The Access control page is used to restrict device and network access using the following settings:

• Unmanaged devices: The available settings are Allow full access from desktop apps, mobile apps, and the web, Allow limited, web-only access, and Block access. These are organization-wide settings.
• Idle session sign-out: This selection only affects users on unmanaged devices who don’t select Keep me signed in. You can choose to sign users out automatically after a given period of time.
• Network location: You can configure ranges of IP addresses allowed to access SharePoint content. This affects all users (internal and guests) and all connected applications. Applications that support network boundaries are Teams, Yammer, and Exchange. If these boundaries are enabled, non-location-aware apps (such as Power Automate, Power Apps, OneNote, etc.) will be blocked from accessing SharePoint content, even if they operate and access from within a defined network boundary.
• Apps that don’t use modern authentication: You can allow or block applications that don’t support modern authentication.
• Restrict OneDrive access: You can limit who can access OneDrive for Business content based on security group membership. You can specify up to 10 security groups. Users not in these groups will lose access to their OneDrive content (though the content itself will continue to exist).

These are broad, tenant-wide controls. Microsoft recommends using Conditional Access policies and Microsoft Defender for Cloud Apps in their place.

Settings

The Settings page manages additional tenant-wide settings for SharePoint and OneDrive:

• Home site (SharePoint): This is used to set the main landing page for your site.
• Notifications (SharePoint): This is used to enable or disable notifications sent to the SharePoint mobile app.
• Pages (SharePoint): This enables or disables features to allow users to create new modern pages and allow commenting on modern pages.
• Site creation (SharePoint): This setting has four main options:
  • Users can create SharePoint sites is used to control whether users can create sites from SharePoint, OneDrive, or scripting/REST interfaces. This has no impact on whether users can create Teams or Microsoft 365 Group-connected sites.
  • Show the options to create a site in SharePoint and create a shared library from OneDrive is used to show or hide the site and library options in the SharePoint and OneDrive for Business web interfaces.
  • The Create team sites under setting is used to select the managed path where SharePoint team sites will be provisioned.
  • You can use Default time zone to specify the default time zone for SharePoint sites.
• Site storage limits (SharePoint): This setting is used to manage quotas for your sites. You can choose Automatic to allow sites to grow as necessary, or Manual, which allows you to specify the maximum storage that a particular site can consume from your tenant’s total storage allocation (up to 25 TB per site collection).
• Notifications (OneDrive): This allows you to choose whether to allow notifications to be sent to users about file sharing or @mention activity.
• Retention (OneDrive): This setting controls how long a OneDrive for Business site stays active after a user has been de-provisioned and the license removed. While the setting name is Retention, it is not a compliance feature used to protect data – it only determines whether the site stays provisioned.
• Storage limit (OneDrive): This allows you to manage the default storage limit for OneDrive accounts.
• Sync (OneDrive): This allows you to manage service-side synchronization settings for the OneDrive for Business client. Options include the following:
  • The Show the Sync button on the OneDrive website option allows you to display or hide the Sync button.
  • The Allow syncing only on computers joined to specific domains option allows you to list domain GUIDs, representing domains that machines wishing to use the OneDrive client must reside in.
  • With the Block upload of specific file types option, you can limit the file extensions that a OneDrive for Business sync client will process. Users can still upload the files manually through the browser, however, as the block feature only affects the OneDrive synchronization engine.

Next, we’ll explore the configuration options available under

More features. The More features page allows you to configure additional groups of settings. Many of these features or settings are service applications for SharePoint Server. The available options include the following:

• Term store: The term store is a service application that allows you to define a metadata taxonomy to classify content in SharePoint.
• User profile: The User Profile service application controls the OneDrive for Business site provisioning process. You can do things such as set default secondary administrators or even control which users have access to provision sites.
• Search: This manages how the Search service application works across the tenant, including things such as Search schema, Search dictionaries, Result sources (which are useful for hybrid search capabilities), and Query rules.
• Apps: These manage integration with the SharePoint store.
• BCS: This manages the configuration of Business Connectivity Services (BCS) to data sources outside of SharePoint Online.
• Secure store: The Secure store service application is used to manage authentication for BCS.
• Records management: This is the interface to manage the legacy SharePoint records management site. Microsoft recommends using in-place records management instead of this feature.
• InfoPath: This manages the integration of InfoPath forms with SharePoint Online. Microsoft recommends shifting to Forms and Power Apps in place of InfoPath.
• Hybrid Picker: This launches the hybrid configuration tool.

Finally, there is a section of settings that don’t fit anywhere else – mostly related to legacy SharePoint features that haven’t been fully integrated or deprecated. These additional settings are referred to as Classic settings.