Announcement: New OneDrive Admin Center Preview

Stephen Rose

Over the past year, OneDrive has evolved at a rapid pace introducing new features for end users and IT, across sync, web, and mobile. As the number of users and usage continues to grow, our customers have asked for an easier way to administer their company OneDrive settings and policies. Today, we’re excited to announce the rollout of the OneDrive admin center preview to First Release customers and we want to hear your feedback.


Once deployed to your tenant, all tenant and SharePoint admins will have permissions to access the OneDrive admin center preview at


Key features by section include:

  1. Home: This is the dashboard for the admin center and will soon show recent Office 365 Message Center posts and usage reporting related to OneDrive for Business.
  2. Sharing: This section helps admins gain control over how and with whom your users are sharing information. This includes controlling the use of external sharing and anonymous links, as well as limiting which external domains users can share with.
  3. Sync: Admins can block syncing of specific file types and deny syncing to non-domain joined PCs.
  4. Storage: This section allows admins to easily set default storage limits and document retention durations.
  5. Device Access: This gives admins control over how and from where a user can access their files. This includes allow/deny access from personal devices or specific networks as well as rich Mobile Application Management Intune policies for iOS and Android.
  6. Compliance: Admins can find quick links to the Office 365 Security and Compliance Center for key scenarios like auditing, data loss prevention, retention, and eDiscovery.

Please have a look at the preview and provide us your feedback and comments below. Our plan is to begin the generally available rollout later next month and subsequently add a link from the Office 365 admin center.


Thank you!


Stephen Rose

Director, OneDrive Product Marketing

120 Replies
Thanks for this :-)...I have already access to the new ODB Admin Center, but the shortcut is not shown yet in the Office 365 admin portal.
This is pretty great, bravo!
@Stephen Rose I think it's worth sharing this on Office Blogs as it's worth shouting out! I'd like to see this as a dedicated tile in the app launcher too so I can find it easily. Well done, super useful!
IMHO this should appear in the App Launcher in the same way we don't have in the App Launcher tiles for EXO, SPO, S4B Admin, Azure AD, etc

Thanks Juan. It may take a day or so. If it's doesn't pop up by Sunday, let me know.

Thanks Brent! We are super excited to bring this to market.

Agreed. We will soon but we wanted to make sure we got this to you folks as quickly as possible first :)

When I go in to limit which domains can sync it asks "Enter each domain as a GUID on a new line."

Where am I to find my domain's GUID?

Hi Cary - here is TechNet article on how to enumerate domain guids.

Doesn't work.

Tried using Administrative Windows Azure Active Directory Module for Windows Powershell. Connected to MSOL and the command Get-AdForest is not recognized.

Hi Cary -

In the article above we mention the solution when encountering this issue - have you tried this?

If the following error message is displayed: "The term [Get-ADForest]' is not recognized as the name of a cmdlet, function, script file, or operable program.", you might not have the Active Directory module loaded that contains the Active Directory cmdlets. To resolve this error message, use the Import-Module ActiveDirectory command in Windows PowerShell window or open ActiveDirectory Module for Windows Powershell.

Finally got it to work.




Looks great, thank you.  Is there an upper limit on the document retention period in days under the Storage section?


Also, if a SPO site collection has already been created with external sharing DISABLED in the SPO Admin Center, is that originsl setting honored, or does the default under the new Sharing section for SharePoint sites override the previous value for external sharing?



Good start but a transfer ownership feature would be nice to easily transfer files for users leaving and organization. Posted this same comment on

Few things that are missing IMO:


1) Controls for company-shared links (or simply rename the "sharing" section to "External sharing")

2) Didnt see the RequireAcceptingAccountMatchInvitedAccount exposed, or the BCC for sharing options. Same goes for all other missing settings we have compared to Set-SPOTenant

3) Ability to set default type of sharing to read-only link (or Edit for those that prefer it)

4) More control (custom entry) for the link expiration setttings

5) IP range restrictions should be visible under Sharing as well, or at least make sure that people understand they dont only apply to mobile devices.

Here are eleven OneDrive settings are not yet available in the OneDrive Admin Center (use the SharePoint Admin Center to manage these OneDrive settings)
•External users must accept sharing invites using the same account that the invites were sent to
•custom link expiration dates
•Configuring the OneDrive experience (New or Classic)
•Controlling whether all users or only specific users will get OneDrive sites created when a SharePoint license is assigned
•Notifications (external sharing, or mobile push)
•Show/Hide OneDrive Button
•Script Setting that controls whether or not the ‘Copy to SharePoint’ button will appear in OneDrive
•Ability to enable/disable IRM for OneDrive Globally
•Ability to enable/disable IRM for individual OneDrive Sites
•My Site Cleanup Access Delegation
•My Site Cleanup Secondary Owner
•My Site Secondary Admin
•The following OneDrive settings are still only available in PowerShell and have not yet been surfaced in the SharePoint or OneDrive web admin interfaces:
•Get-SPOTenant | ft ProvisionSharedWithEveryoneFolder
•Get-SPOTenant | ft ShowEveryoneExceptExternalUsersClaim
•Get-SPOTenant | ft ShowEveryoneClaim
•Get-SPOTenant | ft ShowAllUsersClaim
•Get-SPOTenantSyncClientRestriction | ft OptOutOfGrooveBlock
•Get-SPOTenantSyncClientRestriction | ft OptOutOfGrooveSoftBlock

For the 'Days to retain files in OneDrive after a user account is marked for deletion' setting defaulting to 30 days, I believe it can be increased all the way up to 3650 days.


Souce 1 & 2 - (OrphanedPersonalSitesRetentionPeriod) 

I just set mine to 3650, so you are correct

Ah well, someone broke it:



This is great. How would you rank these? In what order?

Why is this on the domain?  Our company currently blocks as it is a personal cloud storage site.   OD4B is currently hosted on Why would Microsoft have an admin tool that is not even in the same domain as the app it is administering?

For many companies (especially smaller ones) OneDrive is a standalone product that is not connected to SharePoint on any level. SharePoint is our product that leads collaboration while OneDrive is the connective tissue between these products including SharePoint, Teams, Yammer, Delve and more.


As we continue to grow OneDrive features and functionality, having OneDrive's ability to be a true standalone product as well as be part of our productivity suite will become even more critical.



If you can make it possible, I'd say #1 is the ability to set the default sharing option to read-only links. The rest doesnt really matter as we have them available in PowerShell, though it will be easier for people if they're availble in the ODFB admin portal too.

@Stephen Rose

+1 for @Vasil Michev request: ability to set default type of sharing 

I understand your point @Stephen Rose, but this will be an issue for Enterprise organizations. I presented on this very topic last night at a local user group and more than one participant mentioned that they are blocking consumer OneDrive URL. 

Understood. They could just use applocker to block the app locally if they choose.We see some customers doing that as well as implementing features in W10 that would restrict sharing, copying and placement of docs into anything but ODB (WIP + Device Guard)

Hi Stephen,


I'd like to now if we can also include AAD domains in the restriction of sycning OneDrive. I have some customers that have remote users in different countries that have AAD joined  (Intune Managed) devices. For which I would like to allow OneDrive sync.


Thanks much.


I will have more to share on that next month. Stay tuned :)

I followed the PS commands to get my local domain GUID, after which I added it to the "allow syncing to specific domains" in the OD4B Sync admin area, but it will not retain the settings even after clicking Save.

Tried several times, even had another Adminstrator try, but no luck. Everything looks correct, but when I go back and check, there is nothing listed. It simply will not save the domain GUID information. It doesnt even give an error message.


Am I doing something wrong?

Is anyone else having this same issue?

Why would you use the consumer URL? Most enterprises block consumer services and this just makes our lives a pain because now we have to get this URL whitelisted. Why not integrate it into another business URL that Office 365 uses?

It is only for Enterprise Plan or including SMB Plan? 

My understanding is that the new OneDrive Admin Center is going to be available for all Office 365 plans

Run get-addomain abd it will return the domain guid

To be complete

Just copy paste this in powershell on your Domain controller

$domains = (Get-ADForest).Domains; foreach($d in $domains) {Get-ADDomain -Identity $d | Select ObjectGuid} 


 Great feature set in this admin portal.

OneDrive for Business is built on the SharePoint platform, so I don't understand your point. An admin center should not have a consumer URL unless its for consumer services. Most enterprises block consumer services because they are a security risk. Its another short sighted decision on Microsoft part again.

Don't put SharePoint Online 'Sharing' options in the ODB Admin center.  This adds confusion and another area where Admins configure SharePoint related settings?  Keep it scoped to ODB Only.



These files live in ODFB and, with our NGSC, will have the ability to be synched directly to and from your ODB client. Hence why we added this here. Some choices were made based on where the product is going, not just where it sits today.


Thanks for your feedback. I will share it with engineering.



Understood. I will share your feedback with engineering.
Great news had a first look looks great!
Hi, I would like to see all topics regarding OD4B in that Portal, do not keep anything in the SharePoint section. Regards, Hermann
Yay ... Been waiting for this!

Was testing a block on file types but it doesn't seem to be working.  Is there a known delay or issue with Sync > Block syncing of specific file types?


Tested with an .olm file since we would like to block all Outlook archive file types (PST and OLM) but I was still able to drop the .olm file into the local OneDrive sync folder and it popped up in my OneDrive online shortly after (several times).


File Type Test.jpgBlock .olm file test

So I let it sit for a few hours and it looks like the first extension (olm) I tried to block is actually being blocked now.  Is there some duration of replication needed in the O365 tenant that results in this delay between configuration and observation?


File Type Test 2.jpgBlock by file extension test (pst and olm)

This is great and much easier than managing the previous way.  I really like the Device access.

Are we going to be able to manage individual Onedrive accounts? Like on a per-user basis?

Means, this admin center will be available for standalone plan? So may companies licenced ProPlus can control OD with this feature? BTW I'm the one who concern this belong to

This answer completely misses the point. is the consumer OneDrive URL and as an Enterprise, we want to keep it blocked. Your solution is to open up that risk, but mitigate it by adding more administration overhead to groups that are normally already stretched pretty thin? I understand that MS wants to separate OneDrive from SharePoint. But the solution isn't to then integrate it with the consumer product. It would be to carve out it's own space such as or something that we can whitelist that doesn't expose us to other issues. Our decision to go with OneDrive was at least in part predicated on it being it's own product separate from the consumer version.
Will we still be able to admin from the site like we do today or will it be completely transitioned to

SharePoint will still be admin'ed through the SP interface

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
38 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies