SOLVED

Announcement: New OneDrive Admin Center Preview

Microsoft

Over the past year, OneDrive has evolved at a rapid pace introducing new features for end users and IT, across sync, web, and mobile. As the number of users and usage continues to grow, our customers have asked for an easier way to administer their company OneDrive settings and policies. Today, we’re excited to announce the rollout of the OneDrive admin center preview to First Release customers and we want to hear your feedback.

 

Once deployed to your tenant, all tenant and SharePoint admins will have permissions to access the OneDrive admin center preview at https://admin.onedrive.com.

 

Key features by section include:

  1. Home: This is the dashboard for the admin center and will soon show recent Office 365 Message Center posts and usage reporting related to OneDrive for Business.
  2. Sharing: This section helps admins gain control over how and with whom your users are sharing information. This includes controlling the use of external sharing and anonymous links, as well as limiting which external domains users can share with.
  3. Sync: Admins can block syncing of specific file types and deny syncing to non-domain joined PCs.
  4. Storage: This section allows admins to easily set default storage limits and document retention durations.
  5. Device Access: This gives admins control over how and from where a user can access their files. This includes allow/deny access from personal devices or specific networks as well as rich Mobile Application Management Intune policies for iOS and Android.
  6. Compliance: Admins can find quick links to the Office 365 Security and Compliance Center for key scenarios like auditing, data loss prevention, retention, and eDiscovery.

Please have a look at the preview and provide us your feedback and comments below. Our plan is to begin the generally available rollout later next month and subsequently add a link from the Office 365 admin center.

 

Thank you!

 

Stephen Rose

Director, OneDrive Product Marketing

120 Replies
Hi Neil,

I don't have an exact date but we're getting closer! We've fixed the bug from our last round of validation and we're not getting ready to validate again. Assuming we find no issues, we'll be rolling out soon. If we do find an issue though, we'll obviously have to go through this loop again. 

Sorry for the delay here! I'm thinking of throwing a party once we get everything straightened out ;)

Stephen Rice

OneDrive Program Manager II
Ever get an answer on this? I have a feeling it our firewall.
That's great news. Glad to see this being implemented. :)

@Stephen Rice wrote:
Hi Neil,

I don't have an exact date but we're getting closer! We've fixed the bug from our last round of validation and we're not getting ready to validate again. Assuming we find no issues, we'll be rolling out soon. If we do find an issue though, we'll obviously have to go through this loop again. 

Sorry for the delay here! I'm thinking of throwing a party once we get everything straightened out ;)

Stephen Rice

OneDrive Program Manager II

Hi Stephen. We've been through a series of 'nearly there' messages with this feature - I'm referring specifically to the ability to grant/remove permission to externally share OneDrive for Business content by AD Group. Screengrabs in announcement in Sep 2016, left out of rollout in Dec, and 'nearly there' throughout January, February and March. I stopped asking in April and now it's May.

I appreciate the difficulties that can stem from creating and managing expectations around these sorts of enhancements - I really do. My particular reason for being a bit of a 'dog with a bone' is that this feature was seen as the enabler for external sharing - hugely in demand - in a tenancy that has many users <18.

Any chance we can have a clear update on the current position and what to expect?

Hi @Neil McCafferty,

 

Totally understand your frustration here. We ran into a number of issues with our last round of validation that extended our date from end of 2016 into 2017. Now, on the plus side, we also used this time (in parallel to the bug-fixing work) to expand the feature a little bit. Instead of a single set of security groups, you will be able to specify two sets of groups, one for all authenticated external sharing and one for both anonymous and authenticated external sharing. 

 

We're finishing up the work now and we expect to begin rollout next month. We know this is an important feature for a lot of customers and appreciate your patience :) 

 

Stephen Rice

OneDrive Program Manager II

Will there be a option available in the (near) future to manage a OneDrive of a office group, for instance like how we manage OneDrive as from now (thru sharepoint profiles or admin.onedrive.com)?

Stephen - thanks for stepping up to provide the explanation. Much appreciated. The addition of groups for authenticated and anonymous sharing is welcome. Thinking out loud, we may use that to - for example - allow students to share with authenticated external users such as parents and employers but allow teaching staff to share using anonymous links to share O365 content in external collaboration sites.

Can I ask what you have in mind for notification when the change is ready? Across all of the product teams it could be any one of: admin message centre, here, blog article, first release then standard, roadmap, twitter, just appears. Good to know where to keep an eye on. ;)

@Jerry Meyer

 

For clarification, are you talking about manging the team site/document library that is associated with an Office 365 Group? Thanks!

 

Stephen Rice

OneDrive Program Manager II

@Neil McCafferty

 

Glad to hear that the expanded feature sounds useful. Even internally, we definitely hear a desire to ensure anonymous links can only be created by informed and trusted people. In fact, in all of our demos for this feature, we tend to name our example security group "Responsible Adults" just to make the scenario extra clear :) 

 

Notifications will come through O365 Message Center and tagged as OneDrive for Business and SharePoint. You should see those in just a few weeks as we lock in our release cadence. Let me know if you have any questions!

 

Stephen Rice

OneDrive Program Manager II

 

Yes thats correct. The document storage location of an office Group

Hi @Jerry Meyer,

 

Thanks for the clarification. We have plans to improve the Group site management experience but I don't know much more than that. @Sebastien Fouillade may have more to share. 


Stephen Rice

OneDrive Program Manager II

@Stephen Rice - Should I be getting edgy? ;) After your post, some notification in the admin console and this article https://support.office.com/en-us/article/Per-group-sharing-controls-in-SharePoint-Online-26581d50-ff..., I was pretty comfortable. However, I still don't see the 'by security group' features in my First Release tenant. Is it possible to request this be lit up in my First Release and/or request early rollout of the production feature when it is ready? Very early August is my drop dead date to have this tested and communicated for the start of our new academic year.

Hi @Neil McCafferty,

 

That's not good at all! The first phase of the feature should absolutely be rolled out to your tenant! Are you looking in OneDrive admin or SharePoint admin? I believe the feature is only available in the latter currently. It should show up under the advanced sharing settings section on the page. If it's still not there, please let me know. Thanks!

 

Stephen Rice

OneDrive Program Manager II

 

@Stephen Rice - thanks again for the reply. OK, so I was looking in the OneDrive admin centre for the OneDrive sharing controls. ;)

In testing it out, I notice the following:

If I'm not in the allowed group(s) I can't create an anonymous link or use an external email address to share (as expected)

External Sharing - User blocked.png

But, any existing file/folder that has already been shared with an external user continues to be accessible to that external user. So, in our case where we might choose to withdraw sharing privileges if there is inappropriate use, the feature doesn't act as a revocation of external sharing by these users, but rather the withdrawal of the rights to create new external shares. Is this correct and is there any plan for the feature (or any other admin capability) to revoke external sharing in bulk/by group?

As a quick chaser to my last post, the results from the Admin centre OneDrive use report aren't quite what I'd expect either. Two accounts where I know there are externally shared files don't reflect the true position. One, I think, is as a result of having shared the folder with the external user meaning that all subsequent files are 'externally shared'. 

External Sharing - Report questionable.pngExternal Sharing - Report questionable examples.png

I was looking to potentially use this report as part of risk mitigation processes so that we could identify users with new/high amounts of external sharing. However, it looks like this might not be reliable or might need quite a bit of framing to say, 'It only picks up x, y & z but not....'.

Hi Neil,

 

Sorry for the long delay here! Where are you grabbing that OneDrive sharing report? Is that in OneDrive admin or somewhere in the compliance center? Thanks!

 

Stephen Rice

OneDrive Program Manager II

Stephen,

The report is in the O365 Admin Centre > Reports > Usage > OneDrive activity. You can kind of make this out from the screen grab. We hope to have a report that can identify external sharing exposure by department and job title (in real terms for us, this means by school and teacher/pupil) so that areas of risk can be highlighted.

In other news, I notice that the second sharing control by security group (authenticated users only + authenticated users AND anonymous) has hit first release. Do you know when this is likely to show up in production?

@Neil McCafferty, you can generate a report of externally shared content via the SCC as detailed here: https://support.office.com/en-us/article/Keyword-queries-and-search-conditions-for-Content-Search-c4...

 

This type of report will not be time-based however, so not sure if appropriate for your scenario.

@Neil McCafferty, I'll have to follow up with the owner of that report and see what is going on. 

 

As for the second per-group control, rolling from first release to the rest of Production normally takes a few weeks. So not too much longer! Thanks!

 

Stephen Rice

OneDrive Program Manager II

Hi @Neil McCafferty,

 

Sorry for the delay in response! The report you're looking at (OneDrive activity) only shows results for the last "X" days (where X should be configured somewhere in the UX above the report). Some of the shares you are seeing probably occurred outside that timeframe which is why they aren't showing up. Hope that helps!

 

Stephen Rice

OneDrive Program Manager II