Loop admin policies for Loop components and Loop workspaces
Loop components and integrations are backed by .loop files (earlier releases of Loop created these as .fluid files), stored in OneDrive, SharePoint, or SharePoint Embedded. IT administrators need to manage creation of Loop content and integrations using BOTH:
- Cloud Policy
- SharePoint PowerShell command (Teams only)
Loop workspaces, Copilot Pages, and the .loop files and content created in Loop workspaces are stored in SharePoint Embedded containers. IT admins can manage creation of Loop workspaces using Cloud Policy.
Requirements
Just like other Microsoft 365 experiences, Loop and Copilot Pages also leverage core services across SharePoint and Microsoft 365. To effectively enable creation of Loop content and Loop integration experiences, Copilot Pages, or OneDrive and SharePoint files-backed experiences powered by Fluid Framework, follow the instructions in Office 365 URLs and IP address ranges to ensure connections to Loop services are available and enabled.
WebSocket connections
Loop's near real-time communications are enabled by the core services that run a WebSocket server. Coauthors in the same session need to establish secured WebSocket connections to this service to send and receive collaborative data such as changes made by others, live cursors, presence, and so on. These experiences are crucial to Loop, and to all the scenarios powered by Fluid framework. Allow list WebSocket traffic to the *.svc.ms and *.office.com endpoints.
License requirements
Licensing through the new Loop with workspaces service plan covers the creation of new workspaces and management of workspace members. The full set of experiences enabled and the specific licenses that include the Loop with workspaces service plan are covered in Loop access via Microsoft 365 subscriptions. Loop components are available to anyone in Entra ID accounts with a OneDrive or SharePoint license.
Microsoft 365 Groups for Cloud Policy
If you want to scope the Cloud Policy settings to only some users in your tenant, you must create or use an existing Microsoft 365 group that defines which users in your organization this policy will apply to. To create a Microsoft 365 group, see Create a Microsoft 365 group.
Note
This section isn't required if you choose to apply the Loop settings to all the users in your tenant.
You'll be able to use this group for the Cloud Policy setup procedure specified in Settings management in Cloud Policy.
If you prefer, you can also create other types of groups to use with Cloud Policy. For more information, see learn more about creating groups in the Microsoft 365 admin center or learn more about creating dynamic groups in AzureAD.
Available policy settings
There are several IT Admin policy settings provided to enable creation of Loop content across Microsoft 365:
| Configure | Setting Type | Specific Policy | Notes |
|---|---|---|---|
| Loop workspaces creation | Cloud Policy | Create and view Loop workspaces in Loop | Loop workspaces |
| Loop component creation and integration across Microsoft 365 | Cloud Policy | Create and view Loop files in Microsoft apps that support Loop | Applies to: - Outlook integration - OneNote integration - Whiteboard integration Does NOT apply to: - Loop workspaces - Teams integration - Copilot Pages |
| Copilot Pages creation and integration | Cloud Policy | Create and view Loop files in Microsoft 365 Copilot Chat | Applies to Copilot Pages in a Copilot chat experience |
| Outlook creation and integration of Loop experiences | Cloud Policy | Create and view Loop files in Outlook | First checks Create and view Loop files in Microsoft apps that support Loop; then applies Create and view Loop files in Outlook, if applicable. |
| Teams creation and integration | SharePoint property | See Settings management for Loop components in Teams | Teams only checks the settings in this row. |
Storage based view of the admin policy settings
Configure the creation of content in these locations by using the appropriate policy setting:
| Loop content originally created in | ️️️Manage with this policy | Loop content storage |
|---|---|---|
| Loop app | Cloud Policy: Create and view Loop workspaces in Loop | SharePoint Embedded: ✔️in Loop workspace |
| Copilot Pages | Cloud Policy: Create and view Loop files in Microsoft 365 Copilot Chat | SharePoint Embedded: ✔️in Loop workspace |
| Teams channel meeting | SharePoint property Set-SPOTenant -IsCollabMeetingNotesFluidEnabled $true |
SharePoint Site: ✔️in Channel folder |
| Teams channel | SharePoint property Set-SPOTenant -IsCollabMeetingNotesFluidEnabled $true |
SharePoint Site: ✔️in Channel folder |
| Teams private chat | SharePoint property Set-SPOTenant -IsLoopEnabled $true |
User's OneDrive: 📁Microsoft Teams Chat files |
| Teams private meeting | SharePoint property Set-SPOTenant -IsLoopEnabled $true |
User's OneDrive: 📁Meetings |
| Outlook email message | Cloud Policy: Create and view Loop files in Microsoft apps that support Loop -or- Create and view Loop files in Outlook | User's OneDrive: 📁Attachments |
| OneNote for Windows or for the web | Cloud Policy: Create and view Loop files in Microsoft apps that support Loop | User's OneDrive: 📁OneNote Loop files |
| Whiteboard | Cloud Policy: Create and view Loop files in Microsoft apps that support Loop | User's OneDrive: 📁Whiteboard\Components |
Example configurations
| Scenario | Policies Configured |
|---|---|
| ✅Enable Loop workspaces creation and Loop component creation and integration everywhere | ✅ Create and view Loop workspaces in Loop = Enabled (or Not Configured) ✅ Create and view Loop files in Microsoft apps that support Loop = Enabled (or Not Configured) ✅ Create and view Loop files in Microsoft 365 Copilot Chat = Enabled (or Not Configured) ✅ [Teams-only] Set-SPOTenant -IsLoopEnabled $true, Set-SPOTenant -IsCollabMeetingNotesFluidEnabled $true |
| ✅Enable Loop workspaces creation and Loop component creation and integration everywhere, but ⛔Disable Loop component creation and integration in Communication apps (Outlook, Teams) | ✅ Create and view Loop workspaces in Loop = Enabled (or Not Configured) ✅ Create and view Loop files in Microsoft apps that support Loop = Enabled (or Not Configured) ✅ Create and view Loop files in Microsoft 365 Copilot Chat = Enabled (or Not Configured) ⛔ Create and view Loop files in Outlook = Disabled ⛔ [Teams-only] Set-SPOTenant -IsLoopEnabled $false, Set-SPOTenant -IsCollabMeetingNotesFluidEnabled $false |
| ⛔Disable Loop workspace creation and Loop component creation and integration everywhere | ⛔ Create and view Loop workspaces in Loop = Disabled ⛔ Create and view Loop files in Microsoft apps that support Loop = Disabled ⛔ Create and view Loop files in Microsoft 365 Copilot Chat = Disabled ⛔ [Teams-only] Set-SPOTenant -IsLoopEnabled $false, Set-SPOTenant -IsCollabMeetingNotesFluidEnabled $false |
User experience expectations when admin settings are configured
As described in this topic, you can control the ability for users in your environment to create new Loop content. You can configure this either via select groups or for your entire tenant. To prevent collaboration between certain groups in your organization, refer to Information Barriers.
Here's what you should expect when using the Loop IT admin controls configured to Disabled
When Loop IT admin controls in this article are set to Disabled, the creation of new Loop files and SharePoint Embedded containers is prevented, but existing user data is not deleted. Users can still access existing Loop files. To prevent new files and access to these existing files, use both the admin policies and Conditional Access policies to block access to Loop experiences on browsers and mobile devices.
Even with the admin policies disabled, Loop content and icons may still appear in certain places. Files created before disabling new creation can still be found in Microsoft365.com, the Loop component viewer and editor (loop.cloud.microsoft), and links shared in messages or documents. Access to these files is determined by their permissions, so users with edit access can still open and edit them.
There are no separate licensing requirements for the Loop component viewer and editor, only the need for OneDrive access. Users can still access the Loop component viewer and editor via loop.cloud.microsoft and the All apps view in Microsoft365.com. To prevent users from seeing the Loop app in the All apps view, disable their access to OneDrive or configure a conditional access policy for loop.cloud.microsoft.
Settings management in the Microsoft Admin Center
If you're looking for a simple way to turn on or off the creation of only Loop workspaces in your tenant, do the following:
- Sign in to the Microsoft 365 admin center as Office Apps Administrator, Security Administrator, or Global Administrator.
Important
Microsoft recommends that you use roles with the fewest permissions. This helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
- Navigate to Home > Org settings > Services > Loop.
- Choose your desired state for Loop workspaces via the checkbox.
Note
The checkbox may not reflect your configured state on load. However, the state you select and choose Save in the Admin Center will persist and override any defaults for your tenant.
- Select Save.
The Microsoft Admin Center configures the Cloud Policy setting Create and view Loop workspaces in Loop, described in the next section, targeted at All users (your full tenant). See the next section if you wish to perform more advanced controls. If you configured Create and view Loop workspaces in Loop in Cloud Policy, review your Cloud Policy settings to confirm they still match your expectation after configuring in the Microsoft Admin Center.
Settings management in Cloud Policy
The Loop experiences (except for Microsoft Teams) check the following Cloud Policy settings. See Available policy settings to understand how each app checks these settings:
- Create and view Loop workspaces in Loop
- Create and view Loop files in Microsoft apps that support Loop
- Create and view Loop files in Microsoft 365 Copilot Chat
- Create and view Loop files in Outlook
- Sign in to https://config.office.com/ with your Microsoft 365 admin credentials.
- Select Customization from the left pane.
- Select Policy Management.
- Create a new policy configuration or edit an existing one.
- From the Choose the scope dropdown list, choose either All users or select the group for which you want to apply the policy. For more information, See Microsoft 365 Groups for Cloud Policy.
- In Configure Settings, choose one of the following settings:
- For Create and view Loop workspaces in Loop:
- Disabled: Creation of Loop workspaces isn't available to the users.
- Loop app will open Loop components when workspaces is disabled.
- Enabled: Creation of Loop workspaces is available to the users.
- Not configured: Creation of Loop workspaces is available to the users.
- For Create and view Loop files in Microsoft apps that support Loop:
- recall:
- this setting applies to:
- Outlook integration
- OneNote integration
- Whiteboard integration
- this setting does NOT apply to:
- Loop workspaces (see Manage Loop workspaces in SharePoint Embedded)
- Teams integration (see Settings management for Loop components in Teams)
- Copilot Pages
- this setting applies to:
- Enabled: Creation of Loop components and integration is available to the users.
- Disabled: Creation of Loop components and integration isn't available to the users.
- Not configured: Creation of Loop components and integration is available to the users.
- recall:
- For Create and view Loop files in Microsoft 365 Copilot Chat
- Enabled: Copilot pages creation and integration is available to the users.
- Disabled: Copilot pages creation and integration isn't available to the users.
- Not configured: Copilot pages creation and integration is available to the users.
- NOTE: If your organization has disabled the creation of OneDrive, regardless of the setting noted here, these people in your organization will not be able to create a Copilot Pages workspace.
- For Create and view Loop files in Outlook:
- Enabled: Creation of Loop components and integration is available to the users.
- Disabled: Creation of Loop components and integration isn't available to the users.
- Not configured: Creation of Loop components and integration is available to the users.
- For Create and view Loop workspaces in Loop:
- Save the policy configuration.
- Reassign priority for any security group, if required. (If two or more policy configurations are applicable to the same set of users, the one with the higher priority is applied.)
In case you create a new policy configuration or change the configuration for an existing policy, there can be a delay in the change being reflected as described below:
- If there were existing policy configurations prior to the change, then it will take 90 mins for the change to be reflected.
- If there were no policy configurations prior to the change, then it will take 24 hours for the change to be reflected.
Note
In order to target only a group of users in your organization to be able to create and view Loop content in workspaces, create a second group that targets All users, set this group to Disabled, and make it a priority number that evaluates after your first target group that is set to Enabled. In Cloud Policy, priority 0 evaluates first, followed by priority 1, then 2, and so on. This configuration will override the default Not Configured state to Disabled for all users but your target group.
Settings management for Loop functionality in Teams
You'll need the latest version of SharePoint PowerShell module to enable or disable Loop experiences in Teams. Loop components default to ON for all organizations. Because Loop components are designed for collaboration, the components are always shared as editable by others, even if your organization is set to create shareable links that have view-only permissions as the default value for other file types. For more information, see the Learn more link next to the setting.
| Experience | SharePoint organization properties | Notes |
|---|---|---|
| Loop components in Teams | IsLoopEnabled (boolean) |
This property controls Loop component creation and integration in Microsoft Teams. It applies to the entire tenant and can not be configured at the user level. |
| Collaborative meeting notes | IsCollabMeetingNotesFluidEnabled (boolean) |
This property controls the collaborative meeting notes creation and integration in Microsoft Teams. It applies to the entire tenant and can not be configured at the user level. |
To check your tenant's default file permissions, perform the following steps:
- Sign in to Microsoft 365 admin center.
- Under Admin centers, select SharePoint.
- Select Policies > Sharing, and under File and folder links, view your organization's default file permissions.
To check if Loop components are enabled, run Get-SPOTenant without any arguments. Verify the value of IsLoopEnabled is true.
To enable Loop components in Teams, run Set-SPOTenant -IsLoopEnabled $true. The change will take a short time to apply across your organization.
To disable Loop components in Teams, run Set-SPOTenant -IsLoopEnabled $false. The change will take a short time to apply across your organization. If your organization has multiple regions (that is, organization URLs), you need to disable loop components for all the regions to have consistent results across the organization.
These tenant-level properties