Best new Security Features for SharePoint and OneDrive

Block the download of files from a SharePoint site or OneDrive

As a SharePoint Administrator or Global Administrator in Microsoft 365, you can block download of files from SharePoint sites or OneDrive. This feature does not need Azure Active Directory conditional access policies. This feature can be set for individual sites and cannot be set at the organization level.

https://learn.microsoft.com/en-us/sharepoint/block-download-from-sites?WT.mc_id=M365-MVP-5004242

Restrict site access to members of a Microsoft 365 group

With restricted access control (preview), you can manage the access of a SharePoint site and its content. As a SharePoint administrator, you can grant access to users of the Microsoft 365 group associated with a SharePoint site. Users who are not added to the group membership won’t have access even if they previously had site access permissions to a file. Restricted access control policy also applies to Microsoft 365 group memberships associated with Microsoft Teams.

https://learn.microsoft.com/en-us/sharepoint/restricted-access-control?WT.mc_id=M365-MVP-5004242

Conditional access policies for SharePoint sites, OneDrives, and Teams – General availability

Security posture of content varies based on whether its business criticality. General training content should be easily accessible wherein classified strategy content should be accessible only when certain conditions are met. The conditional access requirements should match the sites’ security posture.

https://learn.microsoft.com/en-us/sharepoint/authentication-context-example

https://techcommunity.microsoft.com/t5/microsoft-sharepoint-blog/what-s-new-in-security-and-management-in-sharepoint-onedrive-and/ba-p/3648912