SOLVED

Stop onedrive personal connecting to onedrive for business

%3CLINGO-SUB%20id%3D%22lingo-sub-98019%22%20slang%3D%22en-US%22%3EStop%20onedrive%20personal%20connecting%20to%20onedrive%20for%20business%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-98019%22%20slang%3D%22en-US%22%3E%3CP%3EHi%3C%2FP%3E%3CP%3EApologies%20if%20this%20has%20already%20been%20asked%20but%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20a%20way%20to%20stop%20someone%20signing%20into%20their%20onedrive%20for%20business%20account%20using%20the%20personal%20onedrive%20app%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EScenario%3C%2FP%3E%3CP%3EI%20am%20working%20with%20a%20company%20that%20want%20to%20their%20staff%20to%20use%20OneDrive%20but%20only%20on%20corporate%20machines.%3C%2FP%3E%3CP%3ECan%20staff%20download%20the%20free%20onedrive%20app%20on%20say%20a%20personal%20machine%20and%20then%20sign%20into%20their%20work%20account%20and%20sync%20this.%3C%2FP%3E%3CP%3EIf%20so%20can%20this%20be%20disabled%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegards%3C%2FP%3E%3CP%3EWasim%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-98019%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EOneDrive%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOneDrive%20for%20Business%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-292696%22%20slang%3D%22en-US%22%3ERe%3A%20Stop%20onedrive%20personal%20connecting%20to%20onedrive%20for%20business%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-292696%22%20slang%3D%22en-US%22%3E%3CP%3Ehi%2C%3C%2FP%3E%3CP%3EIn%20our%20organization%20we%20have%20disabled%20the%20Personal%20One%20drive%20access%20and%20can%20only%20access%20the%20Organization%20One%20drive.%20Presently%20we%20are%20able%20to%20access%20Personal%26nbsp%3BOnline%20Excel%2FPPT%2FWord%20documents%20etc...Wanted%20to%20know%20how%20can%20we%26nbsp%3Brestrict%20this%20as%20well...%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-98093%22%20slang%3D%22en-US%22%3ERe%3A%20Stop%20onedrive%20personal%20connecting%20to%20onedrive%20for%20business%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-98093%22%20slang%3D%22en-US%22%3E%3CP%3EYou%20can%20also%20block%20them%20setting%20up%20a%20OneDrive%20personal%20account%20within%20OneDrive%20sync%20client.%26nbsp%3B%20On%20each%20machine%2C%20set%20the%20following%20in%20the%20registry%20(can%20be%20done%20via%20OneDrive%20GPO)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%5BHKEY_CURRENT_USER%5CSoftware%5CMicrosoft%5COneDrive%5D%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%22DisablePersonalSync%22%3Ddword%3A00000001%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-98055%22%20slang%3D%22en-US%22%3ERe%3A%20Stop%20onedrive%20personal%20connecting%20to%20onedrive%20for%20business%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-98055%22%20slang%3D%22en-US%22%3E%3CP%3EIf%20that's%20the%20case%20then%20you%20can%20use%20Conditional%20access%20since%20these%20are%20unmanaged%20devices%20to%20control%20access.%20You%20need%20to%20have%20Azure%20AD%20Premium%20and%20Intune%20for%20this%2C%20and%20you%20may%20visit%20the%20links%20below%20for%20more%20details%3A%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Factive-directory-conditional-access-azure-portal%23session-controls%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Factive-directory-conditional-access-azure-portal%23session-controls%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fsupport.office.com%2Fen-us%2Farticle%2FControl-access-from-unmanaged-devices-5ae550c4-bd20-4257-847b-5c20fb053622%3Fui%3Den-US%26amp%3Brs%3Den-US%26amp%3Bad%3DUS%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsupport.office.com%2Fen-us%2Farticle%2FControl-access-from-unmanaged-devices-5ae550c4-bd20-4257-847b-5c20fb053622%3Fui%3Den-US%26amp%3Brs%3Den-US%26amp%3Bad%3DUS%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-98053%22%20slang%3D%22en-US%22%3ERe%3A%20Stop%20onedrive%20personal%20connecting%20to%20onedrive%20for%20business%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-98053%22%20slang%3D%22en-US%22%3E%3CP%3EAnother%20option%20to%20explore%20is%26nbsp%3BConditional%20Access%20Policies%20-%20%3CA%20href%3D%22https%3A%2F%2Fblogs.technet.microsoft.com%2Fwbaer%2F2017%2F02%2F17%2Fconditional-access-policies-with-sharepoint-online-and-onedrive-for-business%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EControl%20access%20based%20on%20network%20location%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F18871iC029DC00D2D760C9%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22DevicePolicy%22%20title%3D%22DevicePolicy%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3ELocation-based%20policies%20don't%20require%20Azure%20AD%20Premium%20licences%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%22%3CEM%3EThese%20policies%20ensure%20content%20can%20only%20%3C%2FEM%3Ebe%20access%3CEM%3E%20when%20someone%20is%20connected%20to%20the%20defined%20network%2C%20denying%20access%20outside%20of%20that%20boundary%20%E2%80%93%20whether%20the%20content%20is%20%3C%2FEM%3Eaccess%3CEM%3E%20via%20a%20%3CU%3Ebrowser%3C%2FU%3E%2C%20%3CU%3Eapplication%3C%2FU%3E%2C%20or%20%3CU%3Emobile%20app%3C%2FU%3E.%3C%2FEM%3E%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-98039%22%20slang%3D%22en-US%22%3ERe%3A%20Stop%20onedrive%20personal%20connecting%20to%20onedrive%20for%20business%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-98039%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20for%20the%20response.%3C%2FP%3E%3CP%3EWhat%20if%20there%20isnt%20a%20domain%20in%20place.%3C%2FP%3E%3CP%3EThe%20company%20do%20not%20currently%20have%20a%20domain%2FAD%20set%20up.%20Just%20standalone%20machines%20with%20local%20user%20accounts%20set%20up%20on%20it.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegards%3C%2FP%3E%3CP%3EWasim%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-98036%22%20slang%3D%22en-US%22%3ERe%3A%20Stop%20onedrive%20personal%20connecting%20to%20onedrive%20for%20business%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-98036%22%20slang%3D%22en-US%22%3E%3CP%3EYou%20can%20limit%20OneDrive%20for%20Business%20file%20sync%20to%20domain%20joined%20PCs%20only%20using%20these%20methods%3A%20via%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fsupport.office.com%2Fen-us%2Farticle%2FAllow-syncing-only-on-computers-joined-to-specific-domains-a3b03efd-ccd0-4d3c-b9ae-7f8f3f9485bc%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EOneDrive%20Admin%20Center%3C%2FA%3E%20or%20%3CA%20href%3D%22https%3A%2F%2Fblogs.office.com%2Fen-us%2F2015%2F07%2F16%2Fnew-it-management-controls-added-to-onedrive-for-business%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EPowerShell%3C%2FA%3E.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

Hi

Apologies if this has already been asked but:

 

Is there a way to stop someone signing into their onedrive for business account using the personal onedrive app?

 

Scenario

I am working with a company that want to their staff to use OneDrive but only on corporate machines.

Can staff download the free onedrive app on say a personal machine and then sign into their work account and sync this.

If so can this be disabled?

 

Regards

Wasim

6 Replies
Highlighted

You can limit OneDrive for Business file sync to domain joined PCs only using these methods: via OneDrive Admin Center or PowerShell.

Highlighted

Thanks for the response.

What if there isnt a domain in place.

The company do not currently have a domain/AD set up. Just standalone machines with local user accounts set up on it.

 

Regards

Wasim

Highlighted

Another option to explore is Conditional Access Policies - Control access based on network location

 

Location-based policies don't require Azure AD Premium licencesLocation-based policies don't require Azure AD Premium licences

"These policies ensure content can only be access when someone is connected to the defined network, denying access outside of that boundary – whether the content is access via a browser, application, or mobile app."

 

Highlighted
Best Response confirmed by Wasim Parkar (Occasional Contributor)
Solution

If that's the case then you can use Conditional access since these are unmanaged devices to control access. You need to have Azure AD Premium and Intune for this, and you may visit the links below for more details: 

 

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-azure-po...

 

https://support.office.com/en-us/article/Control-access-from-unmanaged-devices-5ae550c4-bd20-4257-84...

Highlighted

You can also block them setting up a OneDrive personal account within OneDrive sync client.  On each machine, set the following in the registry (can be done via OneDrive GPO)

 

[HKEY_CURRENT_USER\Software\Microsoft\OneDrive]      "DisablePersonalSync"=dword:00000001

Highlighted

hi,

In our organization we have disabled the Personal One drive access and can only access the Organization One drive. Presently we are able to access Personal Online Excel/PPT/Word documents etc...Wanted to know how can we restrict this as well...