Restrict Onedrive for business client to Domain joined machines

I was working on restricting one drive for business client access as we were not able to use conditional access.

Fortunately  one-drive provides a way at-least for the client to be restricted to the Active directory domain.

This feature is beneficial for many customers that want users to avoid synchronize data on their personal computers, there are still many limitations with this feature.

  • MAC’s are not covered.(you can block but you can’t identify if these are personal or corporate)
  • Mobile clients can still synchronize the files from one drive.(device access policies to be used)
  • users can still use browser access.
  • existing synchronized data will not be erased.

Conditional access is the better way but where not possible this can add some level of control.

Here is what you have to do to enable it, first get the GUID of your Active directory domain:

Use Import-Module Activedirectory so that you are able to run AD shell commands.

Next get all the domains available in your AD forest.

(Get-ADForest).domains

Get the objectguid for the domain that you want synchronization to be restricted.

Get-ADDomain “Domain” | select objectguid

Now you need to logon to one drive admin portal

Click on Sync –> check Allow syncing only from Pcs joined to specific domains.

In the edit domain add the GUID for the domains that you wish to allow for synchronization, rest all will be blocked.

You have the option to block MAC as well..

Save the settings & you are done, wait for changes to happen , it can take up to few hours to take effect.

Ones this configuration is applied user on personal computers will receive an error if they try to sync from one drive from your tenant.

Sorry, OneDrive can’t add your folder at this time. Please contact support

I hope this configuration will assist your organization if you are planning restriction of one drive client.

 

Thanks for reading

Sukhija Vikas

http://SysCloudPro.com

 

Advertisements

One thought on “Restrict Onedrive for business client to Domain joined machines

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s