OneDrive for Business Gets Some Major Enterprise Updates

 Sep 07, 2015

OneDrive for Business – along with the rest of Office 365 – is known for Microsoft’s newish business process of delivering new features and updates as soon as they are available instead of waiting for the next Service Pack or Cumulative Update release. An example is the huge increases in storage capacity of OneDrive for Business that took place in the last few months of last year and early this year, where in a very quick succession, the capacity increased from 5GB to 10GB, then 25GB, then 50GB then 1TB and now “unlimited” – although I am sure there is a “fair use” policy in there somewhere!

Well, Microsoft have done it again, and if you have been noting the regular updates to the Message Center in Office 365, you may have come across some very exciting new features to OneDrive for Business that are especially welcome from an enterprise point of view.

Storage Quotas for OneDrive for Business

First of all, we now have the ability to apply a quota to each user’s access to OneDrive for Business. This has been one of the most requested feature since the new capacities were announced, with most administrators wishing to set their own user limits to ensure that users only store appropriate business material on their OneDrive for Business and to reduce potential syncing and network bandwidth issues etc. Quotas can be applied down to an individual basis via PowerShell, and uses the Set-SPOSite cmdlet as in the example below (requires the SharePoint Online PowerShell module):

Set-SPOSite –Identity "https://yourdomain-my.sharepoint.com/personal/username_yourdomain_com -StorageQuota 512000"

(You will, of course, need to change the "yourdomain" in the above example with your own specific domain information.)

Preventing Unintentional File Sharing in OneDrive for Business

Sharing files with colleagues, and workmates is a normal part of business, and users have long had the ability to determine who to share files with, and explicitly inviting them using the Sharing dialog box, but many administers have thought that the default folder “Shared with Everyone” (whose contents were automatically given user permissions and was discoverable using utilities such as Delve) was an easy way for users to “ignore” security and intentionally or unintentionally give general access to corporate files. Therefore the “Shared with Everyone” folder is no longer created by default for new users, but existing users will retain their existing folders, and administrators have the ability to override this new default if required. In addition, there are also new PowerShell options in the Set-SPOTenant cmdlet to disable the “Everyone”, “All Users” and “Everyone except External Users” options from the people picker in OneDrive for Business and SharePoint Online.

Limiting File Sync to Domain Joined PC’s

Another biggie for enterprise administrators is the ability to now block file sync on unmanaged workstations. OneDrive for Business has long enabled offline caching of files for both PC’s and Macs, but now administrators can restrict file syncing to domain joined PC’s only, and you can even specify which domains are restricted. One thing to note here however is that all MAC’s will be restricted automatically if these restrictions are implemented, as MAC’s cannot be truly domain joined. The PowerShell cmdlet is as follows:

Set-SpoTenantSyncClientRestriction -Enable -DomainGuids "786545DD-877B-4860-A749-6B1EFBB1190A; 877574FF-877B-4760-A749-6B1EFEC1190A"

Multiple domain GUID’s can be separated by a semi-colon. To find the GUID(s) of the domains you are attached to, you can run the following cmdlet on a domain joined PC:

$domain = (Get-ADForest).domains; foreach($d in $domain) {Get-ADDomain -Identity $d | Select ObjectGuid}

Mobile Device Management Policies for OneDrive for Business

Mobile devices such as smartphone and tablets etc. can now have the corporate data stored on them protected by Office 365 inbuilt Mobile Device Management (MDM) policies. Once configured, MDM policies require the device to be enrolled in Office 365 whenever they try to access data using OneDrive for Business or he Office Mobile Apps. These MDM policies gives us 3 key benefits:

  • Conditional Access. Administrators can specify the criteria the device(s) must meet before access is allowed to corporate data. These policies are applied at the user level, so apply to the user or groups of users, regardless of which device they are using.
  • Device Management. Administrators can enforce security policies such as Pin Locking of the device and jailbreak detection. Client adherence to these policies in the form of built in Device Compliance Reports.
  • Selective Wipe. Allows the selective wiping of corporate data from mobile devices, while leaving personal data and apps intact. And if you are hankering for even more control than these built-in basics, then you should check out all the new controls and mobile device features in Microsoft InTune and the Enterprise Mobility Suite.

Auditing of All Actions within OneDrive for Business

The Office 365 Compliance Center now allows administrators to audit all actions taken against OneDrive for Business files e.g. which PC’s or Mac’s attempted to sync files, who viewed or shared files etc.

So these are just a few of the new features being added to OneDrive for Business and Office 365 and I am sure that by the time you read this there will be many more great features waiting to be discovered. So be sure to keep an eye on the messages in the Message Center in Office 365, ‘cause there are always new features being announce on a regular basis, and check out more details on the above mentioned features in this quick 10 minute YouTube video from the Office Mechanic series of videos from Microsoft.

How do your Excel skills stack up?   

Test Now  

About the Author:

Gordon Cowser  

With over 22 years real world and training experience, Gordon is our most senior IT Infrastructure trainer. His expertise includes but is not limited to; Microsoft Server and Client OS, Messaging, Collaboration, Active Directory and Network Infrastructure. Gordon also specialises in SharePoint technologies training in both technical and end user aspects. With his extensive skill-set he brings a thorough mentoring capability to the classroom where he can advise on technical issues and challenges often beyond the scope of the course curriculum. A very approachable and experienced training professional, he has the ability to establish credibility fast with students at all levels.

Read full bio
top
Back to top