Forum Discussion

john john's avatar
john john
Iron Contributor
Dec 16, 2018

Prevent users from syncing their sharepoint document libs unless they are inside the company domain

We have mapped some of our file shares to sharepoint online document libraries (mainly document libraries inside modern communication sites). but i do not want user to be syncing the documents from u...
onedrive
SharePoint Online
ChrisWebbTech's avatar
ChrisWebbTech
MVP
Dec 17, 2018
Cloud only or synced don’t tell you if you are domain joined or not. You have to go to portal.azure.com and under azure ad check devices. If you have devices listed then they are azure ad joined. Otherwise they are domain joined(assuming all machines are joined to a domain and not stand alone).

As for the setting you get the domain guid and that should prevent machines from syncing not on the domain. Doesn’t mean I’d they are managed. If you have machines joined to azure ad then you setup conditional access to prevent the sync.
john john's avatar
john john
Iron Contributor
Dec 17, 2018
ChrisWebbTech wrote:
Cloud only or synced don’t tell you if you are domain joined or not. You have to go to portal.azure.com and under azure ad check devices. If you have devices listed then they are azure ad joined. Otherwise they are domain joined(assuming all machines are joined to a domain and not stand alone).

As for the setting you get the domain guid and that should prevent machines from syncing not on the domain. Doesn’t mean I’d they are managed. If you have machines joined to azure ad then you setup conditional access to prevent the sync.

ChrisWebbTech

Ok thanks for the reply. now i went to "portal.azure.com" >> "Azure AD" >> "Devices", i can see that there are 80 devices listed with join type = "Azure AD Register".. so seems i have 80 users who are azure ad join, and i assume that the renaming users are join to active directory .

so in this case defining the domain GUID inside "OneDrive admin" >> "Sync" will not work for all users (the 80 users).. so i need to define conditional access to prevent the sync,, is this correct? and can you please mention the list of steps i need to follow to define conditional access?

  • ChrisWebbTech's avatar
    ChrisWebbTech
    MVP
    Dec 17, 2018
    Nope. Azuread registered means they are either workgroup machines or domain joined machines that are registered work accounts with your azuread. It would say explicitly azure ad joined if they were joined to azuread. Sorry forgot the registered devices show there :p. They could be mobile devices too. But either way. Azure ad joined would say that specifically.
    • john john's avatar
      john john
      Iron Contributor
      Dec 17, 2018
      ChrisWebbTech wrote:
      Nope. Azuread registered means they are either workgroup machines or domain joined machines that are registered work accounts with your azuread. It would say explicitly azure ad joined if they were joined to azuread. Sorry forgot the registered devices show there :p. They could be mobile devices too. But either way. Azure ad joined would say that specifically.

      ChrisWebbTech

      OK thanks again for your help.

      so in my case the devices are active directory join and not azure ad joined? and i can restrict the OneDrive sync from "OneDrive admin" >> "Sync" ? is this correct?

      here is what i get exactly, where i think the devices are workstations (personal devices), since the version is 10,X.X , which i would assume that it is referring to windows 10?:-

       

      • ChrisWebbTech's avatar
        ChrisWebbTech
        MVP
        Dec 17, 2018
        Yes, turning on the OneDrive admin sync option should if it works correctly block any machine not domain joined form syncing.

Resources