OneDrive is a key workload in Microsoft 365 and is an integral part of your collaboration strategy. OneDrive provides a cloud location to store, share, and sync your work files and then work with them from any device. Whether you are looking to roll-out OneDrive or are already are utilizing it, there are a lot of important things that you should know about management
3. OneDrive Intro
What you need to know
Administration
All about sync
Awareness & Insights
Deploying &
Managing OneDrive
365EduCon Seattle 2023
4. Microsoft OneDrive
Powering the collaborative files experience across Microsoft 365
OneDrive’s first product name was…. “Windows Live Folders”
5. Powering your individual files work
Get to your files
All your files are always on your OneDrive—even those shared by others
Find the files that matter most
Unified search in OneDrive finds files across Microsoft 365
Store files as you create them
OneDrive and Microsoft 365 go hand in hand, so you can create and
access your docs from whatever app you’re in
Take your desktop to the cloud
The OneDrive cloud experience is a seamless transition from managing
your files locally
Your files are safe
By default, your OneDrive files are accessible only to you until you share
them out
6. Share everywhere
Wherever you’re working in Microsoft 365, secure sharing is right there
in the app
Give the right access
Whether in OneDrive, Teams, Outlook, or your file explorer, file
permissions set via sharing let you set different access rights for
individuals and groups
Collaborate in your docs
OneDrive enables the tools, like @mentions and coauthoring, for
working with your team in Office files
Request and approve files
Team projects require the right files are done right—and OneDrive with
Microsoft 365 helps you do both with requesting and approving
Powering your team files collaboration
7. Microsoft 365
Anywhere access to all your files The hub for teamwork The intelligent intranet
Intelligent content services
Intelligent file experiences
Teams
13. Built on top of SharePoint
Evolution of “My Sites”
from SharePoint on-
premises
Administration tightly
coupled between
SharePoint & OneDrive
Each user’s OneDrive is a
SharePoint Site Collection
OneDrive does not count
against SharePoint Online
tenant storage usage
Created under the
/personal managed path
when a user first accesses
14. Content & Migration Network
Will you migrate any existing files? Is your network ready?
http://bit.ly/o365ipsurls
17. Access
Default sets ownership to manager declared in user profile
Follows access delegation set in SP Admin Center
Cleanup
If user profile manually deleted the site won’t be deleted
Email sent on initial assignment and 7 days prior to retention
If site is on eDiscovery hold the site won’t be deleted
Deletion of user account in Azure AD is only thing to trigger
18.
19. Files stores in OneDrive automatically that will matter
Meetings recordings for personal Team meetings
Files uploaded through Forms Q&A
Shared Teams chat files
PowerApps using Excel file as data source
My Lists
Personal lists are stored on the user’s OneDrive
20. Control of the country a region based
on Preferred Data Location (PDL)
OneDrive’s can be moved by an administrator
Personal files are kept in that geo location
Managed in SharePoint Admin center
Sets OneDrive to read only (2-6 hours)
Moved via PowerShell
Good communication is required to improve user experience
24. Sharing for OneDrive can be MORE restrictive but not LESS restrictive than SPO
If sharing turned off globally in SPO any shared links will stop working
Sharing Options
No external sharing
Only existing external users (sign-in required)
New and existing external users (sign-in required)
Anyone including anonymous users (on by default)
Your SharePoint Online sharing settings determine which OneDrive sharing
settings are available
25. The following settings apply to both SPO and OneDrive
Default link type
Specific people
Only people in your organization
Anyone
Default link permission
View or Edit
Block or Allow share by domain
Anonymous access link permission
Separate for Files & Folders
View, Edit & Upload
View Only for
Anonymous access link expiration
Up to 2 years / 730 days
26. The following settings apply to both SPO and OneDrive
Limited external sharing by user
Only certain users in security group can
share with
External users
External users + anonymous
OneDrive email notifications
Other users share again
External users accept
Anonymous link created or changed
Other
Must accept using same account
Let external users share items they don’t own
Require recipients to prove account ownership
(days)
Not anonymous
Guest access expiration
Verification code reauthentication
30. Invalid characters
< > : “ | ? * /
Strings in filenames
Icon .lock CON PRN AUX NUL
COM1-9, LPT1-9
Starts with ~$
Desktop.ini
_vti_ anywhere in file
Folder names
_t _w _vti_
“forms” at the root level
Number of items
Performance declines after 300,000 files
Size limit
250GB
20BG within a zip
Sharing
50,000 items that can be shared within a folder
Can’t sync “Shared with me”
http://bit.ly/odsynclimits
31. Thumbnails and Previews
No Thumbnails & PDF previews > 100
MB
Authenticated Proxies
Not supported
Number of OneDrive accounts
9 OneDrive for work/school accounts
per device
Other
OneNote 2GB limit – Use OneNote to move
400 character URL
Can’t add network/mapped drive as sync location
IRM sync requires 17.3.7294.0108
Checkout & required columns synced as read-only
Don’t use roaming profiles
http://bit.ly/odsynclimits
32. VDI & OneDrive sync client supports
Virtual desktops that persist between sessions
Non-persistent
Non-persistent environments that use Azure Virtual Desktop
Non-persistent virtual desktops that have FSLogix
Apps or FSLogix Office Container, and a Microsoft 365
subscription for all of the following operating systems:
Windows 10, 32 or 64-bit (supports VHDX files)
Windows 7, 32 or 64-bit (supports VHD files)
Windows Server 2019 (supports VHDX)
Windows Server 2016 (supports VHDX)
Windows Server 2012 R2 (supports VHDX)
Windows Server 2008 R2 (supports VHD)
Do not roam
HKCUSoftwareMicrosoftOneDrive
Must use per machine install
SMB network file sharing required
for windows
OD can be hosted as Citric Virtual
App
33. Hide the sync button
Helps users install & set up
Allow sync to specific domains
Add GUID of each domain
Block sync of file types
Example: mp3, pst
Do not include periods or punctuation
SharePoint Admin Center
34. Saves space on your device
Requires Windows 10 Fall Creators
Unique per device
Deleting “Online-only” file deletes from the web
Windows 10 Storage Sense (build 17720+)
Windows 10 Storage Sense
Build 17720+
Capability to automatically free up disk space by
making older, unused, locally available OneDrive
files be available online-only
“deyhydration”
http://bit.ly/win10storagesense
Files On-Demand
35. Redirects Windows known folders
Desktop, Documents, Pictures
Windows & macOS
Users continue to work normally
Managed via policy (GPO/Intune)
Plan, test and remove redirection if
currently exists
Music & Videos
Be aware of Offline Files
Known Folder Move
36. Sync Control
Allow & Block Tenant list
Prevent changing of sync location
Set default location
Disable personal & B2B sync
Battery saver & metered network controls
Sync team sites automatically
Network
Manage upload/download limits
Automatic bandwidth percentage
Prevent network traffic before sign in
Overall max limit of all files downloaded
Continue syncing on metered
Continued syncing on battery saver
Group Policy
http://bit.ly/onedrivegpo
Files on-demand
Enabled by default
Migrate SP sites to on-demand
Known Folder Move
Prompt users to opt in
Silently redirect
Prevent redirect to local
Prevent redirect to OneDrive
Sign in
Silent account configuration
Set default location
Disable first time tutorial
Office
Prevent remote file fetch
Handle office files in conflict
Coauthoring and in-app sharing
Admin
Update ring management
Lists
Prevent list sync
Prevent external list sync
Prevent silent list sync sign in
37. Sync Control
Allow & Block Tenant list
Prevent changing of sync location
Set default location
Disable personal & B2B sync
Battery saver & metered network controls
Sync team sites automatically
Network
Manage upload/download limits
Automatic bandwidth percentage
Prevent network traffic before sign in
Overall max limit of all files downloaded
Continue syncing on metered
Continued syncing on battery saver
Group Policy
http://bit.ly/onedrivegpo
Files on-demand
Enabled by default
Migrate SP sites to on-demand
Known Folder Move
Prompt users to opt in
Silently redirect
Prevent redirect to local
Prevent redirect to OneDrive
Sign in
Silent account configuration
Set default location
Disable first time tutorial
Office
Prevent remote file fetch
Handle office files in conflict
Coauthoring and in-app sharing
Admin
Update ring management
Lists
Prevent list sync
Prevent external list sync
Prevent silent list sync sign in
43. Requirements
Windows 7, 10, 11
Sync client included in Windows 10
macOS
Network traffic to bypass *.wns.windows.com
Avoid HTTPS decryption for *.wns.windows.com
Deploy app policies to devices
Deploy RMS client
Enables IRM-protected file sync
Assisting sign in use GPO
odopen://launch
odopen://sync?useremail=email@domain.com
odopen://sync?siteId=X&webId=X&listId=X&userEm
ail=x&webUrl=x
%localappdata%MicrosoftOneDriveOneDrive.exe
44. All profiles on the computer will use the same OneDrive.exe binary
Installs under “Program Files” (or x86)
Automatic transitioning from the previous OneDrive sync client (groove.exe)
Automatic conversion from per-user to per-machine
Automatic updates when a new version is available
Works on all windows versions
Build 19.174.0902.0013 or later
Helpful for multi-user computers
Run OneDriveSetup.exe /allusers
45. Prepare a site before a user accesses it
Handle as part of new employee
Prepare for migration from on-premises or other storage
Do it through PowerShell
SharePoint Online Management Shell
Queues up and ran by a timer job
May take up to 24 hours
Must be SP admin to run
Licenses applied to admin and accounts being created
Not multi-geo aware
$emails = "user1@contoso.com", "user2@contoso.com"
Request-SPOPersonalSite -UserEmails $emails
46. Windows 10 has a scheduled task
Checks every 24 hours
No user interaction on updates
Keep some users in Insiders
Follow the OneDrive release notes
Insiders
(1-2 times per week)
Production
(1-2 times per
week)
Deferred
(every 2-3 months)
47. Plan for management to protect mobile data with
blocking the ability to move data between org apps
Intune
Jamf
Mobileiron
Push and monitor installs during deployment
It’s about org change management
49. Control access based on network
location
Control access from apps that don’t
use modern auth
Utilize Azure AD conditional access
policies based on SharePoint App
50. Undo all the actions that
occurred on any files and
folders within the last 30
days.
If any OneDrive files or folders
were deleted, overwritten,
corrupted, or infected by
malware, you can restore your
entire OneDrive to a previous
time.
53. Restrict OneDrive via Security Group
• Allow only users in specified security
groups to access OneDrive
• Add up to 10 groups
Block download
Block meeting recording download
56. Demo!
• Get client policies deployed
• Deploy sync admin reports
• Get to KFM
• Don’t forget about macOS and mobile
• Confirm your retention and user
termination process
• Ongoing adoption – WHY use OneDrive