Limit OneDrive For Business access to Security Groups
A new feature to use very carefully! OK, you’ve been warned now 😉
In this blog post, we’ll have a look at how we can limit access to OneDrive For Business, and the impact when enabling this feature.
Let me lay out the environment first, so we understand the impact later. In this example, we’re going to have the following:
- 2x users (Adele & Debra)
- 1x Security Group called “SG-Consultants”
- Both users have OneDrive For Business provisioned, with sample content (private or shared with others)
- 1 of those users (Adele) will be a member of the Security Group we’ll be using, but not the other user (Debra)
Limit access to OneDrive For Business
To see this option, navigate to the SharePoint Admin Center –> Access Control (under Policies), and click on Limit OneDrive Access.
Make sure to tick the box for Limit OneDrive access to only users in specified security groups –> select your Security Group –> Click Save.
You then get a warning that users NOT in the Security Group will lose access to their OneDrive For Business AND their content!
Impact on users not in the Security Group
Now, let’s log on with a user who wasn’t a member of that Security Group. And as expected, this user doesn’t have access to OneDrive For Business anymore!
What happens to shared files? (both ways)
Any file shared by this user (who now doesn’t have access anymore) are still available
Any file shared by you with this user are also, still available
Although this is a very useful feature if you want to restrict access to OneDrive for Business to a specific group of people, you need to think carefully before enabling it, and make sure to have some Governance and communication strategy in place to avoid having a surge of support tickets!