Disable Sharing in OneDrive for Business ENTIRELY
For our company it's a Must-Have to be have the option to disable the sharing on ODfB entirely (also tenant internal).
This is to prevent users from setting up project or team workspaces in their own user drives.
A similar idea was posted here, but since it was not splitted up by the user, I posted this new one.
No, we’ve received this request before. Thanks for the feedback. OneDrive is built for collaboration and it’s a core part of the user experience and value proposition. Unfortunately, we have no plans to block sharing completely.
Renato Pereira commented
today I opened a ticket from O365 portal since the customer need avoid users share their folders.
I found by myself an article that can be usefull for enrivonment with AD where you can do some adjustments:
In that case, they are a small company without AD or even local server.
If you go to the URL below, you can set an option to restrict the hability of EXTERNAL SHARING only for a specific security group that you previously created with only some account allow to do this:
** I think that this option is only when try to SHARE with EXTERNAL contacts.
Our customer main concern is related that users are using Onedrive on computers for CORPORATE ACCOUNT and also setting (by their own) the PERSONAL ACCOUNT (@hotmail.com, @msn.com, @live.com) and then copying corp data to their person account and then able to 'copy' data that will be available to their pc at home. Maybe we need Enterprise Security Mobility to limit what will the PC which will sync (but its not the case since users are sync using corp laptops) or another solution (MS Intune??) to ENCRYPT and disable these files to be used on an unauthorized computer.
Just to explain a little bit about that business needs, customer was using DROPBOX where the staff was sharing with each other and also to external contacts, this is still painfull to map everything, put on a spreedsheet and set remote meeting with customer team to review and set where some files and folders will be placed in the 'new environment with OneDrive'.
A.s.a.p I have news about MS Team, will post here.
We are a Healthcare company and would like the option to turn off sharing for OneDrive for Business since we have other areas like Teams and Sharepoint that we would allow sharing access. We look at OneDrive as personal files and have never allowed staff to share these files when they are sitting in a on prem file share. By allowing the admin to have the option to run off sharing even within the company we preserve the security so more access is not given even by accident and we can protect PHI and PPI even further. We are responsible for HIPAA violations and want to use our best practices whenever we can.
The option may not be for everyone but think that if it was at least available then those that want it can use it.
We managed to work around this issue by creating a DLP policy in O365 Security and Compliance that prevents sharing of certain file types in OneDrive. We then added the file types we're concerned about. Users can still "share" a link but the recipient gets a message that the file is blocked.
Judging by the ADMIN's response Microsoft has decided to ignore real world requirements and instead impose on us their view of how we should use their software. A better approach would be to listen to the users of their products and provide the features we need in order to use and improve the product.
Don Murphy commented
We also intend to use OneDrive as a personal storage container. sharePoint is for collaboration. Seems pretty simple that many industries require the ability to restrict sharing
Stuart S. commented
Unfortunately this means that the only alternative is to disable OneDrive completely. If it cannot be used securely, then it cannot be used at all.
You (Microsoft) need to consider that collaboration is good, but not at the expense of security. Period.
Might be beating a dead horse to death here... but from a Infosec stand point the ability to block at the very least Anonymous file sharing should have been integrated into the environment from the get go. There are times, more often than not, that sharing documents or information is a HIPAA violation or Security risk.
Microsoft you need to step up your game and start thinking towards a more security oriented mind set and give us the option to block Anonymous file sharing
Mike Reid commented
We need this feature as well. SharePoint will be used for sharing, not OneDrive. We want OneDrive to be used for personal files only and not shareable.
Abid Ali commented
the same i want to implement in my organization like disable internal/external sharing completely so that user can only use onedrive as data storage container without sharing feature at all.
microsoft's one drive team could work on this to make sharing disable option for INTERNAL and EXTERNAL
How about if they just make a folder that you can not share from?
Since Microsoft is shy on answering our request, I decided to call my TAM and have the request sent to the development team. Here is their answer :
« No, we've received this request before. Thanks for the feedback. OneDrive is built for collaboration and it's a core part of the user experience and value proposition. Unfortunately, we have no plans to block sharing completely. »
So I guess we can forget about it ! But it would have been easier if Microsoft could find the courage to answer us on the uservoice right away instead of letting us linger for two year without saying a word. It's a shame.....
Sent the following back to MS:
Just had another thought on why the option to disable sharing on OneDrive completely.
As i've already mentioned, students will be students and there will come a time when bullying gets out of hand. A student could easily in a lesson upload an edited image of someone, get the link and send this link to anyone. How do you think this would make the victim feel? We as administrators in schools need to do everything we can to prevent students this kind of thing. Having the ability to prevent this from happening on OneDrive ticks another box to say that OneDrive is safe to use.
I had a follow up email from MS regarding this and here was my response - apologies if i've missed something, but i've come at this from an Educational Network Manager point of view:
There are various improvements that are required in OneDrive when used education.
-> sharing is a big deal for example student coursework. I totally understand that OneDrive is mainly for collaberation however there maybe times when students will try to share documents with other students and submit as their own. There are times when students cannot be trusted not to share files and folders.
I have tried implementing mailflows that block the notification to other students but this doesn't work.
Maybe Students and staff both need to have a Private area that stops files or folders from being shared.
I feel we Administrators need to setup rules within OneDrive. There should be a rule for example that prevents group "Students" been able to share documents with members in the same group or who are also a student but able to share the document(s) with group "staff" or "teachers".
Both staff and students may have files on OneDrive that must not be shared at all even if they do try to to share them.
-> the ability to specify what file types are allowed or denined to to shared or even stored on OneDrive. Students will be students - some can be trusted however others cannot be trusted. Having an option to block and allow file tyoes that can be shared would be a grear advantage, even the ability to block and allow file types from being uploaded and downloaded to OneDrive.
-> if files or folders are shared, would it be possible to set in options of sharing to only allow download of the files once. I understand this could be difficult to set up but would be great if this could be done - maybe this could be done with a cookie to disable access to the folder or file one already accessed if set as anonymous
-> options for owners to set permissions so that those who are reading the file cannot re-share the shared files or folders. Make the permissions easier for users to use rather than opening up the complicated sharepoint settings. Users will not use it if it's complicated.
-> share a folder and let users add to it but not read, delete or download files that are already there. Having the granular settings on OneDrive as a folder share on a server is a must.
-> whilst on the subject of sharing, a way to prevent access to files or folders that if accessed outside the company's external IP address(es), access is denined. I see that this feature is already there for the entire tennant however there may be files and folders that must remain on OneDrive without being downloaded or accessed from any IP address but the specified external addess(es).
-> prevent files and folders from being downloaded. If a file cannot be opened in the browser it should not be able to be downloaded. I have tested this with a .m4a file and set it to not able to download. The "SaveAs" box is displayed when it's played - massive fail.
As lots have mentioned on Uservoice about OneDrive administration and sharing, maybe this is the time that the Microsoft OneDrive Managers and Developers could make OneDrive great by listening to it's users. To move home directories and organisational shares on file servers to OneDrive for users, onedrive needs the above and more to be implemented before we can fully move our user's home drives and folder shares to onedrive.
this would be extremely important in education setting
Russell Dodson commented
Yes, this would be useful for schools where they just want to provide online storage, without any kind of 'communication' functionality. We can remove exchange licences to get rid of e-mail, but we can't stop sharing of documents. Ideally this would be configurable on a per user and per group basis.
We would like a "private" folder that items could not be shared from. If you want to share something in the "private" folder it would have to be deliberately moved to another folder. We want to make sure anything shared for onedrive is deliberate
Come on Microsoft you are thinking about ideas for OneDrive that received less votes than this. Are you really listening to us ???
A similar idea was also posted here : https://office365.uservoice.com/forums/264636-general/suggestions/7950375-onedrive-for-business-administration
Can UserVoice merge them into one ? That would make the vote count much higher
Critical for us