Non-corporate and sync

Steel Contributor
User John at have utilized his OneDrive for Business and is syncing files to his corporate pc running Windows 10 - and are very happy of the functions and collaborations options that OneDrive provides :D 
So happy that John one day forgets his PC at the office, instead he borrows his Son's pc (which also runs Windows 10) - fires up OneDrive and Sign in with his Corporate Credentials  (of cause using MFA) but then starts working/syncing various files to his sons PC. - is now, not happy :D  
How do prevent their users from syncing to non-corporate devices? - but still allowing e.g. the CEO's iPad (which is unmanaged) to access the users OneDrive and without setting Trusted locations in a conditional access policy?
5 Replies
best response confirmed by Taen keren (Steel Contributor)
No CA, trusted sites, mdm? I guess you need an private investigator follow everyone around then :)

In the onedrive admin center, you can actually block sync to non domain computers

Hi @Adam 

Thx :)

And that setting goes only on the sync functions right? - and won't prevent the CEO's iPad access? :D


The Domain should be inserted at as GUID? - so I have to do a Get-ADDomain :)   


so this ObjectGUID : b63b4f44-58b9-49cf-8911-b36e8575d5eb 


Picture 1.png

Keep in mind this only works for local domain joined machines. Azure joined can still access as well.

Also a tip. Make sure you add .pst files to your excluded list. Unless you know that no one uses and or saves them to their onedrive folders. Outlook modified them just by by having them open and cause a constant resync with them and when they are large you get the idea. But this may not be a use case in your scenario but something to think about.
Yeah, that’s a good point