OneDrive


Feedback by UserVoice

Jerry

My feedback

  1. 25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    An error occurred while saving the comment
    Jerry commented  · 

    this is actually implemented in Windows 10 Version 1903 with Storage Sense. You can set a period of which the locally cached files are kept on the device before its cleaned up.

    https://www.windowscentral.com/how-manage-storage-sense-settings-using-group-policy-windows-10-may-2019-update

  2. 28 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    An error occurred while saving the comment
    Jerry commented  · 

    This problem is actually bigger and needs to be picked up fast by Microsoft. Ive already notified microsoft by creating a ticket but the Office365 team couldnt help me as its a design (flaw?)
    Ill explain why its such a issue by sketching a situation which ive tested :
    ------------------
    OneDrive Version 2019 Build 19.103.0527.0003 FilesOnDemand enabled. Local admins have permissions on profiles or general permissions on the location where the OneDrive libaries/SharePoint Online libraries are located at.

    User A: Logged on to the PC, and has access to confidential SharePoint Online libraries through OneDrive.

    User B: Is a (local) user on the computer with Administrative priviledges and has access to all user profiles on the computer of User A.

    When User A isnt on his computer, User B logs on as a different user and goes into the profile of User A. He can go into all folders and files which User A has permissions on, even the one's in the Cloud and open them as if he was User A. Even creating files in folders results in them being created as if he was user A. If you have UNC access to the computer of the pc you can even do this when the main user is logged in to the computer, without the main user suspecting a thing.

    Helpdesk admins can get to confidential files of Management/HR by simply logging in with their own credentials and/or local installation administrator accounts and its not showing up in the audit log of Office365 as suspicious behaviour
    ----------------

    One upside is that Windows 10 version 1903 brings a feature with Storage Sense which can clean up Onedrive files within a day without being used. So that could be helpful in a situation where computers are shared (eventhough the directories would still be visible and files that are kept on the device in question)

    Jerry supported this idea  · 

Feedback and Knowledge Base