Forum Discussion
Document library OneDrive sync security
We have a document library in SharePoint online which will contain confidential information. How can we reduce security risks? For starters, MFA is enforced for all users that have access to ...
This is an area not many folks are concerned about but they should be. Good to see you are aware of this.
- "Files On-demand" is not a robust solution. Users can simply modify the settings on the their computer.
- Using "Storage Sense" to limit the availability of local content (e.g. automatically remove the local version after 1 day inactivity) is also not a solution: users can also simply change these local settings.
- Map network drive: this is major source for incidents tickets and the blocking of IE11 to access Office 365 as of 17 August 2021 will not help.
- I would consider InTune but that will not work (AFAIK) if the computers are not joined to your AD domain. It may also require additional licenses.
- Disabling offline capability per library or per site may help. This reduces the risk but there is still the option to download all content. Plus it negatively affects functionality available to your users.
- Use browser-based tools that work like File Explorer. See e.g. https://www.slimapplications.com/wp-content/uploads/2020/12/ExplorerEditInAppOffice.png
The "Edit in App" allows users to edit Office files using the local Office app and changes are automatically saved to SharePoint. i.e. no need to have offline content. - Use sensitivity labels and encryption. This requires proper planning, possibly additional licenses and training users (probably also outside your company).
Summary: this is not an easy problem to fix.
Paul | SLIM Applications
Thanks for your advice Paul_HK_de_Jong
I think we will have to joined those laptops that need access to an AD domain and then use OneDrive sync domain restriction: https://docs.microsoft.com/en-us/onedrive/allow-syncing-only-on-specific-domains, plus the many group policy options to secure it.
