Extending our IT control and developer options with OneDrive for Business

Whether you’re an IT Pro or a developer we’ve got some great news! We recently showed you how an administrator can limit file sync to only domain joined PC’s. Today we’re delivering new IT controls to manage how files flow outside your organization and starting the rollout of our OneDrive API for production use.

External sharing governance

OneDrive’s external sharing features make it easy for your users at work to collaborate with their clients and partners in other organizations, which is why we enable external sharing by default. But perhaps you’re worried about people sharing with specific companies such as your direct competitors. Today we’re announcing three new features to help IT govern external sharing: auditing external sharing invitations, limiting external sharing permissions for specific users, and limiting which external domains your users can share with.

Auditing external sharing invitations

In regulated industries, it’s often important to audit every conversation with external parties – including any text your users add to their external sharing invitations. We’ve added the ability to blind copy the full text of invitation emails to a dedicated archive mailbox. The SharePoint Online Management Shell lets you specify the addresses to receive the bcc copy using the Set-SPOTenant –BccExternalSharingInvitationsList command. Once that is set, a copy of every invitation will be sent to the mailbox and remain available for later auditing or review.

Limiting external sharing permissions for specific users

In some cases, you may want to prevent certain users from sharing documents outside the company, e.g. the team responsible for financial disclosures. Up until now, we’ve only had a switch to turn off external sharing for all OneDrive for Business users. Now you can disable external sharing permissions for specific individual users. Set-SPOSite –SharingCapability now works for individual OneDrive for Business sites the same way it always has for Team sites. As soon as the admin disables sharing the user is informed they can’t share externally.

Managing external sharing domains

Finally, we’re working on a feature to let admins limit which external email domains can be invited to view or edit shared files. We’ll add an External Sharing tab in the admin console where you can configure an allow list (only allow sharing to users in these domains) or a deny list (allow sharing to any user by default, but block sharing to users in these specific domains). We’ll start a preview program in the coming weeks and expect to roll this feature our before the end of the year.

ODB_Extending_Our_IT_Control_allow_deny_list

New developer opportunities

We want developers to be able to build rich apps that integrate with OneDrive (both consumer and business). Previously we made announcements about preview support for OneDrive for Business in our unified OneDrive API. Today, we are starting to roll out this OneDrive API for production use. Learn more here.

Get started today!

This is just part of the many announcements on OneDrive for Business we’ve made today. Check them all out here. We’re continuing to invest in capabilities for IT to protect critical business data as well as new developer opportunities and we have more planned in the coming months – stay tuned!


Jeremy Mazner
Group Program Manager, OneDrive and SharePoint