Forum Discussion
Disable all sharing
Hi all,
Has anyone been successful in disabling all sharing for OD4B? The goal is to drive users into other collaborative tools such as SPO or Groups for shared content. I'm wondering if there is a rights configuration that allows a user to manage their content but not share it internally or externally.
TIA.
20 Replies
I know this is an older thread but it is one of the top links in search. I found the modern feedback page for this function.
We want to prohibit sharing altogether. · Community (microsoft.com)
- I've read about why Microsoft doesn't allow this on principle. However, I think there are use cases that they are not considering. We are migrating from Google Workspace and rather than migrate all security, communication, and documents at once. We are focusing on a staged approach.
Starting with building the security infrastructure in Azure, such as app authentication and device management. Then migrating over comm and file management. In this case we want to prevent people from using OneDrive, Outlook, and Calendar. It would be highly valuable to have these switches until we are able to migrate that data and train users on how to use new tools. - J.Shishir8@gmail.com
- I just went back up to the top and re-read your post Guy...if your goal (which I share in a big way) is to drive users to shared storage (I just had to take ODFB content for a staff person that retired that had shared out stuff to their local staff(when they have a SP site!) and upload it to their SP site)...I am also looking for an "admin solution" to that as well...though I know the real answer is user-training. A highlight being "365 Sharing Explained: where to share?" trick is getting staff to read it!
User training and education is a vital component of any deployment but it can't be the only answer, especially if Microsoft OD4B to be seen as having governance advantages over the competition. The lack of full controls over sharing and per-user activation of the tool create a big gap over some competing solutions and over file shares which is the mechanism most organizations use today.
I've added my vote to this topic on UserVoice: https://office365.uservoice.com/forums/264636-general/suggestions/7950375-onedrive-for-business-administration. Hopefully this will get some attention.
Guy Yardeni - Would it work to:
1. Set ODfB Sharing to "Only people in your organization"2. Set advanced settings to "Allow or block sharing with people on specific domains"
3. Select "Type of Restriction - Block these domains"
4. List the internal domain and then "Save"
- Haven't had time to test a possible solution but this is an interesting problem...
As the onedrive is essentially a SharePoint site.. if you can make a permission level that has everything selected but the "Change Permissions" option, then remove the user from the SCA group and add them to a new sp group using that non-change permissions option. Theoretically they should be able to use their onedrive for themselves but not let in anyone else. Of course...not sure how this would help when a user can just email a copy of the file to someone or other method of file transfer..but it would make it more of pain than sharing which the system is setup to do so easily...if above is possible. You can CSOM script that out and run it on all onedrives. My apologies in advance if this idea isn't feasible..just saw this post and it got me thinking. Hope it helps!Hi Dennis.
We have already discussed in the past the option to remove the ODfB user from the SCA list.
Unfortunately, it looks like this option has several contraindications and hence is not feasible.
I have never tried it by myself, but jcgonzalezmartin could explain more...
- Yeap, while it's true you can potentially change default security model in ODFB, I don't recommend it since you simply could break the way ODFB is designed to share information in a secure way....just my 2 cents
You can now control sharing on per-site (collection) level so you can disable it completely for ODFB or for some users only. There's a global switch for this under https://admin.onedrive.com/?v=SharingSettings
Lots of other controls are available as well.
Is it actually possible to disable sharing at site collection level also internally, as asked by Guy Yardeni?
I was under the impression that only sharing with external users could be disabled...
Internal should also be possible via the corresponding Site settings (access requests and invitations). jcgonzalezmartin is the expert on SPO, he should be able to correct me if that's not the case :)
- But be also aware that you cannot configure who can share on per site collection basis
