One Drive For Business Best Practices for Enterprise Environments.
ODFB (One Drive For Business)
Group policy settings. Most the business moving into M365 and its offered
services for known reasons over the years. For large enterprises process of
course will take time and correct Engineering and deep design to make sure your
business is getting the most out of such services. One of the services offered is
ODFB, and I assume you are reading this because you would like to perhaps
revisit your design or plan it correctly.
I will list available GPO settings
for ODFB and which ones you must deploy without any hesitation from get go.
Order
|
List
of policies
|
1
|
Allow
OneDrive to disable Windows permission
inheritance in folders synced
read-only
|
2
|
Allow
syncing OneDrive accounts for only specific organizations
|
3
|
Allow
users to choose how to handle Office file sync conflicts
|
4
|
Block
file downloads when users are low on disk space
|
5
|
Block
syncing OneDrive accounts for specific organizations
|
6
|
Coauthor
and share in Office desktop apps
|
7
|
Configure
team site libraries to sync automatically
|
8
|
Continue
syncing on metered networks
|
9
|
Continue
syncing when devices have battery saver mode turned on
|
10
|
Convert
synced team site files to online-only files
|
11
|
Disable
the tutorial that appears at the end of OneDrive Setup
|
12
|
Enable
automatic upload bandwidth management for OneDrive
|
13
|
Limit
the sync app download speed to a fixed rate
|
14
|
Limit
the sync app upload rate to a percentage of throughput
|
15
|
Limit
the sync app upload speed to a fixed rate
|
16
|
Prevent
the sync app from generating network traffic until users sign in
|
17
|
Prevent
users from changing the location of their OneDrive folder
|
18
|
Prevent
users from fetching files remotely
|
19
|
Prevent
users from moving their Windows known folders to OneDrive
|
20
|
Prevent
users from redirecting their Windows known folders to their PC
|
21
|
Prevent
users from syncing libraries and folders shared from other organizations
|
22
|
Prevent
users from syncing personal OneDrive accounts
|
23
|
Prompt
users to move Windows known folders to OneDrive
|
24
|
Prompt
users when they delete multiple OneDrive files on their local computer
|
25
|
Receive
OneDrive sync app updates on the Deferred ring
|
26
|
Require
users to confirm large delete operations
|
27
|
Set
the default location for the OneDrive folder
|
28
|
Set
the maximum size of a user's OneDrive that can download automatically
|
29
|
Set
the sync app update ring
|
30
|
Silently
move Windows known folders to OneDrive
|
31
|
Silently
sign in users to the OneDrive sync app with their Windows credentials
|
32
|
Use
OneDrive Files On-Demand
|
33
|
Warn
users who are low on disk space
|
Following link will provide details
for above GPOs
https://docs.microsoft.com/en-us/onedrive/use-group-policy#list-of-policies
Now which GPO set you need to use
get go? Invest time to understand below policies, most polices listed below
makes the most sense for most of the organizations. GPO # 1 and GPO# 9 would be
two most critical GPO you would want to deploy at the least for obvious
reasons.
GPO Order
|
List
of policies
|
1
|
Allow
syncing OneDrive accounts for only specific organizations
|
2
|
Enable
automatic upload bandwidth management for OneDrive
|
3
|
Prevent
users from changing the location of their OneDrive folder
|
4
|
Prevent
users from syncing personal OneDrive accounts
|
5
|
Prompt
users to move Windows known folders to OneDrive
|
6
|
Prompt
users when they delete multiple OneDrive files on their local computer
|
7
|
Require
users to confirm large delete operations
|
8
|
Silently
sign in users to the OneDrive sync app with their Windows credentials
|
9
|
Use
OneDrive Files On-Demand
|
10
|
Warn
users who are low on disk space
|
Good luck with your deployment and
if you need any assistance fell free to reach out.
Azure Solutions
Architect
AWS Certified Cloud Practitioner
Azure Certified Security Engineer Associate
https://simplepowershell.blogspot.com
https://cloudsec365.blogspot.com
https://msazure365.blogspot.com
https://twitter.com/Message_Talk