The OneDrive admin page was announced during ignite 2016. There was no easy way to manage the usage and OneDrive options for the organisation: admin.onedrive.com! In this post, we’ll go over the options we can manage to increase security and manage data access.

onedriveadmin

We’ll cover these topics:

  • Sharing
  • Sync
  • Storage
  • Device access
  • Compliance

Sharing

In the sharing section, you control access for internal and external users. Both can be managed separately and sharing settings can be set to include or exclude anonymous links or external users.

sharing

A welcome change is to limit the domains that are accepted or blocked for sharing access.

sharing2

Sync

The admin page allows admins to control what machines can sync company data or to block syncing of specific file types.

sync

Multiple domains can be added as an Allowed domain to sync data. An admin can, together with the option to block syncing of specific file types create very simple rules with a high return on data management.

Microsoft also provides a link that provides solutions to the most common OneDrive problems.

Storage

Next on the options list: storage. By default, users get the full amount of storage. Since here are plans with 5Tb, this can be a bad idea.

storage

The managers will receive a notice when a deleted user’s files will be deleted, the admin page lets you set the period after which data will be deleted.

Device access

Device access options allow a setup of a granular access to protect the user his data. IP whitelisting and modern authentication can be enforced. But the creation of a mobile application management policy is a welcome feature. Note: Intune policies will take precedence for the selected users and will not be enforced on personal accounts.

policy

You even can manage the offline behaviour of the client.

policy2

Compliance

If the organisation has legal, regulatory or technical standards or if there is the need to identify or and protect sensitive information, this can be done in the Security and Compliance section.

Next to auditing, DLP policies can be created. Data loss prevention (DLP) policies help to identify and protect your organisation’s sensitive information. For example, you can set up policies to help make sure the information in email and docs isn’t shared with the wrong people.

In the alert section, a lot of OneDrive actions are added so notifications can be generated and sent out.

compliqnce

Final notes

Microsoft added some very nice features what makes OneDrive more business friendly by enabling admins to control the way OneDrive and the company data behave. Users were able to sync the data to almost any device and it would stay accessible even if the account is removed. I surely hope that this is only the first step towards central OneDrive management.

Jurgen Van Eynde

Jurgen Van Eynde

Hybrid Cloud Infrastructure Consultant @ Spikes

Advertisements