **Outlook** distribution channel, you're presented with a message that reads as follows:

-**[Some properties like text on images, columns, and medium and large people web parts may have been changed for this distribution channel.](#formatting-changes)**

-When you click **Learn more about formatting changes and editing**, you're taken to the screen that displays information about [formatting changes](#formatting-changes).

-## Formatting changes

-Formatting changes can be classified as:

-1. **Modifications to certain web parts**: When you use **Outlook** distribution channel, and then select certain web parts, there may be changes in the properties of the web parts. Such changes result in the web parts displaying a behavior different from its default behavior.

-For example, in the **Sections** layout, when you organize content into two or three columns, the same content gets stacked into a single column when being published.

-1. **Removal of certain web parts**: When you use **Outlook** distribution channel, certain web parts such as the spacer, the large people, and the countdown timer don't appear as they're removed automatically on account of their incompatibility with Outlook.

-For detailed information about such other formatting changes in web parts for the **Outlook** distribution channel, see [Formatting changes in Outlook distribution channel](#formatting-changes-in-outlook-distribution-channel).

-### Formatting changes in Outlook distribution channel

-For the **Outlook** distribution channel, there are:

-#### Formatting changes in Image web part

-Text on the image is now transpiled to appear on top of the image on Outlook endpoint.

-#### Formatting changes in People web part

-The **Small**, **Medium**, and **Large** layouts are supported.

-However, even if you transpile the content using the **Medium** and **Large** layouts, the descriptions and links added in these two layouts will be dropped. The content's output defaults to the **Small** layout view.

-#### Formatting changes in Sections layout

-**Sections** is a layout-associated element that presents a template to the content in the **Main canvas** page so that the content is structured properly.

-Each section consists of 1-3 columns.

-For information on the default properties of sections and its columns, see [Add sections and columns on a SharePoint modern page](https://support.microsoft.com/office/add-sections-and-columns-on-a-sharepoint-modern-page-fc491eb4-f733-4825-8fe2-e1ed80bd0899).

-The sections and its columns too - much like other web parts - have experienced the following formatting changes in its default properties:

-1. When you use the **Two columns**, **Three columns**, **One-third left**, or the **One-third right** layout options to organize your content, the content gets stacked into a single column, similar to the **One Column** layout option's output.

- :::image type="content" source="media/multi-column-layout-option-not-supported.png" alt-text="The Multi Column layout option not being supported in Outlook." lightbox="media/multi-column-layout-option-not-supported.png":::

-1. Collapsible sections aren't supported, including section titles (which will be dropped).

- :::image type="content" source="media/option-make-sections-collapsible.png" alt-text="The option to make sections collapsible." lightbox="media/option-make-sections-collapsible.png":::

- :::image type="content" source="media/section-title-being-dropped.png" alt-text="Section title being dropped." lightbox="media/section-title-being-dropped.png":::

-1. Dividers between sections aren't supported.

- :::image type="content" source="media/dividers-between-sections-not-supported.png" alt-text="Dividers between sections not being supported in Outlook." lightbox="media/dividers-between-sections-not-supported.png":::