Oh Microsoft, we love you, and sometimes we can’t stand you. Announced on Microsoft Roadmaps, Upcoming OneDrive changes are going to be a mess. (Link) The skinny on this one is simple, You will be able to sync your personal one drive files with your company OneDrive files.
The danger
Let’s talk about how dangerous this is.
Think about users like me who have personal projects that are not safe for work. For example, I have a little .NET program in my personal OneDrive that places a form on the screen and blocks all input but still lets you see the display. It’s great when I’m watching a fractal render and don’t want my cat stepping on the keyboard and messing it up.
Now imagine this program syncing to my company’s OneDrive. Imagine that executable file getting loose in a business environment. Yeah … exactly.
Then there’s HIPAA, PII, and more to consider. If Bob from Accounting links his personal OneDrive to his business OneDrive, his child’s medical documents or sensitive family files might be exposed to corporate systems. Most personal OneDrives contain things like resumes, tax documents, and payment info. That means the company could suddenly have access to those files, whether it wants to or not.
Here’s the biggest problem: file accountability.
Let’s say a user unknowingly syncs illicit files. Now those files are on the business network. Who’s responsible for them? The user? The company? Anyone with access? It’s a legal and security nightmare. This is how companies get wrecked and Microsoft seems to be ignoring the massive risk.
The solution so far
Microsoft has proposed a fix, but it’s far from elegant. You can create a Device Configuration policy in Intune to block personal OneDrive syncing. Here’s how:
How to Block Personal OneDrive in Intune
- Go to https://intune.microsoft.com
- Click Devices
- Under By Platform, select Windows
- Under Manage, select Configuration
- Click Create > New Policy
- In the “Create a Profile” pane:
- Platform: Windows 10 and later
- Profile Type: Settings Catalog
- Click Create
- Name the policy (e.g.,
OneDrive – Block Personal Sync) - Add a description (optional)
- Click Next
- Click Add Settings
- Search for OneDrive (scroll past the “Microsoft” section)
- Check Prevent users from syncing personal OneDrive accounts (User)
- Set the toggle from Disabled to Enabled
- Click Next (Scope Tags)
- You can leave this blank unless you use tags for special groups like the CEO
- Click Next (Assignments)
- Click Add All Users
- Add any exclusion groups as needed
- Click Next (Review + Create)
- If everything looks good, click Create
What does this setting do?
This is what microsoft offically says: This setting lets you block users from signing in with a Microsoft account to sync their personal OneDrive files. If you enable this setting, users will be prevented from setting up a sync relationship for their personal OneDrive account. Users who are already syncing their personal OneDrive when you enable this setting won’t be able to continue syncing (and will be shown a message that syncing has stopped), but any files synced to the computer will remain on the computer. If you disable or do not configure this setting, users can sync their personal OneDrive accounts.
These Upcoming OneDrive changes sucks for some, and is awesome for others. Lets keep ourselves protected by stopping it before it gets any worse.
Update
While searching for other options, I did find a GPO. GPO works great with internal items like desktops, and devices that don’t leave. However, if a GPO fails to load, and it’s your only option, then it will fail. The GPO is located Users Configuration > Policies > Administrative Templates > OneDrive > Prevent Users From synchronizing personal OneDrive Accounts. Just enabled this policy and apply it to your users, and it will do the same.
What can we learn as a person?
Let’s do some math. We all get 24 hours in a day. We need at least 8 hours of sleep, leaving us with 16. If you work an 8–5 job, that’s 9 hours gone. Add commute time, say 1 hour round trip, and you’re now down 11 hours.
Now subtract 1.5 hours for meals. You’re left with 3.5 hours per day. That’s all the time you have for your family, friends, hobbies, self-care, or personal growth. I’m not even counting weekends here. Most Americans live on the weekends and just exist during the week.
And here’s the part I want to challenge. Growing up, I was told, “Don’t make friends at work.” Honestly, that’s dumb. Who do you spend the most time with? Your coworkers. It’s okay to build friendships with them. It’s healthy to enjoy your work culture.