Remote wipe of PC's for organizations
[Reuben updated the title for clarity]
Fairly self explanatory - Syncing company data to all of your personal machines is great but what happens when you leave the company or something needs to be retracted?
Having multiple copies of synchronized libraries on untrusted machines is a huge security risk, administrators should have the option to see which machines are synchronized to OneDrive for Business and SharePoint libraries and be able to stop synchronization and/or wipe information from these machines.
We wanted to resolve this one as done. If your organization is using Intune to manage mobile devices and PCs, admins can perform remote wipe of those devices that no longer should have access to company content.
You can read more here:
Please open a new item if the request is different from this.
Jean Stephan commented
I have an additional issue :-)
Suppose the user has another computer with onedrive for business installed, he can have the same data synced on both computers.
How can we wipe data from both PCs?
Come on Microsoft, i honestly do not understand why this has not been impletemented yet as this is just an important aspect of any cloud storage/collaboration. This is also a security breach because if a laptop gets lost/stolen, there is no way to remove company data from the local storage. Also, what if, a user is using a personal device for company use ?
Really, this had to be implemented since the development of OneDrive, not sure how other providers are able to offer this and Microsoft are still not, after over 5 years of OneDrive, even more.
Block sync is not a solution @Reuben, it's a bad work around
Remote wipe is a necessary feature. Dropbox has long ago implemented this feature. Is this something that OneDrive will ever support for OneDrive and SharePoint syncs?
Kristofer Collins commented
Why not encrypt the local data in such a way that the user is required to authenticate with the company's domain in order to access it? Surely the one drive for business service on the user's computer is required to re-authenticate with the domain every so often anyways. You could require this re-authenticate in order to be able to decrypt the information. As a supplemental you could have one drive for business periodically check with the domain to ensure the account is still active, else lock down the data. This method has the benefit of being able remove access to the local content even if the user has disconnected the computer from the internet, because the encryption key will time-out and the user will be required to re-authenticate with the domain to continue decrypting the data, which he won't be able to do because the computer isn't connected to the internet and/or the domain knows the user is inactive.
Other cloud storage like Dropbox and Sync do offer this feature. It is especially important in accounting and legal firms to have this feature. Do you have any idea on when this would be addressed?
Vien Le commented
I think we can use MDM to wipe all data with the Selective Wipe option. And about the function to block sync on un-managed clients, i have one question: if we don't have local Active Directory, how to block Un-managed clients?
Don't limit this just to business, this should be in any OneDrive. Allowing to view devices on the web, and permanently disconnect them + remote wipe the OneDrive data. On some devices (phones, tablets) it could even allow complete device wipe, as these get lost or stolen pretty often.