Restrict OneDrive For Business Access

Thank to: https://www.netwoven.com/ 

OneDrive For Business is an integrated service in O365 which originates with its root in SharePoint online. And a very generic need in most of the organization is that they do not want their users to be able to sync files and folders from OneDrive For Business or a part of users to be restricted from use of this feature. The challenge is, how this can be prevented for users when they may have already started syncing their files. This article shows you the ways, which are more essential and the precautionary steps needed to implement this.

Caution: Before the implementation, every user must be informed to take the backup of files which have already been uploaded to OneDrive.

Step 1: Disabling OneDrive Icon from the app-launcher.

This steps are needed to wrap up the situation when we have not planned yet that how many users in the organization will be allowed to use the OneDrive and based on that, we will be creating a security group and adding the users to that group. In addition, the new users created in that time should not able to see the OneDrive for Business icon and create the personal site. Hence, we want this icon to disappear for all the users. However, the existing sync will still be same. To do that, go to the SharePoint admin Center >> Settings >> At the “Show or Hide Options” for OneDrive for Business, toggle to “Hide” button.

Then scroll down and there is one more choice to hide “OneDrive Sync Button” and we need to toggle to “Hide the Sync button“.

After the change, the OneDrive icon will not appear in app-launcher for all users.

Step 2: Removing permission to prevent users from automatic creation of personal site.

Login as Global Admin in the tenant, Open “SharePoint Admin Center” then Go to “User Profiles” and Click on “Manage User Permissions

Here, we will remove the permission for group of users or everyone and they will not be able to create personal site and sync files using OneDrive apps.

Recommended read : OneDrive For Business

Step 3: Breaking communication of synced files in personal site.

To stop syncing of existing files and folders, we need to break down the communication created by users. The way to do it, the personal site needs to be dropped. This is only the synchronization channel made to sync files using OneDrive app and web.

The site URL for the OneDrive sync will look like here https://<tenantname>.my.sharepoint.com/personel/<username>_<tenantname>_onmicrosoft_com/_layouts/15/OneDrive.aspx

Now change the switch at the end “OneDrive.aspx” to “Deleteweb.aspx“. and Click the “Delete” button.

Double check that you are doing for right person and click the “OK” button.

After that the personal site will not be accessible for the user.

And the synchronization will be stopped.

Caution: But the above steps are requires user credential and you won’t be allowed to remove personal site for others, even you are the Global Admin for this tenants. Keep reading to know how you can do it for all the users.

Step 4: Adding site collection owner (administrative access to others personal site).

Here we will remove the personal site of other users administratively. Hence, we need to add Global Admin as “Site Collection” owner. Login as “Global Admin” and Open “SharePoint Admin Center” then Go to “User Profiles” and under the “People” click on “Manage User profiles”.

Search for the User Profile for whom you wish to delete the OneDrive site. Select drop down menu against the User Profile. Select “Manage site collection owners

Add the Global Admin in “Primary Site Collection Administrator” and “Site Collection Administrator“.

Again select the drop down list against the displayed userprofile and select “Manage Personal Site”

And here the Global Admin will get the access of “Personal Site“.

We will change the switch “Deleteweb.aspx” replacing the switch “OneDrive.aspx” in the url to invoke the hidden delete site page. After that we will be able to remove the Personal Site.

Click “OK” to go ahead.

Step 5: Enabling OneDrive For Business only for specific users

If the managemnet of the organization decides that OneDrive will be allowed for specific group of users then we need the work around to make it work. Here, we will show the process to do it.

So, the sync button must be set to show at the tenant level unlike the previous step where we had set to  “hide”. This will allow the icon appear to all users in app-launcher but users won’t be able to access the onedrive since we have removed permission for all the users and removed the personal site.

If user want to reconfigure the OneDrive using his credential they can’t do it either.

They will get the error like below.

If they try to access in web by clicking “OneDrive” icon, they will be automatically redirected to “Delve”.

Now we want the specific group of user to be allowed to use “OneDrive”.  Hence, we will add the specific user or security group and enable “Create Personal Site”. Then they will able to accecss OneDrive.

Refer Step 2 to open site permission of a specific user onedrive page and the permission dialog is opened up as below:

Select appropriate permission level you wish to add as shown below.

Viewers please leave your comment if any of the area we need to be more descriptive or anything which is needed more clarity. Thanks for reading this.

Comentarios

Publicar un comentario

Dime si la información de este blog te sirvio.

Entradas populares de este blog

Guía de herramientas básicas para estudiantes: 31 apps y webs imprescindibles para ayudarte con los estudios

Imagen
  Te traemos una guía con   31 aplicaciones y herramientas web para ayudarte como estudiante , una colección muy variada para sacar provecho en diferentes ámbitos en los que puedas necesitarlo. Nos hemos dejado fuera el ámbito educativo para los más jóvenes, recursos que tenemos en   esta otra guía , y nos hemos centrado en estudiantes más adultos. Hemos decidido centrarnos en herramientas prácticas, dejando fuera las plataformas para cursos online, tanto  las más conocidas  como  otras menos conocidas . Lo que hemos preferido buscar son recursos que puedas usar en tu día a día, como gestores de fuentes y citaciones, herramientas para diagramas, para intercambiar apuntes o para crear diferentes contenidos. Y lo que decimos siempre en Xataka Basics hoy cobra más sentido que nunca. Nosotros te traemos 31 herramientas, pero te invitamos a  compartir tus propuestas en la sección de comentarios  para que el resto de usuarios también pueda beneficiarse de los conocimientos de nuestros xatake
Leer más

Comando FOR para archivos BAT

Gracias a: http://profesoremiliobarco.blogspot.com/ El comando FOR sirve para ejecutar bucles de instrucciones, y es una instrucción que se encuentra disponible en todos los lenguajes de programación. Un bucle son varias repeticiones de algunas instrucciones. Este comando suele ser el más complicado de entender para las personas que empiezan a escribir archivos BAT complejos. Aqui intentaré explicar todas las opciones y usos del comando FOR, así como intentar resolver las dudas que los usuarios de Internet me puedan plantear. La sintaxis normal del comando FOR es: FOR %var IN (lista) DO (      comando     comando      ... )  Pero si lo vamos a usar dentro de un archivo BAT será así: FOR %%var IN (lista) DO (      comando     comando      ... ) Observa que la variable "var" ahora va precedida por dos simbolos de "%". Además, si este for está dentro de un archivo BAT, el nombre de la variable debe ser UNA SOLA LETRA (p.ej: %%n, %%i,  %%j , etc
Leer más

Policy Based Routing example: route one subnet via ISP A and another via ISP B

Imagen
thanks to: http://glennmatthys.wordpress.com/ Goal Setup a network with a Cisco router that routes one local subnet via internet connection A and another local subnet via internet connection B. In this example we’ll use one LAN side, which has two subnets: 192.168.1.0/24 192.168.2.0/24 We want traffic destined for the internet, originating from the 192.168.1.0/24 network, to be sent to ISP A, which is connected to FastEthernet0 We want traffic destined for the internet, originating from the 192.168.2.0/24 network, to be sent to ISP B, which is connected to FastEthernet1 Both internet connections get their IP address via DHCP. Prerequisites For this  configuration you’ll need: One dual WAN router, such as a 1811 Two internet connections (or simulated ones) 2 nodes, one for the 192.168.1.0/24 subnet and one for the 192.168.2.0/24 subnet. These can be two different computers, or two virtual machines, etc… ClientA, Windows 7, will connect to 192.168.1.0/24 and sur
Leer más