SharePoint Online Introducing Restricted Access Control for Sites

SharePoint Online is introducing Restricted Access Control (RAC) as a new security layer that allows admins to limit site access to specific Entra ID security groups, regardless of individual sharing links or permissions.

Published

March 12, 2026

Source

Message Center

MC124005

Microsoft is rolling out Restricted Access Control (RAC) for SharePoint Online sites. RAC allows admins to define a set of Entra ID security groups whose members are the only users permitted to access a site — overriding any existing sharing links or direct permissions. This provides a backstop for sensitive sites where over-sharing is a concern.

Rolling out to all tenants over the next 30 days.

How RAC Works

Define Permitted Security Groups Per Site
Overrides Existing Sharing Links
Managed via SharePoint Admin Center or PowerShell

Configure Restricted Access Control via SharePoint Admin Center > Sites > Active sites > select site > Policies.

Our Take

This is the right call, but Microsoft is underselling how disruptive it'll be. Users have built years of muscle memory around that Chat / Teams split — expect a wave of support tickets the week it lands. Get ahead of it with a quick communication to your users before it shows up, not after.

Bottom Line

Good change, bad rollout timing for unprepared orgs. Send a user comm now.

Upcoming Deadlines

SharePoint 2013 Workflows

Apr 2

↗

Classic Yammer Communities

Jun 1

↗

Quick Links

M365 Roadmap

This is some text inside of a div block.