Mobility, flexibility, Content Creation & Internal Collaboration rely on an individual’s ability to access and share their content from anywhere at any time. OneDrive for Business is the solution provided by Office 365, and mobile apps, to meet these unwavering end-user goals. However, there are dependencies on Operating system features and a balance to meet the expectations of the end-user while ensuring the need of IT security & compliance. In this session we'll take a look at the key considerations when building your adoption plan of OneDrive, migration methods for moving your end-users' content, how to manage the content as users join and leave your organization.
2. February 10-13, 2019 Austin, TX USA
About Me
Adam Levithan
@collabadam
alevithan@withum.com
Principal
Product Manager, OneWindow Workplace
12+ years in Collaboration
Office 365 Expertise: User
Adoption, Information
Architecture, Content Migration,
Document Management, Security
20. February 10-13, 2019 Austin, TX USA
App
Mobile App is
managed
Mobile App reputation
SaaS app sensitivity
Other
Network location
Breach detected
Device
Managed
Compliant
User
Group memberships
Auth strength (MFA)
Risky behavior
35. February 10-13, 2019 Austin, TX USA
Program Files (x86)
Same OneDriveSetup.exe
No special rules for OneDrive when blocking exe files from user profiles
44. February 10-13, 2019 Austin, TX USA
https://techcommunity.microsoft.com/t5/Microsoft-
OneDrive-Blog/What-s-New-with-OneDrive-in-
SharePoint-Server-2019/ba-p/218924
https://techcommunity.microsoft.com/t5/Microsoft-
OneDrive-Blog/Migrate-Your-Files-to-OneDrive-Easily-
with-Known-Folder-Move/ba-p/207076
https://techcommunity.microsoft.com/t5/Microsoft-
OneDrive-Blog/New-Capabilities-for-OneDrive-
Announced-Today-at-SharePoint/ba-p/194181
Resources
45. February 10-13, 2019 Austin, TX USA
@collabadam
alevithan@withum.com
Thank You
Editor's Notes
Jason
https://products.office.com/en-us/business/office-365-trust-center-compliance-certifications
OFFICE 365 TRUST CENTER
Over 900 controls in our Trust Framework
Office 365 is verified to meet the requirements specified in ISO 27001, European Union (EU) Model Clauses, the Health Insurance Portability and Accountability Act Business Associate Agreement (HIPAA BAA), and the Federal Information Security Management Act (FISMA).
Our data processing agreement details the privacy, security, and handling of customer data, which helps you comply with local regulations.
OneDrive for Business and SharePoint also work hand-in-hand over the lifecycle of a file.
START BY CREATING A FILE IN YOUR PERSONAL FILE SHARE AND STORAGE (ODB)
NOW COLOBRATE BY MOVING IT TO SHAREPOINT TEAM SITE (NOW STORED IN ODB)
NOW PUBLISH IN A LARGER ORG SP SITE OR MOVE TO SOCIAL SHARING WITH YAMMER OR TEAMS
Manage Users
AAD to manage users and groups
Enforce strong passwords
Multi factor authentication
Conditional access based on users and groups
Revoke suspicious user sessions
Manage device and application access
Integrated device and app management through Microsoft InTune
Prevent or downgrade access on unmanaged and non-compliant devices
Control apps and their level of access on both managed and unmanaged devices
Integration with other EMM providers such as MobileIron, AirWatch etc.
Manage location of access
Restrict access to specific IP ranges
Automatically revoke access when user moves to untrusted location
Manage access to sensitive data
Office 365 Data Loss Prevention (DLP) policies protect sensitive data
Prevent sharing of sensitive data with external users or within the organization
Manage external sharing in your organization
Restrict who can share with whom
Control what data can be shared with external users
Restrict what external users can do
Next is ROBUST IT CONTROLS
Customization of Sharing Emails
External Sharing Reports
Transfer Ownership
34
Get your users into the “Ideal State”
access delegation
By default, when you delete a user, ownership of the OneDrive is transferred to the user's manager. Follow these steps to check if access delegation is turned on and set a secondary admin in case a user doesn't have a specified manager: