New IT management controls added to OneDrive for Business

The OneDrive for Business team has been working to deliver the most commonly requested controls by Office 365 admins. Today, we’ll highlight new management options you have to protect and control the flow of your information using OneDrive for Business.

In addition, this week’s Office Mechanics show walks through the new controls and how to implement them as an Office 365 admin:

Limiting file sync to domain joined PCs

OneDrive for Business enables users to synchronize their files for offline use across their PCs or Macs. One of the most common requests from IT admins is to have the ability to block sync on unmanaged PCs. Now you can enable file sync to work only on domain-joined PCs (and you can even specify which of your domains you want to allow to sync), thereby blocking file sync on personally owned or unmanaged PCs. Note that using this setting means that you will disable file sync on all Macs as they cannot be domain-joined and managed like PCs.

This new control uses PowerShell to limit file sync to a list of permitted domains and, if your organization uses multiple domains, you can select the individual domains from which you allow sync requests.

You can find more details on TechNet, including how to determine your domain GUIDs. We also demonstrate this on the show.

Auditing all actions taken against OneDrive for Business files

New auditing controls rolling into the Office 365 compliance center allow you to audit all actions taken against files stored in OneDrive for Business. If you want to monitor activities like which PCs or Macs attempted to sync with OneDrive or who viewed and shared files, the auditing controls provide that visibility. You can learn more in this recent Office Blogs post and we demonstrate some of the auditing capabilities on the show.

Managing mobile devices connecting to OneDrive for Business data

As more people move to OneDrive for Business to store and access their files, email-based mobile device management (MDM) policies may not suffice to protect data. Now using MDM in Office 365, you can ensure that devices connecting to your OneDrive for Business data are managed. After you’ve set up MDM policies, a device will need to enroll in MDM for Office 365 when it tries to connect to your data using OneDrive for Business or Office Mobile apps. This ensures that the device meets security requirements, enforces PIN log in and other chosen configurations on the device. You can find out more about MDM for Office 365 and see it in action on the show.

Setting storage quotas in OneDrive for Business

Even though the prospect of having 1 TB of data in the cloud is attractive for many people, several organizations have requested the ability to set smaller quota limits. It could be to limit the amount of data stored for information protection reasons or simply to ensure that what people store in OneDrive for Business can sync (and fit) on their PC’s hard drive. In this case, PowerShell is again used to determine the storage quota.

We demonstrate this feature on the show and you’ll find more information on TechNet.

Preventing unintentional sharing to “Everyone” or “All Users” in OneDrive for Business

OneDrive for Business is designed to ensure that only those with viewing or editing permissions can view or edit a file. Many organizations want sharing with people to be a very specific and targeted action. For example, they want their users to determine the specific people they need to share a file with and explicitly invite them through the sharing dialog. We’ve also offered the “Shared with Everyone” folder, which means files placed in this folder automatically grants all users permissions to these files and makes the files publically discoverable through Delve. We had a lot of feedback from customers that this folder was an all too simple way to avoid specifically nominating people who should get access to a file. Based on this feedback for all new tenants and users the “Shared with everyone” folder will no longer be created by default; however, IT admins have the ability to override this setting.

If this is something you’ve been waiting for to protect information, you’ll also be happy to know that there are controls to remove “Everyone,” “All Users” and “Everyone except external users” from the people picker in OneDrive for Business and SharePoint Online.

More information about this feature is on TechNet and we highlight this as well as the resulting user experience on the show.

More to come in OneDrive for Business
These new controls, all based on your feedback, provide more capabilities to protect corporate information in OneDrive for Business. In the coming months, we’ll deliver a whole range of new user experiences including our new sync client (featuring selective sync); new web client refresh and offline file support for mobile devices. We’ll also bring in new controls for IT admins to manage the scope or span of sharing outside the organization as well as other controls that provide additional ways to protect key business files. So keep checking back, be sure to try out the new management controls today and let us know what you think.

Reuben Krippner

Director, Product Management, OneDrive