cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Question about settings for Sync button and modern app authentication

Kerim M.
Copper Contributor

‎Apr 22 2018 09:29 AM

‎Apr 22 2018 09:29 AM

Question about settings for Sync button and modern app authentication

Hi guys

I have two questions about the settings which is possible to configure over ODFB admin portal:

Setting:
Sync > Checkbox "Show the Sync button on the OneDrive website"

Question:
What is the sense behind this option?
Let's say I will uncheck this option and the Sync button will get hidden.
So the use will not be able to start local synchronization over web. OK
But if he still would like, he could (even this button is hidden) do the synchronization by downloading the client and enter his credentials.
Provided of course, that the local synchronization if allowed.
---------
Setting:
Device access > allow access from apps that don't use modern authentication

Question:
This is more a general quesiton. So which apps could have access? Do you have some examples?
Is there also an store with apps which could be integrated in Office 365 or OneDrive For Business?
I'm asking this quesiton because I have never seen apps like that. Maybe you have some examples.

Thanks in advance.


1,711 Views
0 Likes
4 Replies
Reply
4 Replies
best response confirmed by Kerim M. (Copper Contributor)
Vasil Michev

‎Apr 22 2018 10:19 AM

‎Apr 22 2018 10:19 AM

Solution

Re: Question about settings for Sync button and modern app authentication

The answer to the first question is here: https://support.office.com/en-us/article/prevent-users-from-installing-the-onedrive-sync-client-b59c...

 

But as you said, it's not a real restriction as they can just download the client elsewhere (not to mention it comes preinstalled with Win10). If you want to restrict the sync, you can use the second option in the portal or the set-spotenantsyncclientrestriction cmdlet.

 

For the second question, all Microsoft apps should indeed support MA nowadays, but some time ago this was not true. And having support for MA is important for features such as Conditional access, which you can bypass if using legacy auth. Thus many organizations are interested in being able to block such apps. It's the analog of the -LegacyAuthProtocolsEnabled setting for Set-SPOTenant.

0 Likes
Reply
Kerim M.

‎Apr 22 2018 10:36 AM

‎Apr 22 2018 10:36 AM

Re: Question about settings for Sync button and modern app authentication

@Vasil Michev

 

Thanks for your quick reply.

 

Regarding first question, everything is clear now.

 

Regarding the second question:

OK, that point you mentioned is clear for me.

But my question is about these apps. What kind of apps are existing on the market? (doesn't matter if already MA support or not)
This information is new for me, that there are apps existing, which can be cooperate with ODFB.
So that's why my question. Do you have some names of these apps for example?

 

Thank you.

0 Likes
Reply
Vasil Michev

‎Apr 22 2018 11:06 AM

‎Apr 22 2018 11:06 AM

Re: Question about settings for Sync button and modern app authentication

I don't have an exhaustive list, and not sure if one is readily available, but basically any app that uses the OneDrive APIs to offer "storage" or "open/save file from OneDrive". Slack for example has something like this, Adobe/Foxit, heck even Autodesk products have it.

1 Like
Reply
Kerim M.

‎Apr 22 2018 11:09 AM

‎Apr 22 2018 11:09 AM

Re: Question about settings for Sync button and modern app authentication

Ok, now it's more clear what kind of apps they are. Thanks a lot for your response.
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Kerim M. (Copper Contributor)
Vasil Michev

‎Apr 22 2018 10:19 AM

‎Apr 22 2018 10:19 AM

Solution

Re: Question about settings for Sync button and modern app authentication

The answer to the first question is here: https://support.office.com/en-us/article/prevent-users-from-installing-the-onedrive-sync-client-b59c...

 

But as you said, it's not a real restriction as they can just download the client elsewhere (not to mention it comes preinstalled with Win10). If you want to restrict the sync, you can use the second option in the portal or the set-spotenantsyncclientrestriction cmdlet.

 

For the second question, all Microsoft apps should indeed support MA nowadays, but some time ago this was not true. And having support for MA is important for features such as Conditional access, which you can bypass if using legacy auth. Thus many organizations are interested in being able to block such apps. It's the analog of the -LegacyAuthProtocolsEnabled setting for Set-SPOTenant.

View solution in original post

0 Likes
Reply