Project Online: Now with Conditional Access


Just a quick posting to confirm that Conditional Access for SharePoint Online and OneDrive also applies to Project Online – as it sits on top of SharePoint.  You can’t just block Project Online though – you block it by blocking SharePoint.  Bill Baer has a great blog post - https://blogs.technet.microsoft.com/wbaer/2017/02/17/conditional-access-policies-with-sharepoint-online-and-onedrive-for-business/ so I’ll just show that the same applies to Project.

To use Conditional Access some of the features require the Azure Active Directory Premium (See Bill’s blog and the Azure AD article https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-technical-reference and I’ll walk you through the simple scenario I configured.

I want to block Sara Davis from accessing Project Online so I go to the Office 365 Admin Portal and then to the Azure AD Admin center.

image                                         image

From there I take the Conditional access option (you can start a trial if you don’t have Premium) and add a New policy.  You can see the various options here – and I’m going to select Sara Davis as my user, for the Cloud apps I will choose Office 365 SharePoint Online and OneDrive.

image

Under conditions I have various options – and as I just want to block I can choose the Client apps check Yes to configure and check both Browser and Mobile apps and desktop clients (I’ll leave you to review in the Azure AD document the other cool options for locations, device platform and sign-in risk – which give more granular control).

image

The final thing is to add the Access controls – and I just want to Block access.  I select that, Enable Policy and Create – and I’m done.

image

Now when Sara tries to get to browse to PWA she will see this message – and I’ve expanded the details part:

image

Same if she tries to use the Project Online Desktop Client or Project Professional 2016

image

I hope you find this a useful addition to Project Online and Azure AD!


Comments (2)

  1. B Sai Prasad says:

    Thank you Brian for sharing this approach. Blocking SharePoint Online will block PO too, and is there way to block access only to PO and grant access to SharePoint

    1. Hi Sai there isn’t a way to block access to Project Online only via conditional access, although of course you could take away the users Project Online license – but that doesn’t help with some of the conditional options that are most useful to avoid potential unauthorized access but still allow the user their normal access.

Skip to main content