Here are 3 Common Office 365 Data Loss Scenarios you need to watch out for.
Are you ready to ditch those home drives, shared drives, “where-collaboration-goes-to-die” drives, and whatever other personal file storage you’re currently using?
Welcome to OneDrive! The new OneDrive admin center is tailored specifically to your needs; it’s a single place for you to manage everything related to OneDrive configuration.
The first thing you’ll see when you jump in is the home page. For now, it’s a simple welcome page, but it’ll be updated with reports and more extensive features soon. To the left you’ll notice the different areas of configuration:
Before we begin, it’s important to understand the differences between SharePoint and OneDrive for Business when considering your deployment and configuration.
SharePoint and OneDrive: How do they relate?
Knowing how to get ultimate control over your data by using the Office 365 admin portal is critical. SharePoint and OneDrive for Business share these overlapping capabilities in order to make better configuration decisions.
OneDrive for Business is built on SharePoint Online and is the central place to access your files in both SharePoint and OneDrive. Technically speaking, all user OneDrives are SharePoint sites behind-the-scenes. This means that the sharing options you see in both products will work exactly the same, thus providing a seamless experience.
Now, let’s take a step-by-step walkthrough of the admin center and all of its wonderful features.
OneDrive Admin Center Key Features
This section helps admins gain control over how and with whom your users are sharing information in both OneDrive and SharePoint. This includes controlling the use of external sharing and anonymous links as well as limiting which external domains users can share with.
How you choose your settings here should be based on how your organization policies allow for external sharing. This is where you configure what users see when they share a file or folder in OneDrive or SharePoint.
Default Link Type: Choosing a default link type will affect both OneDrive and SharePoint when they share a File or Folder.
Link Expiration: You can use this setting to set an expiration date (e.g. 30 days) for externally shared files in OneDrive and SharePoint. The advantage here is that you can make sure any anonymous links shared aren’t living in cyberspace forever. I’ll touch on these sharing options in detail and what each one means in a few moments.
External Sharing: Scrolling down in the Sharing tab, you see one of the most important settings you should pay attention to. There are four types of sharing settings that can be set for your organization.
Note: Your sharing setting for OneDrive can’t be more permissive than your setting for SharePoint.
Diving into Sharing Options: Use the reference below to get an understanding of the different sharing settings available to choose the correct option that works for your organization.
The OneDrive Sync Client
Now, I love sync, especially because I can manage my business files on the road online or offline and manage my files on the go with both my phone and my laptop.
Here’s a little excerpt on how it works: “When a user installs the OneDrive sync client for Windows or Mac, they can work with their OneDrive files in File Explorer or Finder. They can also easily save files to OneDrive from the programs they use. When users add, change, and delete files and folders from the OneDrive mobile app or by accessing their OneDrive from a web browser, the files and folders are automatically added, changed, or deleted on their computer and vice versa. To upload files to OneDrive, users can simply copy or move them to OneDrive in File Explorer or Finder. They can also use File Explorer to easily organize their OneDrive by creating new folders and moving and renaming files and folders. All these changes sync automatically.” – Docs, Microsoft
Windows 10 devices come with the OneDrive sync client installed. Office 2016 and later installations also have the sync client installed.
OneDrive Admin Controls for Sync Client
The Admin Sync control allows you to limit the types of files that can be synced between users’ OneDrive accounts and their computers, or even to hide the sync button completely for both OneDrive and SharePoint.
The first checked box in the image below appears in both SharePoint and OneDrive Document Libraries and allows users to sync files to their PC so they can be accessed easily online and offline.
Here you will find settings to customize how syncing works with the OneDrive Sync Client. Admins can block syncing of specific file types and deny syncing to non-domain-joined PCs.
You can manage your OneDrive for Business to see how much space you’re using and free up space if you’re getting close to your storage limit. OneDrive allows admins to easily set default storage limits and document retention durations.
On the Storage page, you can configure the default quota for all users (from one to five terabytes) and also configure the retention policy for documents that belong to deleted users. Each user with an Office 365 E-type plan gets at least one terabyte of OneDrive for Business storage.
On the other hand, those with E3 plans and higher with at least five users get “unlimited” storage. Of course, that’s not entirely true; you initially get one terabyte of space per user, and the administrator can increase that quota to five terabytes per user.
Using OneDrive alone is not technically a long-term backup strategy. To fill that need, third-party tools (like AvePoint’s Cloud Backup) are available to safeguard your data and ensure it doesn’t get lost over time.
4. Device Access
On the Device access page, you can restrict access to certain IP ranges (so only devices on your office network can sync, for instance) or restrict access to devices that support the latest authentication methods.
This gives admins control over how and from where a user can access their files.
Mobile Application Management
Users can configure the ability to allow/deny access from personal phones, specific networks, and rich Mobile Application Management Intune policies for iOS and Android. Control access is based on the network location.
If your organization has Microsoft Intune or Enterprise Mobility + Security, you can use the OneDrive admin center to create a global policy that manages the OneDrive and SharePoint mobile apps for Android and iOS. This policy only applies to users in your organization who are licensed for Microsoft Intune or Enterprise Mobility + Security. Below are some options you can use to manage and secure your data from personal devices by re-verification for offline devices, wiping data, or blocking OneDrive and SharePoint files from being opened in other applications.
The compliance page in the OneDrive admin center is simply a shortcut to link to some of the Security & Compliance Center features. You can use these to protect your internal data with enterprise-grade security.
Admins can find quick links to the Office 365 Security and Compliance Center for key scenarios like auditing, data loss prevention, retention, and eDiscovery. Specialized third-party tools can also offer further data protection and classification functionality.
Admins can use these settings to control notifications in OneDrive, including email and mobile. If you choose to leave the default in the admin center, users can edit their notification settings in the OneDrive sync client.
Notifications may appear when using OneDrive to share photos, Microsoft Office documents, other files, and entire folders with people who may get notified by email, sharing invites, or accepting invitations to access files.
7. Data Migration
Needing to migrate content into OneDrive for Business is a common need for many organizations. Migrate your file shares into OneDrive for rich integration and the best security platform in the world for cloud document storage.
New and Noteworthy Features
OneDrive Files On-Demand
OneDrive Files On-Demand allows users to access all their work files in OneDrive without downloading them. This feature saves hard drive space by only downloading items that have been opened, viewed, or edited recently. New files and folders created online or on another device appear as “Online-only” to save maximum space. However, users can mark a folder as “Always keep on this device,” and its content will download to their device as always available files.
OneDrive Known Folder Move (KFM)
This feature allows users to back up their PC folders to their OneDrives, including Desktop, Documents, Pictures, and Videos. You can turn this setting on as an administrator and users can manage it in their OneDrive Sync Client Settings under Backup.
Leverage this new knowledge productively and make OneDrive the next-gen file collaboration solution of your users’ dreams! Because really, what would they do if they lost everything on their laptop?
To customize how OneDrive for Business works in your Tenant, go to the OneDrive admin center at https://admin.onedrive.com/.
For more on the different admin centers in Microsoft 365, check out the articles below:
- An Introduction to the SharePoint Admin Center
- 4 Great Features of the New Power Platform Admin Center
- 4 Ways to Manage the Microsoft Teams Admin Center Like a Rockstar