Remote wipe of PC's for organizations
[Reuben updated the title for clarity]
Fairly self explanatory - Syncing company data to all of your personal machines is great but what happens when you leave the company or something needs to be retracted?
Having multiple copies of synchronized libraries on untrusted machines is a huge security risk, administrators should have the option to see which machines are synchronized to OneDrive for Business and SharePoint libraries and be able to stop synchronization and/or wipe information from these machines.
Thanks for the feedback, the answer is in 2 parts. Firstly, the ability to block sync on unmanaged PC’s was recently shipped: https://blog.onedrive.com/onedrive-for-business-introduces-new-data-loss-prevention-capabilities-for-sync/
The second part of your idea (the ability to remote-wipe corporate PC data) is something we’re actively thinking about but have nothing to report at this time.
Kristofer Collins commented
Why not encrypt the local data in such a way that the user is required to authenticate with the company's domain in order to access it? Surely the one drive for business service on the user's computer is required to re-authenticate with the domain every so often anyways. You could require this re-authenticate in order to be able to decrypt the information. As a supplemental you could have one drive for business periodically check with the domain to ensure the account is still active, else lock down the data. This method has the benefit of being able remove access to the local content even if the user has disconnected the computer from the internet, because the encryption key will time-out and the user will be required to re-authenticate with the domain to continue decrypting the data, which he won't be able to do because the computer isn't connected to the internet and/or the domain knows the user is inactive.
Other cloud storage like Dropbox and Sync do offer this feature. It is especially important in accounting and legal firms to have this feature. Do you have any idea on when this would be addressed?
Vien Le commented
I think we can use MDM to wipe all data with the Selective Wipe option. And about the function to block sync on un-managed clients, i have one question: if we don't have local Active Directory, how to block Un-managed clients?
Don't limit this just to business, this should be in any OneDrive. Allowing to view devices on the web, and permanently disconnect them + remote wipe the OneDrive data. On some devices (phones, tablets) it could even allow complete device wipe, as these get lost or stolen pretty often.