Guests cannot download files shared with OneDrive (conditional access policies)
We have enabled 'Allow limited, web-only access' for unmanaged devices in Sharepoint (https://docs.microsoft.com/en-us/sharepoint/control-access-from-unmanaged-devices?redirectSourcePath=%252farticle%252f5ae550c4-bd20-4257-847b-5c20fb053622). I thought that this setting is linked with conditional access policies but it seems to be applied for all guest users. This setting creates 2 conditional access policies. I changed the user assignments to exclude guests. This doesn't work. Is there an option to exclude guests so they can download shared files to an unmanaged device? We block downloading files from OneDrive and Sharepoint on non hybrid AD joined devices. We only want to do this for internal users. If we share with external users, it is the responsability of the guest to keep de downloaded documents safe.
External sharing good practice
Hi all I'm wondering what is the typical industry practice for external sharing of Sharepoint team site files, folders or subsites. Do most companies forbid this and allow just external sharing via Office 365 employee one drive folders? I saw somewhere else that others recommend setting up a separate sharepoint site collection say called "external sharing" and having subsite for each external client you wish to share with and put their documents in there - only thing with this is you have to manually download from one sharepoint site and upload into that new site collection. Thanks in advance GerryIssues with OneDrive sync client and SharePoint
Dated: 6th December 2018 We are having some issues with OneDrive sync client SharePoint online. Deleted files re-appears and files are duplicated with computer name even when users are connected to the Internet. We are located close to Ireland (56 ms latency to Office 365 servers) and have 100/100 Mbps Internet connection (load on the line is less than 10%) and there are only 3-4 SharePoint users. OneDrive version: Version 2018 (Build https://go.microsoft.com/fwlink/?linkid=844652) Please let us know the expected behaviour in these cases: SharePoint library is synced using OneDrive for user John and Alex, a folder is selected to "Always keep on this device" And OneDrive setting for office is as follows: Case 1 Time User: John (local OneDrive folder) SharePoint Online Library User: Alex (local OneDrive folder) 10:00:00 Creates file1.docx file1.docx is synced from John file1.docx is synched from SharePoint 11:00:00 Disconnects from the Internet file1.docx Disconnects from the Internet 12:00:00 Deletes file1.docx (while offline) file1.docx Edits file1.docx (unintentional edit while offline) 13:00:00 Still offline file1.docx is updated from Alex Connects to the Internet and OneDrive syncs 14:00:00 Connects to the Internet and OneDrive syncs file1.docx file1.docx 14:00:01 ? ? ? Case 2 Time User: John (local OneDrive folder) SharePoint Online Library User: Alex (local OneDrive folder) 10:00:00 Creates file1.docx file1.docx is synced from John file1.docx is synched from SharePoint 11:00:00 Disconnects from the Internet file1.docx Disconnects from the Internet 12:00:00 Deletes file1.docx (while offline) file1.docx Edits file1.docx (unintentional edit while offline) 13:00:00 Connects to the Internet and OneDrive syncs file1.docx is deleted - from John's Still offline 14:00:00 file1.docx does not exist file1.docx does not exist Come online and OneDrive syncs 14:00:01 ? ? ?SharePoint on-prem, ADFS, and OneDrive for Business
I have a SharePoint 2016 farm on-premises using ADFS authentication. I'm having problems integrating the farm with OneDrive for Business. I set up my ADFS IdentifierClaim for SP is using sAMAccountName, and I'm wondering if that is causing the problem. Is it a requirement (or strongly encouraged) to use email address for the Identifier Claim when creating a new SharePoint SPTrustedIdentityTokenIssuer?
adding domain user to site collection admin for a users od4b site collection
I am trying to write a powershell script to change the Locale from En-US to EN-UK for which i have written powershell script to achieve that. However it does not execute as the the admin needs to to be made site collection secondary admin at least for the one drive for business site. so in the middle of the script before the last execute method i need to add the AdminUser to its site collection administrators. As you know i have used CSOM below; i want to achieve that using CSOM; I have tenant url, admin, user od4b url. #Add references to SharePoint client assemblies and authenticate to Office 365 site – required for CSOM [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client") [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client.Runtime") [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client.UserProfiles") #Specify tenant admin <$AdmiUser = "first.Lastname@domain.abc.uk"> $Password = Read-Host -Prompt "Please enter your password" -AsSecureString $Creds = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($AdminUser,$Password) #Configure MySite Host URL < $SiteURL = "https://tenant-my.sharepoint.com/"> #Bind to MySite Host Site Collection $Context = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL) $Context.Credentials = $Creds #Identify users in the Site Collection $Users = $Context.Web.SiteUsers $Context.Load($Users) $Context.ExecuteQuery() #Create People Manager object to retrieve profile data $PeopleManager = New-Object Microsoft.SharePoint.Client.UserProfiles.PeopleManager($Context) $UserProfile = $PeopleManager.GetPropertiesFor('<sample user>'') $Context.Load($UserProfile) $Context.ExecuteQuery() If ($UserProfile.Email -ne $null) { Write-Host "Updating OD4B site for User:" $User.LoginName -ForegroundColor Green #Bind to OD4B Site and change locale $OD4BSiteURL = $UserProfile.PersonalUrl $Context2 = New-Object Microsoft.SharePoint.Client.ClientContext($OD4BSiteURL) Foreach ($User in $OD4BSiteURL) { $Context2.Credentials = $Creds $Context2.ExecuteQuery() #$Context2.Load($web); #$Context2.Load($RegionalSettings); Write-Host $User $Context2.Web.RegionalSettings.LocaleId = "2057" $Context2.Web.Update() $Context2.ExecuteQuery() } }
