OneDrive for Business – new commands for PowerShell.

New commands for OneDrive for Business 😉

Source: https://blogs.office.com/2015/07/16/new-it-management-controls-added-to-onedrive-for-business/

Limiting file sync to domain joined PCs

OneDrive for Business enables users to synchronize their files for offline use across their PCs or Macs. One of the most common requests from IT admins is to have the ability to block sync on unmanaged PCs. Now you can enable file sync to work only on domain-joined PCs (and you can even specify which of your domains you want to allow to sync), thereby blocking file sync on personally owned or unmanaged PCs. Note that using this setting means that you will disable file sync on all Macs as they cannot be domain-joined and managed like PCs.

This new control uses PowerShell to limit file sync to a list of permitted domains and, if your organization uses multiple domains, you can select the individual domains from which you allow sync requests.

The PowerShell cmdlet and syntax you use is:

The “DomainGuids” value represents the domain you are allowing. You can find more details on TechNet, including how to determine your domain GUIDs. We also demonstrate this on the show.

Auditing all actions taken against OneDrive for Business files

New auditing controls rolling into the Office 365 compliance center allow you to audit all actions taken against files stored in OneDrive for Business. If you want to monitor activities like which PCs or Macs attempted to sync with OneDrive or who viewed and shared files, the auditing controls provide that visibility. You can learn more in this recent Office Blogs post, and we demonstrate some of the auditing capabilities on the show.

Managing mobile devices connecting to OneDrive for Business data

As more people move to OneDrive for Business to store and access their files, email-based mobile device management (MDM) policies may not suffice to protect data. Now using MDM in Office 365, you can ensure that devices connecting to your OneDrive for Business data are managed. After you’ve set up MDM policies, a device will need to enroll in MDM for Office 365 when it tries to connect to your data using OneDrive for Business or Office Mobile apps. This ensures that the device meets security requirements, enforces PIN log-in and other chosen configurations on the device. You can find out more about MDM for Office 365 and see it in action on the show.

Setting storage quotas in OneDrive for Business

Even though the prospect of having 1 TB of data in the cloud is attractive for many people, several organizations have requested the ability to set smaller quota limits. It could be to limit the amount of data stored, for information protection reasons, or simply to ensure that what people store in OneDrive for Business can sync (and fit) on their PC’s hard drive.

In this case, PowerShell is again used to determine the storage quota. Here’s an example:

We demonstrate this feature on the show, and you’ll find more information for the Set-SPOSite cmdlet on TechNet.

Preventing unintentional sharing to “Everyone” or “All Users” in OneDrive for Business

OneDrive for Business is designed to ensure that only those with viewing or editing permissions can view or edit a file. Many organizations want sharing with people to be a very specific and targeted action. For example, they want their users to determine the specific people they need to share a file with and explicitly invite them through the sharing dialog. We’ve also offered the “Shared with Everyone” folder, which means files placed in this folder automatically grant users permissions and are publically discoverable through Delve. We had a lot of feedback from customers that this folder was an all-too-simple way to avoid specifically nominating people who should get access to a file. Based on this feedback, for all new tenants and users, the “Shared with everyone” folder will no longer be created by default; however, IT admins have the ability to override this setting.

If this is something you’ve been waiting for to protect information, you’ll also be happy to know that there are controls to remove “Everyone,” “All Users” and “Everyone except external users” from the people picker in OneDrive for Business and SharePoint Online. Again, you would use PowerShell to disable these entries from the people picker with the following settings:

More information about the Set-SPOTenant cmdlet is on TechNet and we highlight this as well as the resulting user experience on the show.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close