OneDrive For Business Administration Security Compliance

Boston Office 365 User Group – December 2016
Oliver Bartholdson
Senior SharePoint Consultant
Microsoft PTSP
Twitter: @obartholdson
LinkedIn: linkedin.com/in/obartholdson
What you will get out of this session
Prepare for launch Protect after launch

Pre- End User
Secondary Storage OneDrive Modern External Content
Provision DLP Policies Sync Client Activity eDiscovery
Administrator Quota Retention Experience Sharing Search
OneDrive Reports
Governance Plan Data Migration

What you will NOT get out of this session
Prepare for launch Protect after launch

Pre- End User
Secondary Storage OneDrive Modern External Content
Provision DLP Policies Sync Client Activity eDiscovery
Administrator Quota Retention Experience Sharing Search
OneDrive Reports
Governance Plan Data Migration

OneDrive for Business Overview
Add a Secondary Administrator
Global Admin view End user view

End User
Secondary Storage Pre-Provision OneDrive Modern External Content
DLP Policies Sync Client Activity eDiscovery
Administrator Quota OneDrive Retention Experience Sharing Search
Reports
Automatically add a secondary administrator during the
creation process of the OneDrive site (MySite)
SharePoint Admin Center > User Profiles > Setup MySites
End User
Reports
For existing OneDrive sites, you must:
• Sign in to Office 365 as a Global Administrator
• Connect to the tenant using Connect-SPOService
• Create a list of all OneDrive for Business sites using
GetOD4BSites.ps1
• Assign a user as a site collection administrator across all
OneDrive sites using OD4BAssignSCA.ps1
End User
Reports
Tips
• Assign permissions to no more than 2,500
OneDrive for Business sites per day
• Keep a record of the OneDrive sites and
administrators
• Communicate to users that an administrative
account has been assigned as a site collection
administrator to OneDrive for Business sites in
your organization
End User
Reports
OneDrive for Business Storage
0TB 1TB 2TB 3TB 4TB 5TB 6TB 7TB
Unlimited storage included in all Enterprise plans

1TB limit by default, can be increased to 5TB
Ask Microsoft for more than 5TB
End User
Reports
Set Storage Quota
• Sign in to Office 365 as a Global Administrator
• Connect to the tenant using Connect-SPOService
• To set a global quota for new OneDrive sites
• Set-SPOTenant -OneDriveStorageQuota <quota>
• To reset an existing OneDrive site to new quota
• Set-SPOSite -Identity <siteURL> -StorageQuotaReset
• To set the storage quota for a specific OneDrive site
• Set-SPOSite -Identity <siteURL> -StorageQuota <quota>
End User
Reports
Pre-Provision OneDrive
Why pre-provision?
• Migrate data from file server or other
repository
• Migrate data from OnPrem MySite to
OneDrive for Business
• Part of your on-boarding process
End User
Reports
Pre-Provision OneDrive
• Configure Secondary Admin and Storage Quota Be sure to assign a
• Set up the SharePoint Online Management Shell license to the Global
Administrator
• Sign in to Office 365 as a Global Administrator account that will be
running this
• Connect to the tenant using Connect- PowerShell cmdlet.
SPOService
• Run the Request-SPOPersonalSite cmdlet, or
create a CSV file to provision up to 200 OneDrive
libraries at once
• Your request will be queued through a timer job
End User
Reports
OneDrive Retention
• Account gets deleted in Office 365 Admin Center
or removed through Azure AD sync 30
• OneDrive site is marked for deletion through the
MySite Cleanup Timer Job Days
• The Manager in AD gets notified via email and
obtains ownership of the OneDrive site
• 30 Days later the OneDrive data is deleted
End User
Reports
MySite Cleanup Job
• Add a secondary owner in case the manager field is not
populated in AD
• Increase the retention period for the MySite Cleanup Timer Job
to up to 10 years!
• Set-SPOTenant –OrphanedPersonalSitesRetentionPeriod <number of days>
End User
Reports
Data Loss Prevention Policies (DLP)
• Identify sensitive information across many locations, such as
Exchange Online, SharePoint Online, and OneDrive for Business
• Prevent the accidental sharing of sensitive information
• Get notified or view DLP reports showing content that matches
your organization’s DLP policies
End User
Reports
Data Loss Prevention Policies
• Security and Compliance > Threat Management > DLP
• Protect all OneDrive sites, or just a few
• Create your conditions
End User
Reports
• Choose a sensitive information type, or
create your own
• Create an action when conditions are met
End User
Reports
End User
Reports
Next Generation Sync Client
Original Sync Client (groove.exe) Next Gen Sync Client (onedrive.exe)
• Windows 7, 8, 8.1, 10 • Windows 7, 8, 8.1, 10, Mac OS X 10.9
• OneDrive for Business, SharePoint, • OneDrive for Business, OneDrive
Consumer, SharePoint, Groups (Preview)
Groups
• No item limit
• 20,000 item limit
• 10 GB file size limit
• 2GB file size limit
• Supports Selective Sync
• No Selective Sync
• Supports real-time co-authoring in Office
• Supports co-authoring from local docs 2016
• Included in Office ProPlus 2013 • Included in Office ProPlus 2016
• MFA App Passwords • MFA with Modern Authentication
• Control bandwidth consumption
End User
Reports
Previous Sync Client New sync client
End User
Reports
Already have the old groove sync client installed?
• The next gen sync client with automatically take over syncing
• Groove.exe with stop syncing OneDrive sites
• OneDrive.exe starts syncing the same OneDrive site without re-
downloading the content
• Groove.exe stops running and removes itself from automatic startup,
unless it’s syncing other content like SharePoint site libraries or OnPrem
OneDrive for Business
End User
Reports
• System Center Configuration Download the
sample SCCM
Manager (SCCM) or Group Policy package. Just
can be used to deploy the sync update the
OneDrive.exe
client path and the
• Deploy OneDrive.exe to your users application
owner.
• Launch OneDrive.exe to allow users
to setup the sync client
• Set update cadence (Optional)
End User
Reports
Key Administration Settings via Group Policy Download the
• Set the default location for the OneDrive folder

OneDrive
Deployment
Package to get the
• Prevent users from changing the location of adml and admx
their OneDrive folder group policy files
• Prevent users from synchronizing their

personal OneDrive accounts
• Set maximum upload bandwidth percentage
that OneDrive.exe uses
End User
Reports
Set-SPOTenantSyncClientRestriction
• Block sync to non-domain joined machines
• Control the list of allowed domains
• Block Mac sync since they do not support domain join
• Block specific file extensions from synching
• Prevent users from synchronizing their personal OneDrive accounts
• Block the old sync client
End User
Reports
Classic vs. Modern OneDrive
End User
Reports
External Sharing
Tenant level options Site collection options
Site collection sharing cannot be less

restrictive than the tenant setting
End User
Reports
External Sharing
All or nothing OneDrive sharing
Enable for all, block for some

• Set-SPOSite –Identity
https://<yourtenant>-
my.sharepoint.com –
SharingCapability Disabled
End User
Reports
External Sharing
You can setup a list of approved
domains or blocked domains
but not both
These settings apply to both

SharePoint Online and OneDrive
for Business!
End User
Reports
End User Activity Reports
Who has viewed that document?
Who is sharing files with external parties?
Who deleted those files?
Who created an anonymous link to this file?
Who is using the sync client to download files?
Who deleted the compliance administrator from their OneDrive?
End User
Reports
End User Activity Reports
End User
Reports
Advanced Alerts
End User
Reports
Content Search
End User
Reports
Content Search
End User
Reports
Content Search
End User
Reports
eDiscovery Case Management
End User
Reports
Preservation Hold Library
Document Library Preservation Hold Library
End User
Reports
eDiscovery Case Management
Preserve Identify Search Analyze Review
Identifying Relevant Data
End User
Reports
Advanced eDiscovery
End User
Reports
Resources
Downloads Data Loss Prevention Policies
OneDrive Deployment Package Next Generation Sync Client Overview
sample SCCM package Determine Version of Sync Client
GetOD4BSites.ps1 Transition to the Next Gen Sync Client
OD4BAssignSCA.ps1 Deploying the Next Gen Sync Client

Administrative Settings for the Next Gen Sync Client
References Block Sync From Non-Domain Joined Machines
Add a Secondary Administrator Overview of External Sharing
Assign eDiscovery Permissions to OneDrive End User Activity Reports
OneDrive for Business Storage Advanced Alerts in Office 365
Set OneDrive Storage Quota Run a Compliance Search
Pre-Provision OneDrive Sites eDiscovery Case Management
Overview of OneDrive Retention and Deletion Advanced eDiscovery
OneDrive Retention PowerShell cmdlet Stay Up to Date with the Sync Client Release Notes
Thank you!
Don’t forget to follow me:
Twitter: @obartholdson
LinkedIn: linkedin.com/in/obartholdson

OneDrive For Business Administration Security Compliance

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

OneDrive For Business Administration Security Compliance

Încărcat de

Drepturi de autor:

Formate disponibile

Boston Office 365 User Group – December 2016

Prepare for launch Protect after launch

Governance Plan Data Migration

Prepare for launch Protect after launch

Governance Plan Data Migration

Global Admin view End user view

Unlimited storage included in all Enterprise plans

• Create an action when conditions are met

• Set the default location for the OneDrive folder

• Prevent users from synchronizing their

Site collection sharing cannot be less

Enable for all, block for some

These settings apply to both

Document Library Preservation Hold Library

Preserve Identify Search Analyze Review

Identifying Relevant Data

OneDrive Deployment Package Next Generation Sync Client Overview

sample SCCM package Determine Version of Sync Client

GetOD4BSites.ps1 Transition to the Next Gen Sync Client

OD4BAssignSCA.ps1 Deploying the Next Gen Sync Client

References Block Sync From Non-Domain Joined Machines

Add a Secondary Administrator Overview of External Sharing

Assign eDiscovery Permissions to OneDrive End User Activity Reports

OneDrive for Business Storage Advanced Alerts in Office 365

Set OneDrive Storage Quota Run a Compliance Search

Pre-Provision OneDrive Sites eDiscovery Case Management

Overview of OneDrive Retention and Deletion Advanced eDiscovery

S-ar putea să vă placă și