![]() ![]()
Please start using Conditional Access to control Access for both external and internal users. I mean, this is not perfect, since a user could provide a false external contact and share everything with it to exfiltrate, but at least we can see what is being shared/uploaded. – Internal users can only access onedrive from corporate devices.–> this reduces the risk of massive information exfiltration and allows us to “audit” the use of Onedrive from our SWG. –> this would allow them to access to the shared links from OneDrive, and may be limiting only download/read permissions should fit better. – External contacts added in the directory by IT can access remotelly from any device with pin code. So, I’m not sure what is the best practice here, but I imagine this scenario: We feel like we are going from 0 to 100 in terms of external access. Hi, we face the need to allow share files externally from Onedrive, with some contacts in order to avoid the use of wetransfer or similar, but at the same time we aren’t comfortable with allowing everybody access from non corporate devices. Controls which worked well for many years in a traditional environment are often outdated by modern solution(s) that often work better and meet the revised needs/standards according a modern workplace. Shifting from a traditional to a modern workplace isn’t just a matter of migrating the current, but a real transformation. For example, you might require sync to be available only on domain-joined devices or devices that meet compliance as defined by Microsoft Intune.Īlongside Conditional Access, Microsoft Cloud App Security (MCAS) can be used to implement complementary data leak prevention (DLP) policies to make sure you stay in control no matter where your corporate data goes. The OneDrive for Business client works with the Conditional Access control policies to ensure syncing is only done with managed and/or compliant devices. Azure AD Conditional Access provides tailored controls to address your corporate needs.Īzure AD Conditional Access control capabilities in Azure AD offer simple ways for you to secure resources in the cloud. Allow syncing only on computers joined to specific domains works for AD joined devices but doesn’t fit for a (native) modern workplace which is Azure AD Joined. Lastly, preventing from ending up at unmanaged or non-compliant devices. The underlying reason for implementing these controls is to make sure companies remain control of where your corporate data is going through. Restrict OneDrive from syncing to specific (AD) domains. So I reached out and contacted support □ Even when we tried to configure OneDrive sync manually, we didn’t succeed and ran into the following error “ Sorry, OneDrive can’t add your folder right now“. ![]() But in this case the OneDrive for Business client configuration was far from silent if you asked me! We ran into a challenge where OneDrive for Business client won’t be configured silently. It’s a no-brainer to opt-in for automatically (silently) configure the OneDrive for Business client. This will be the case when you’re preventing managed computers to sync OneDrive which are joined to a specific (Active Directory) domain(s). #Download onedrive for business sync client software#This puts Windows Autopilot on the menu including automatic enrollment & management, encryption, policies, software deployment and…silently configuration of OneDrive for Business client.īut what if silent configuration isn’t working as expected? This might become challenging where traditional and modern workplace comes together, you can end up in a situation where they do not fit. Last week I was preparing a modern workplace demo fully automated and managed by cloud. (almost the same as GPO but wrapped in a modern UI called Microsoft Intune □) OneDrive for Business client configuration using Microsoft Intune Administrative Templates. Nowadays OneDrive can easily be configured using Administrative Templates (31 settings) via Microsoft Intune. In the early days we were designated using semi-automatic methods using registry keys and scripts by Per Larsen, old school group policies, or by custom OMA-URI policies to do the magic. Over time the silent configuration of OneDrive for Business has been improved. #Download onedrive for business sync client full#What is a modern workplace these days without having your personal- or group data synced to OneDrive and taking the full advantage Microsoft’s cloud storage has to offer!? One of the most asked feature is silently configuring your OneDrive client to automatically synchronize your (personal) data. OneDrive client is unable to sync your folders. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |