Limit OneDrive For Business access to Security Groups

Â
A new feature to use very carefully! OK, you’ve been warned now 😉
In this blog post, we’ll have a look at how we can limit access to OneDrive For Business, and the impact when enabling this feature.
Â
Scenario
Let me lay out the environment first, so we understand the impact later. In this example, we’re going to have the following:
- 2x users (Adele & Debra)
- 1x Security Group called “SG-Consultants”
- Both users have OneDrive For Business provisioned, with sample content (private or shared with others)
- 1 of those users (Adele) will be a member of the Security Group we’ll be using, but not the other user (Debra)
Â
Limit access to OneDrive For Business
To see this option, navigate to the SharePoint Admin Center –> Access Control (under Policies), and click on Limit OneDrive Access.
Make sure to tick the box for Limit OneDrive access to only users in specified security groups –> select your Security Group –> Click Save.
Â
You then get a warning that users NOT in the Security Group will lose access to their OneDrive For Business AND their content!
Â
Impact on users not in the Security Group
Now, let’s log on with a user who wasn’t a member of that Security Group. And as expected, this user doesn’t have access to OneDrive For Business anymore!
Â
What happens to shared files? (both ways)
Any file shared by this user (who now doesn’t have access anymore) are still available
Â
Any file shared by you with this user are also, still available
Â
Conclusion
Although this is a very useful feature if you want to restrict access to OneDrive for Business to a specific group of people, you need to think carefully before enabling it, and make sure to have some Governance and communication strategy in place to avoid having a surge of support tickets!