I suggest you ...

Remote wipe of PC's for organizations

[Reuben updated the title for clarity]
Fairly self explanatory - Syncing company data to all of your personal machines is great but what happens when you leave the company or something needs to be retracted?
Having multiple copies of synchronized libraries on untrusted machines is a huge security risk, administrators should have the option to see which machines are synchronized to OneDrive for Business and SharePoint libraries and be able to stop synchronization and/or wipe information from these machines.

453 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    4 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Kristofer Collins commented  ·   ·  Flag as inappropriate

        Why not encrypt the local data in such a way that the user is required to authenticate with the company's domain in order to access it? Surely the one drive for business service on the user's computer is required to re-authenticate with the domain every so often anyways. You could require this re-authenticate in order to be able to decrypt the information. As a supplemental you could have one drive for business periodically check with the domain to ensure the account is still active, else lock down the data. This method has the benefit of being able remove access to the local content even if the user has disconnected the computer from the internet, because the encryption key will time-out and the user will be required to re-authenticate with the domain to continue decrypting the data, which he won't be able to do because the computer isn't connected to the internet and/or the domain knows the user is inactive.

      • sparky_jr commented  ·   ·  Flag as inappropriate

        Other cloud storage like Dropbox and Sync do offer this feature. It is especially important in accounting and legal firms to have this feature. Do you have any idea on when this would be addressed?

      • Vien Le commented  ·   ·  Flag as inappropriate

        I think we can use MDM to wipe all data with the Selective Wipe option. And about the function to block sync on un-managed clients, i have one question: if we don't have local Active Directory, how to block Un-managed clients?

      • Luka commented  ·   ·  Flag as inappropriate

        Don't limit this just to business, this should be in any OneDrive. Allowing to view devices on the web, and permanently disconnect them + remote wipe the OneDrive data. On some devices (phones, tablets) it could even allow complete device wipe, as these get lost or stolen pretty often.

      OneDrive: OneDrive for Business

      Feedback and Knowledge Base