Forum Discussion
Non-corporate and sync
User John at Fabrikam.com have utilized his OneDrive for Business and is syncing files to his corporate pc running Windows 10 - and are very happy of the functions and collaborations options that OneDrive provides :D
So happy that John one day forgets his PC at the office, instead he borrows his Son's pc (which also runs Windows 10) - fires up OneDrive and Sign in with his Corporate Credentials (of cause using MFA) but then starts working/syncing various files to his sons PC. - Fabrikam.com is now, not happy :D
How do Fabrikam.com prevent their users from syncing to non-corporate devices? - but still allowing e.g. the CEO's iPad (which is unmanaged) to access the users OneDrive and without setting Trusted locations in a conditional access policy?
- No CA, trusted sites, mdm? I guess you need an private investigator follow everyone around then :)
In the onedrive admin center, you can actually block sync to non domain computers
- No CA, trusted sites, mdm? I guess you need an private investigator follow everyone around then :)
In the onedrive admin center, you can actually block sync to non domain computersHi Adam
Thx :)
And that setting goes only on the sync functions right? - and won't prevent the CEO's iPad access? :D
The Domain should be inserted at as GUID? - so I have to do a Get-ADDomain :)
so this ObjectGUID : b63b4f44-58b9-49cf-8911-b36e8575d5eb
- Keep in mind this only works for local domain joined machines. Azure joined can still access as well.
Also a tip. Make sure you add .pst files to your excluded list. Unless you know that no one uses and or saves them to their onedrive folders. Outlook modified them just by by having them open and cause a constant resync with them and when they are large you get the idea. But this may not be a use case in your scenario but something to think about.
