1 00:00:02,863 --> 00:00:06,063 Now that we have seen storage and site 2 00:00:06,063 --> 00:00:09,006 creation management, let's take a look at 3 00:00:09,006 --> 00:00:11,577 access control. SharePoint offers a few 4 00:00:11,577 --> 00:00:14,363 controls on access, such as unmanaged 5 00:00:14,363 --> 00:00:17,263 devices, idle section timeout, network 6 00:00:17,263 --> 00:00:21,196 location, and controlling apps that do not 7 00:00:21,196 --> 00:00:23,988 use modern authentication. Let's take a 8 00:00:23,988 --> 00:00:27,577 look at them in detail. First of all, the 9 00:00:27,577 --> 00:00:30,148 unmanaged devices setting allows you to 10 00:00:30,148 --> 00:00:32,720 restrict access from devices that aren't 11 00:00:32,720 --> 00:00:36,063 marked as compliant in Intune or joined to 12 00:00:36,063 --> 00:00:39,045 your domain. You can set it to multiple 13 00:00:39,045 --> 00:00:42,113 options from allow full access to allow 14 00:00:42,113 --> 00:00:45,238 limited, web-only access, which blocks 15 00:00:45,238 --> 00:00:47,863 users from downloading, printing, or 16 00:00:47,863 --> 00:00:51,113 syncing files or completely blocking 17 00:00:51,113 --> 00:00:53,709 access. If you do not want to set the 18 00:00:53,709 --> 00:00:56,226 policy at the tenant level, you can also 19 00:00:56,226 --> 00:01:00,720 set it at the site level as well. The idle 20 00:01:00,720 --> 00:01:03,363 session timeout control allows you to 21 00:01:03,363 --> 00:01:06,363 automatically sign out users from Office 22 00:01:06,363 --> 00:01:10,307 365 after a certain duration of time. The 23 00:01:10,307 --> 00:01:13,418 idle counter is limited to activity inside 24 00:01:13,418 --> 00:01:16,291 SharePoint and OneDrive for Business, so 25 00:01:16,291 --> 00:01:19,263 only works if you have SharePoint or 26 00:01:19,263 --> 00:01:22,226 OneDrive for Business opened, but it would 27 00:01:22,226 --> 00:01:26,720 sign you out of all of Office 365. You can 28 00:01:26,720 --> 00:01:29,863 also set a warning time. This way, the 29 00:01:29,863 --> 00:01:32,663 users get a popup warning them before they 30 00:01:32,663 --> 00:01:36,263 get signed out. Next up, the network 31 00:01:36,263 --> 00:01:39,720 location. This setting allows you to 32 00:01:39,720 --> 00:01:43,263 restrict connectivity from an IP address 33 00:01:43,263 --> 00:01:45,063 range. This way, you would only allow 34 00:01:45,063 --> 00:01:48,641 users to sign in while in the office or 35 00:01:48,641 --> 00:01:52,863 connected to the VPN. Lastly, modern 36 00:01:52,863 --> 00:01:54,720 authentication. App-based conditional 37 00:01:54,720 --> 00:01:57,363 access with app protection policies rely 38 00:01:57,363 --> 00:01:59,363 on application using modern 39 00:01:59,363 --> 00:02:03,196 authentication, which is an implementation 40 00:02:03,196 --> 00:02:07,006 of OAuth2. Most current office mobile and 41 00:02:07,006 --> 00:02:09,196 desktop applications use modern 42 00:02:09,196 --> 00:02:11,577 authentication; however, there are still 43 00:02:11,577 --> 00:02:14,196 some third-party apps and older Office 44 00:02:14,196 --> 00:02:16,863 apps that use other authentication methods 45 00:02:16,863 --> 00:02:21,148 such as basic authentication or form-based 46 00:02:21,148 --> 00:02:27,000 authentication, and SharePoint allows you to block them if you wish to do so.