Microsoft SharePoint Online is a great collaboration tool offering multiple users to work simultaneously on files, documents and pages. It allows users to download and share files and documents with needy ones. Sometimes allowing downloading of files can be dangerous. Suppose your confidential data is downloaded and shared by someone in your organization, then your data can be leaked. To prevent this, you should implement Block Download Policy for SharePoint Online and OneDrive.
As a SharePoint Administrator or Global Administrator, you can block the download for SharePoint Online and OneDrive for a particular site. Additionally, you can configure conditional access policies to prevent users from downloading important documents from SharePoint Online to secure data. The Block SharePoint Download Policy feature is in the preview stage and will be under Microsoft Syntex SharePoint. But you can block SharePoint downloads using Windows PowerShell. First, we will see the benefits of the block download policy in SharePoint Online and OneDrive.
Why consider the block download policy for SharePoint Online and OneDrive
For maximum protection against accidental data leakage due to user error or unintentional data leakage block download policy in SharePoint Online should be configured. It provides adequate protection against unauthorized download activities while allowing legitimate file-sharing operations seamlessly between colleagues inside & outside organizational boundaries. Suppose you want to block all file downloads in a particular SharePoint site for security reasons so that no one can download the important files. You must configure the block downloads policy in that particular site to secure your files and documents. Now let’s see how to create a conditional access policy to block file downloads in SharePoint Online and OneDrive.
Contents
Follow the steps below to check how to configure a conditional access policy to block the download of the documents in SharePoint Online and OneDrive.
- Visit Office.com and click on Admin to open the Microsoft 365 Admin Center.
- In the Admin Center, click show all and open Azure Active Directory; it will take you to the Microsoft Entra Admin center.
- Now click on Protect & Secure, then Conditional Access. The policies window will open; now click on New Policy to create a new policy.
- A new window will open, asking for policy details.
- Type the name of the policy in the name field.
- In the Users field, select the users or groups you want to include in the policy to block downloads in SharePoint Site and OneDrive. Once selected, click on the select button.
- Now Click on Cloud apps or actions, then click on select app and choose Office 365 SharePoint Online. After that, click on the Select button to save changes.
-
- Under conditions, choose the condition you want to use to block downloads of files in SharePoint Online and OneDrive.
-
- In Session, select Use Conditional Access App control and choose Block Downloads (Preview) and click on select button. In Enable policy, click on the ON option and then click on create button to create the conditional access policy to block downloads in SharePoint Online and OneDrive.
Once you click on create button, it will create the conditional access policy to block downloads of files in SharePoint Online and OneDrive for the conditions you selected.
Microsoft Syntex SharePoint Advanced Management License includes a block SharePoint download policy feature and is currently in the preview stage. For now, you can use Windows PowerShell to block downloads for SharePoint Online.
- First, you need to download SharePoint Online Management Shell if you do not have one installed.
- Once installed, connect to SharePoint Online by entering the below command.
Connect-SPOService –Url https://yourdomain-admin.sharepoint.com/
Once entered the command login using Admin credentials
Note: use your tenant name in place of yourdomain.
- To block downloads for a particular SharePoint Site, type the below command.
Set-SPOSite -Identity <siteURL>; -BlockDownloadPolicy $true
In the place of <SiteURL> use the URL of your SharePoint site.
To exempt site owners and groups, you need to use the below commands at the end of the above command.
- To exempt site owners, use the below one:
Set-SPOSite -Identity <siteURL>; -BlockDownloadPolicy $true - ExcludeBlockDownloadPolicySiteOwners $true
- To exclude Groups from the block SharePoint download policy, use the below cmdlet.
Set-SPOSite -Identity &amp;amp;lt;siteURL&amp;amp;gt; -BlockDownloadPolicy $true -ExcludedBlockDownloadGroupIds &amp;amp;lt;comma separated group ids&amp;amp;gt;
Note: Type Group id or ids in place of <comma separated group ids>
Once applied the policy through Windows PowerShell, the Download button will be disabled to secure your files. You can use the above steps to apply Block Download Policy for SharePoint Online and OneDrive. Also, you can create a conditional access policy to block SharePoint downloads for SharePoint Online.
Conclusion:
This article describes implementing a block download policy for SharePoint Online and OneDrive. You can secure confidential data by blocking downloads for a particular SharePoint Site. Also, you can check the steps to create or apply a conditional access policy to prevent downloads on SharePoint Site.
Also read: Free Microsoft Office 365 Subscription