Restrict OneDrive for Business synchronisation to domain joined machines only

Edit: This can now be done in a GUI by using the OneDrive Admin Centre at admin.onedrive.com. It also allows Mac clients by default now.

A quick preface to this post; making the changes listed below will stop all Mac clients from being able to sync their OneDrive, and will not stop mobile devices from connecting to OneDrive using the app. It also doesn’t stop the downloading or uploading of files from the web access of OneDrive. It’s sole purpose is to limit the functionality of the Windows OneDrive for Business sync client!

Firstly you need to find out the GUID for the Active Directory domain which you want to be able to sync OneDrive for Business from. To do this, log onto a Domain Controller and run the Active Directory Module for PowerShell, or run a normal PowerShell window and run

import-module ActiveDirectory

in order to get the correct cmdlets imported. Get a list of your domains by running

(Get-ADForest).Domains

And then use this command to get a list of GUIDs which will be in the same order as your domain list

$domains = (Get-ADForest).Domains; foreach($d in $domains) {Get-ADDomain -Identity $d | Select ObjectGuid}

From this you should be able to work out the correct GUID for your Active Directory domain name. Copy and paste that sucker into notepad. Now head on over to a SharePoint Online PowerShell session using the SharePoint Online Powershell module and Connect-SPOService and run

Set-SPOTenantSyncClientRestriction  -Enable -DomainGuids "b45b7d67-e68b-430e-bb76-2a31948b3221”

Make sure you replace the GUID here with the GUID you copied and pasted earlier and this setting will lock down your OneDrive for Business synchronisation to client which have the same domain GUID. If you want to enter more than one GUID, separate them with commas.

Hope this helps and sorry if it’s a bit of a haphazard blog post, it was written in a bit of a hurry!

3 thoughts on “Restrict OneDrive for Business synchronisation to domain joined machines only

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s