To set up a Conditional Access policy in Azure AD that restricts SharePoint access to users outside of your office network, while allowing five specific users to access it from both inside and outside the network, follow these steps:




### Step 1: Define Trusted Locations
1. **Log in to Azure portal** and navigate to **Azure Active Directory**.
2. Go to **Security** > **Conditional Access** > **Named locations**.
3. Add your office's IP range as a trusted location by selecting **New location** and entering the IP ranges for your office network.


### Step 2: Create a Conditional Access Policy
1. Navigate to **Azure Active Directory** > **Security** > **Conditional Access**.
2. Click on **New policy** to create a new Conditional Access policy.


### Step 3: Configure Policy Conditions
1. **Name the policy**: e.g., "Restrict SharePoint Access Outside Office Network".
   
2. **Assignments**:
   - **Users and groups**:
     - Select **All users** to apply the policy to everyone.
     - Under **Exclude**, select the 5 users who should have access both inside and outside the office network.
   

   - **Cloud apps or actions**:
     - Select **Select apps** and choose **Office 365 SharePoint Online**.

   - **Conditions**:
     - Go to **Locations**.
     - Select **Yes** under **Configure**.
     - Under **Include**, select **Any location**.
     - Under **Exclude**, select **Selected locations** and choose the trusted locations you defined              earlier.


### Step 4: Configure Access Controls
1. Under **Grant**, select **Block access**.

2. Under **Session**, you can leave the defaults or configure as needed.

### Step 5: Enable the Policy
1. Set the policy to **On**.
2. Click **Create** to save and enable the policy.


This policy will now restrict SharePoint access to only those users on the office network, except for the 5 users who can access it from anywhere.