Restrict OneDrive For Business Access - Netwoven
Blog

Restrict OneDrive For Business Access

By Arghya Roy  |  Published on June 20, 2017

Restrict OneDrive For Business Access

OneDrive For Business is an integrated service in O365 which originates with its root in SharePoint online. And a very generic need in most of the organization is that they do not want their users to be able to sync files and folders from OneDrive For Business or a part of users to be restricted from use of this feature. The challenge is, how this can be prevented for users when they may have already started syncing their files. This article shows you the ways, which are more essential and the precautionary steps needed to implement this.

Caution: Before the implementation, every user must be informed to take the backup of files which have already been uploaded to OneDrive.

Step 1: Disabling OneDrive Icon from the app-launcher.

This steps are needed to wrap up the situation when we have not planned yet that how many users in the organization will be allowed to use the OneDrive and based on that, we will be creating a security group and adding the users to that group. In addition, the new users created in that time should not able to see the OneDrive for Business icon and create the personal site. Hence, we want this icon to disappear for all the users. However, the existing sync will still be same. To do that, go to the SharePoint admin Center >> Settings >> At the “Show or Hide Options” for OneDrive for Business, toggle to “Hide” button.

Restrict OneDrive For Business Access

Then scroll down and there is one more choice to hide “OneDrive Sync Button” and we need to toggle to “Hide the Sync button“.

Restrict OneDrive For Business Access

After the change, the OneDrive icon will not appear in app-launcher for all users.

Restrict OneDrive For Business Access

Step 2: Removing permission to prevent users from automatic creation of personal site.

Login as Global Admin in the tenant, Open “SharePoint Admin Center” then Go to “User Profiles” and Click on “Manage User Permissions

Restrict OneDrive For Business Access

Here, we will remove the permission for group of users or everyone and they will not be able to create personal site and sync files using OneDrive apps.

Restrict OneDrive For Business Access

Recommended read : OneDrive For Business

Step 3: Breaking communication of synced files in personal site.

To stop syncing of existing files and folders, we need to break down the communication created by users. The way to do it, the personal site needs to be dropped. This is only the synchronization channel made to sync files using OneDrive app and web.

The site URL for the OneDrive sync will look like here https://<tenantname>.my.sharepoint.com/personel/<username>_<tenantname>_onmicrosoft_com/_layouts/15/OneDrive.aspx

Now change the switch at the end “OneDrive.aspx” to “Deleteweb.aspx“. and Click the “Delete” button.

Restrict OneDrive For Business Access

Double check that you are doing for right person and click the “OK” button.

Restrict OneDrive For Business Access

After that the personal site will not be accessible for the user.

And the synchronization will be stopped.

Restrict OneDrive For Business Access

Caution: But the above steps are requires user credential and you won’t be allowed to remove personal site for others, even you are the Global Admin for this tenants. Keep reading to know how you can do it for all the users.

Step 4: Adding site collection owner (administrative access to others personal site).

Here we will remove the personal site of other users administratively. Hence, we need to add Global Admin as “Site Collection” owner. Login as “Global Admin” and Open “SharePoint Admin Center” then Go to “User Profiles” and under the “People” click on “Manage User profiles”.

Restrict OneDrive For Business Access

Search for the User Profile for whom you wish to delete the OneDrive site. Select drop down menu against the User Profile. Select “Manage site collection owners

Add the Global Admin in “Primary Site Collection Administrator” and “Site Collection Administrator“.

Restrict OneDrive For Business Access

Again select the drop down list against the displayed userprofile and select “Manage Personal Site”

And here the Global Admin will get the access of “Personal Site“.

Restrict OneDrive For Business Access

We will change the switch “Deleteweb.aspx” replacing the switch “OneDrive.aspx” in the url to invoke the hidden delete site page. After that we will be able to remove the Personal Site.

Restrict OneDrive For Business Access

Click “OK” to go ahead.

Restrict OneDrive For Business Access
Restrict OneDrive For Business Access

Step 5: Enabling OneDrive For Business only for specific users

If the managemnet of the organization decides that OneDrive will be allowed for specific group of users then we need the work around to make it work. Here, we will show the process to do it.

So, the sync button must be set to show at the tenant level unlike the previous step where we had set to  “hide”. This will allow the icon appear to all users in app-launcher but users won’t be able to access the onedrive since we have removed permission for all the users and removed the personal site.

If user want to reconfigure the OneDrive using his credential they can’t do it either.

Restrict OneDrive For Business Access

They will get the error like below.

Restrict OneDrive For Business Access

If they try to access in web by clicking “OneDrive” icon, they will be automatically redirected to “Delve”.

Now we want the specific group of user to be allowed to use “OneDrive”.  Hence, we will add the specific user or security group and enable “Create Personal Site”. Then they will able to accecss OneDrive.

Refer Step 2 to open site permission of a specific user onedrive page and the permission dialog is opened up as below:

Select appropriate permission level you wish to add as shown below.

Restrict OneDrive For Business Access

Viewers please leave your comment if any of the area we need to be more descriptive or anything which is needed more clarity. Thanks for reading this.

1 comment

Leave a comment

Your email address will not be published. Required fields are marked *

Unravel The Complex
Stay Connected

Subscribe and receive the latest insights

Netwoven Inc. - Microsoft Solutions Partner

Get involved by tagging Netwoven experiences using our official hashtag #UnravelTheComplex