131 Continental Drive Suite 305 Newark, DE 19713 United States
India
SCO 515, Third Floor Sector 70, Mohali Punjab, 160055
Follow Us on Social -
In this blog post, we will cover an important and common aspect of OneDrive for Business (ODB) administration, which is an important tool for business management, here the use of different tools and knowledge could really help improve a business results. A request that reaches Office 365 admins many times is to disable ODB for specific user(s) while doing a speed test. Office 365 offers a license management features that control many sub products within the license management via the UI itself. However, as simple as it may seem, this is not the case. There is no way to disable just the ODB license for a new or existing user. The simple ON/Off switch does not exist as of today.
When we try looking at our options in the admin UI, we notice that OneDrive license is missing. This is because the OneDrive for Business is clubbed with SharePoint Online license. You may disable the SharePoint Online License which is a simple solution if the user doesn't need to have a SharePoint License, however this may or may not be your end goal.If you want to start using kratom, it is very important to buy from recognized sellers and with quality products, so you can visit this website to get some good advises to find a good kratom seller
Let's now see how this can be achieved without much hassle, though we would always want to have simple selection options in SharePoint/OneDrive admin centers for Office 365. If you want Microsoft to implement this feature via Group Membership, here is the link to the user voice where you can up vote this and have Microsoft take action on your feedback.
[ryvl video_url="https://www.youtube.com/watch?v=VrSI05sy29g&start=205&end=323&rel=false" auto_play="yes"] Watch this video for latest OneDrive updates[/ryvl]
We have 3 scenarios that we will go through:
Scenario 1
Scenario 2
Scenario 3
Disable OneDrive creation for everyone in a new Office 365 tenant and then control it via a single Group Membership.Users are able to access SharePoint sites in this scenario.
Disable OneDrive for existing users and let them continue to use SharePoint sites.
Disable App Launcher option only in which case they will still be able to access OneDrive if they know the URL or navigate through Delve.
Note:Scenario 1 and 2 disables their MySite Completely and not just the OneDrive for business document library
Scenario 1
We will first discuss, how Office 365 admins can control ODB access from initial tenant deployment stage itself which will help in the long run. Also, this helps Access control for ODB for new Users via group membership.
In SharePoint Online, the Personal Site creation is enabled for all via the group Everyone except external users.
This option gives the capability to create OneDrive and if disabled, will disable ODB access for users.
You can access this via the following path: SharePoint Admin Center > User Profiles > Manage User Permissions
If we uncheck the Create Personal Site permission, users will not be able to create their MySite or OneDrive in the first place.
To fix this, instead using the default Everyone except external users, create separate groups and assign them permissions directly.
To keep things simple for this Blog Post, we will just create a Security Group ODB Users in Office 365 admin center and assign them Create Personal Site permission in User profiles.
After following the below steps described in the screenshots below, you will be able to control which users have the capability to initiate their OneDrive for Business creations via Group ODB Users.
Scenario 2
Now we will look at our second scenario where existing users are currently using ODB but for business reasons, we need to disable their ODB access and still continue to have SharePoint access.
Follow the instructions from Scenario 1 to disable personal sites and/or grant selective personal site access depending on your requirements.
Now since the user already has a OneDrive, removing the above personal site access won't do anything and the user shall still have access to the his/her OneDrive if he tries to accesses it.
We can simply change the site collection administrator of the personal site of the specific user from SharePoint Admin Center > User Profiles > Manage User Profiles. Search for the user and click on the dropdown menu next to it to get to the below options and select "Manage site collection owners".
Replace the account in the fields below with the one for the new Site Collection admin for the Personal site of the user.
This way you will be able to give the users their OneDrive access back at a later stage if and when needed.
Alternatively, for multiple users, we can change the site collection administrator of the site using the below script to a different account or admin account in bulk.## Script to list out all the sites in your tenant including the personal sites or ODBsGet-SPOSite -IncludePersonalSite $true | select url, Owner | Export-Csv -Path “C:TempSPOSites.csv” -Delimiter “,”## Sameple script to change the site collection administrator for the ODB sites. You need to create a CSV file with url and Owner columns. Owner would be the account name of the new owner.Import-CSV C:TempChangeODBAdmin.csv | foreach-object { Set-SPOSite -Identity $_.Url -Owner $_.Owner}
When the users try to access their OneDrive post the owner change, they will get access denied message going forward. Not an elegant solution but gets the job done.
Also, the OneDrive sync client will stop syncing new files. The user will continue to have access to the files already synced on their devices. If they attempt to sync again they will get the below message in OneDrive Client post the login prompt.
We recommend to delete the personal site using PowerShell command Remove-SPOSite, however ensure that we delete the site prior to disabling the access using step 1. This ensures that the PersonalSiteInstantiationState profile property of the user is updated which would help in smother personal site creation in future if reenabled & also won't impact any dependent features.
The recommendation to delete the personal site is because it contains granular permissions which will not be removed by simply changing the Site Collection Administrator.
Also, if your users have created subsites or other lists/libraries under the personal site with unique permissions, they will continue to have access to it. The user is by default added to the site with Full Control and the default group Everyone except external users, has read access on the personal site by default.
Scenario 3
For Scenario 3, we can also hide the OneDrive for Business App from the app launcher using the below option from SharePoint Admin Center > Settings.
Remember that this will hide the OneDrive link for everyone but they will still be able to access the ODB if they browse to the URL manually.
Note:This post does not cover the aspect of disabling OneDrive for Business Sync client on PCs and Mobile devices. For more information on disabling the sync client on PC visit this link here.
Engage with us to know more about OneDrive for Business
