1 00:00:03,370 --> 00:00:05,941 Now let's go to the lab and check out the 2 00:00:05,941 --> 00:00:08,798 access control settings in SharePoint 3 00:00:08,798 --> 00:00:11,370 Online. We're now in the lab environment, 4 00:00:11,370 --> 00:00:14,370 so let me open up the browser over here. 5 00:00:14,370 --> 00:00:16,995 And for all of our access control 6 00:00:16,995 --> 00:00:20,370 settings, we will go into Access control. 7 00:00:20,370 --> 00:00:23,170 First option that we have is Restrict 8 00:00:23,170 --> 00:00:25,870 access from devices that aren't compliant 9 00:00:25,870 --> 00:00:30,370 in Intune or joined to a domain. You can 10 00:00:30,370 --> 00:00:33,798 either allow full access, allow limited, 11 00:00:33,798 --> 00:00:37,655 web-only access, or block access. Remember 12 00:00:37,655 --> 00:00:40,370 that you can customize this more into the 13 00:00:40,370 --> 00:00:43,370 Azure AD admin center with conditional 14 00:00:43,370 --> 00:00:45,824 access policies; however, this is really 15 00:00:45,824 --> 00:00:48,870 outside of the scope of this course, and 16 00:00:48,870 --> 00:00:52,120 there's other courses on Pluralsight that 17 00:00:52,120 --> 00:00:56,370 cover conditional access. Next up, we have 18 00:00:56,370 --> 00:00:59,655 the Idle session timeout. This is really 19 00:00:59,655 --> 00:01:02,970 to sign out users after a period of 20 00:01:02,970 --> 00:01:05,084 inactivity in SharePoint Online or 21 00:01:05,084 --> 00:01:07,970 OneDrive for Business. If I turn it on, I 22 00:01:07,970 --> 00:01:10,370 can say that I want to sign out users 23 00:01:10,370 --> 00:01:13,770 after 15 minutes of being inactive, and 24 00:01:13,770 --> 00:01:16,970 the warning must be less than the actual 25 00:01:16,970 --> 00:01:21,370 sign-out, so I can put it to 10 minutes, 26 00:01:21,370 --> 00:01:26,170 let's say, and click on Save. Now for the 27 00:01:26,170 --> 00:01:29,470 Network location. If I turn it on, I can 28 00:01:29,470 --> 00:01:32,245 only allow access from specific IP 29 00:01:32,245 --> 00:01:36,097 addresses or IP address ranges, and this 30 00:01:36,097 --> 00:01:39,370 is useful only if you want to force people 31 00:01:39,370 --> 00:01:42,925 to only allow access to Office 365 from 32 00:01:42,925 --> 00:01:46,814 your offices or when they're logged in 33 00:01:46,814 --> 00:01:49,941 VPN. You can either specify a direct 34 00:01:49,941 --> 00:01:54,370 address or a range in both IPv4 and IPv6. 35 00:01:54,370 --> 00:01:57,745 And as the warning says at the top, make 36 00:01:57,745 --> 00:02:00,655 sure that your IP address is included so 37 00:02:00,655 --> 00:02:03,370 you do not lock yourself out because that 38 00:02:03,370 --> 00:02:06,703 wouldn't really be fun, and you would have 39 00:02:06,703 --> 00:02:09,370 to go to Microsoft Support to get help. 40 00:02:09,370 --> 00:02:13,655 Lastly, apps that don't use modern 41 00:02:13,655 --> 00:02:16,370 authentication, such as Office 2010 that 42 00:02:16,370 --> 00:02:19,703 was given as an example, do you want to 43 00:02:19,703 --> 00:02:21,870 allow access or block access? This is 44 00:02:21,870 --> 00:02:24,120 really if you want to force conditional 45 00:02:24,120 --> 00:02:28,370 access on apps and you want to make sure 46 00:02:28,370 --> 00:02:31,170 that users don't use old apps that might 47 00:02:31,170 --> 00:02:34,870 have security risks and they connect those 48 00:02:34,870 --> 00:02:39,245 apps to Office 365. This is it for the 49 00:02:39,245 --> 00:02:41,512 access control settings. Now let's go back 50 00:02:41,512 --> 00:02:48,000 to the slides and talk about other SharePoint Online tenant settings.