One Drive For Business Best Practices for Enterprise Environments.

One Drive For Business Best Practices for Enterprise Environments.

ODFB (One Drive For Business) Group policy settings. Most the business moving into M365 and its offered services for known reasons over the years. For large enterprises process of course will take time and correct Engineering and deep design to make sure your business is getting the most out of such services. One of the services offered is ODFB, and I assume you are reading this because you would like to perhaps revisit your design or plan it correctly.

I will list available GPO settings for ODFB and which ones you must deploy without any hesitation from get go.

 

Order	List of policies
1	Allow OneDrive to disable Windows permission  inheritance in folders synced read-only
2	Allow syncing OneDrive accounts for only specific organizations
3	Allow users to choose how to handle Office file sync conflicts
4	Block file downloads when users are low on disk space
5	Block syncing OneDrive accounts for specific organizations
6	Coauthor and share in Office desktop apps
7	Configure team site libraries to sync automatically
8	Continue syncing on metered networks
9	Continue syncing when devices have battery saver mode turned on
10	Convert synced team site files to online-only files
11	Disable the tutorial that appears at the end of OneDrive Setup
12	Enable automatic upload bandwidth management for OneDrive
13	Limit the sync app download speed to a fixed rate
14	Limit the sync app upload rate to a percentage of throughput
15	Limit the sync app upload speed to a fixed rate
16	Prevent the sync app from generating network traffic until users sign in
17	Prevent users from changing the location of their OneDrive folder
18	Prevent users from fetching files remotely
19	Prevent users from moving their Windows known folders to OneDrive
20	Prevent users from redirecting their Windows known folders to their PC
21	Prevent users from syncing libraries and folders shared from other organizations
22	Prevent users from syncing personal OneDrive accounts
23	Prompt users to move Windows known folders to OneDrive
24	Prompt users when they delete multiple OneDrive files on their local computer
25	Receive OneDrive sync app updates on the Deferred ring
26	Require users to confirm large delete operations
27	Set the default location for the OneDrive folder
28	Set the maximum size of a user's OneDrive that can download automatically
29	Set the sync app update ring
30	Silently move Windows known folders to OneDrive
31	Silently sign in users to the OneDrive sync app with their Windows credentials
32	Use OneDrive Files On-Demand
33	Warn users who are low on disk space

 

Following link will provide details for above GPOs

https://docs.microsoft.com/en-us/onedrive/use-group-policy#list-of-policies

 

Now which GPO set you need to use get go? Invest time to understand below policies, most polices listed below makes the most sense for most of the organizations. GPO # 1 and GPO# 9 would be two most critical GPO you would want to deploy at the least for obvious reasons.

GPO Order	List of policies
1	Allow syncing OneDrive accounts for only specific organizations
2	Enable automatic upload bandwidth management for OneDrive
3	Prevent users from changing the location of their OneDrive folder
4	Prevent users from syncing personal OneDrive accounts
5	Prompt users to move Windows known folders to OneDrive
6	Prompt users when they delete multiple OneDrive files on their local computer
7	Require users to confirm large delete operations
8	Silently sign in users to the OneDrive sync app with their Windows credentials
9	Use OneDrive Files On-Demand
10	Warn users who are low on disk space

 

Good luck with your deployment and if you need any assistance fell free to reach out.

Azure Solutions Architect
AWS Certified Cloud Practitioner
Azure Certified Security Engineer Associate
https://simplepowershell.blogspot.com
https://cloudsec365.blogspot.com
https://msazure365.blogspot.com
https://twitter.com/Message_Talk