OneDrive for Business (OD4B) is a key workload in Office 365 and can be an integral part of your collaboration strategy. OD4B provides a cloud location to store, share, and sync your work files and then work with them from any device. Microsoft has spent a lot of effort to get a rock-solid solution including a well-oiled sync engine together.

1. Managing
OneDrive for Business
SharePoint Saturday NYC 2017
#SPSNYC

2. Drew Madelung
Email : dmadelung@concurrency.com
Twitter : @dmadelung
Website: drewmadelung.com
Technical Architect – SharePoint & Office 365

3. EVALS / PRIZES
Bring all items to the 6th Info Desk
• Bingo Cards = how you win prizes at the
end of the event.
• The cards must be stamped by ALL the
Sponsors by the last session (4pm)
• Fill out speakers evaluations (located in
the front of the rooms
• Fill out the event evaluations
27 in Curved Samsung
Lenovo IdeaPad
Name your game bundle

4. THANK YOU
EVENT SPONSORS
We appreciated you supporting the
New York SharePoint Community!
• Diamond, Platinum, Gold, & Silver have
tables scattered throughout
• Please visit them and inquire about their
products & services
• To be eligible for prizes make sure to get
your bingo card stamped by ALL sponsors
• Raffle at the end of the day and you must
be present to win!

5. Beer Authority
300 W 40h St
[across the street]
Join us for a round of drinks & some
appetizers
http://www.beerauthoritynyc.com

6. OneDrive for Business Intro
When to use it
Administration
All about sync
Awareness & Insights
Security
Managing
OneDrive for Business
SharePoint Saturday NYC 2017
Survey

7. Reinventing productivity
for the digital transformation

8. File share versus collaboration

10. OD4B Admin Basics
Each user gets it’s own site collection under /personal path
Site collection created first time users accesses it
1 TB of storage per user -> qualifying plans can have more
Comes with O365 SKU’s or purchased separately
Administration closely connected with SharePoint Online settings

11. Administration

12. Administration
OneDrive Admin Center
SharePoint Admin Center
PowerShell

13. OneDrive Admin Center
Manage
• Sharing
• Sync
• Storage
• Device Access
• Compliance
• Notifications
Important
• You must allow access to onedrive.com
https://admin.onedrive.com

14. SharePoint Admin Center
• Show or Hide OD4B app launcher tile
• Set default OD4B experience to new or classic
• Show or Hide OD4B sync button
• Allow or Disable OD4B mobile push notifications
• Set secondary administrator for new sites
• Set secondary owner when a user’s manager cannot be
determined
https://domain-admin.sharepoint.com

15. External Sharing
 Sharing for OD4B can be MORE restrictive but not LESS restrictive than SPO
 If sharing turned off globally in SPO any shared links will stop working
Sharing Options
 Only existing external users (sign-in required)
 New and existing external users (sign-in required)
 Anyone, including anonymous users (on by default)
Your SharePoint Online sharing
settings determine which OneDrive
sharing settings are available
Setting Sharing in OD4B Admin Center
affects SPO

16. Set External Sharing Limitations
Default link type
 Direct links
 Only users who have specific permission
 Internal Links
 Only users within your organization
 Anonymous access links
 Anyone with a link
Anonymous access link expiration
 Up to 2 years / 730 days
The following settings apply to both SPO and OD4B
Anonymous access link permission
 View & Edit or View Only for files
 View, Edit & Upload or View Only for folders
Limit by domain
 Allow or block on selected domains
Other
 Must accept using same account
 Let external users share items they don’t own

17. Demo!

18. Sync

19. Sync Client
OneDrive sync client (NGSC)
vs
Groove sync client
 NGSC can sync OD4B and SPO libraries
 NGSC does not work for on-premises
 Can run both clients simultaneously
 NGSC support for Mac

20. Sync Client Restrictions (NGSC)
Invalid characters
 <, >, :, ", |, ?, *, /,
Strings in filenames
 Icon, .lock, CON, PRN, AUX, NUL
 COM1-9, LPT1-9
Folder names
 _t, _w
 “forms” at the root level
Number of items
 Performance declines after 100,000 files
Size limit
 15 GB
Other
 Can’t add network/mapped drive as sync location
 Can’t sync Shared with Me view
 Can’t sync as an external user
 IRM synced as read-only
 No differential sync
 Checkout & required columns synced as read-only
https://support.microsoft.com/en-us/help/3125202/restrictions-and-limitations-when-you-sync-files-and-folders

21. Sync Administration
Hide the sync button
 Helps users install & set up
Allow sync to specific domains
 Add GUID of each domain
Block sync of file types
 Example: mp3
 Do not include periods or punctuation
OneDrive Admin Center

22. Sync Administration
Coauthoring & in-app sharing
 Office 2016/2013
Delay updates until 2nd wave
 Add GUID of each domain
Prevent changing location of sync folder
 Occurs during welcome wizard
Group Policy Set default location of sync folder
 Default, the path is under %userprofile%
Prevent sync of personal OneDrive
 Microsoft OD account
Handle Office files in conflict
 Merge or keep both / always keep both
Set maximum % of upload bandwidth
Prevent remote file fetch feature
 Using Microsoft OD account

23. Demo!

24. Deployment

25. Deployment
Software requirements
 Windows 7, 8, 8.1, 10
 Sync client included in Windows 10
Plan
 Phased is ok
 Provide communication
Use enterprise deployment tool
 MS System Center Configuration Manager
 OneDrive NGSC deployment guide
 How to deploy NGSC with SCCM
Deploy admin settings
 Use OneDrive.admx and OneDrive.adml
 Download with OneDrive Deployment Package
Assisting sign in
 odopen://launch
 odopen://sync?useremail=email@domain.com
 %localappdata%MicrosoftOneDriveOneDrive.exe

26. Deployment - Transitioning
If using Groove.exe (old)
 OneDrive sync automatically takes over sync if possible
 During a “takeover”
 Groove.exe stops sync
 OneDrive starts sync without re-downloading
 Groove.exe stops running and removes from auto
start
Deploying a takeover
 Automatically transition without user interaction
 User must be signed in to OneDrive sync
OneDrive.exe /takeover

27. Deployment – Pre-provisioning sites
Build a users OneDrive for Business site before they try to access it
User PowerShell info listed on TechNet

28. Other Admin Goodness

29. Admin Goodness – OD4B Admin Center
Storage
 Set default storage for all new and existing users
 Set retention of files after user marked for deletion up to 10 years
Notifications
 Display device notifications when files shared with them
 Email owners when
 Other users invite additional external users to shared files
 External users accept invitations to access files
 An anonymous link is created or changed

30. O365 Admin Center by User
Grant Yourself Access
View Quota
Set Sharing
Initiate Sign-out

31. What if someone leaves?
Access
 Default sets ownership to manager declared in user profile
 Follows access delegation set in SP Admin Center
Cleanup
 If user profile manually deleted the site won’t be deleted
 Email sent on initial assignment and 7 days prior to retention
 If site is on eDiscovery hold the site won’t be deleted
 Deletion of user account in Azure AD is only thing to trigger

32. Security & Compliance

33. Device Access – OD4B Admin Center
Control access based on network location
 Allow access only from specific IP addresses
 One IP address per line
 No overlapping IP addresses
Control access from apps that don’t use modern auth
 Without modern auth, can’t enforce device-based restrictions
 Some 3rd party apps
 Office versions prior to 2013

34. Device Access – OD4B Admin Center
Mobile apps
 Requires Intune or EMS
 Admin account requires Intune
license

35. Data Loss Prevention (DLP)
Managed in O365 Security &
Compliance Center
 Helps identify and protect content from
inadvertent disclosure
Runs on search
 After you create a DLP policy in the Security &
Compliance Center, it’s stored in a central policy
store, and then synced to the various content
sources

36. Data Loss Prevention (DLP)
Pick info to protect
 Build in policy templates
 Custom policy

37. Data Loss Prevention (DLP)
Pick location

38. Data Loss Prevention (DLP)
Adjust the policy

39. Data Loss Prevention (DLP)
Adjust the policy

40. Labels (retention)
Managed in O365 Security & Compliance Center
 Classify data and enforce retention rules
 Apply manually or automatically based on sensitive information or keyword queries
 Auto apply requires E5
 Content can only have 1 label
 Auto apply can take 7 days
 Can apply to:
 Outlook
 OneDrive for Business
 SharePoint
 O365 Groups

41. Labels (retention)
Setting a label

42. Demo!

43. Awareness & Insights

44. Usage Reports
Requires permission
View by
 Account
 Total/active
 Files
 Total/active
 Storage
 Amount

45. Activity Reports
View by
 Number of files by
 Viewed/edited
 Synced
 Shared internally
 Shared externally
 Number of users by
 Viewed/edited
 Synced
 Shared internally
 Shared externally

46. Audit Log Search
Unified audit log across SharePoint, OneDrive, Azure AD,
Exchange, Sway, Teams, Yammer
Must turn on audit logging (soon set to default)
Data exists for 90 days
Can take up to 30 minutes
to 24 hours to show up

47. Audit Log Search
Handy things that are audited
 Deletes file/folder from second stage
recycle bin
 Created an anonymous access link
 User initiates sync or is blocked from a
sync

49. • xxxx
Help Contribute &
Stay Informed!
OD4B UserVoice
https://onedrive.uservoice.com/forums/262982-onedrive/category/86090-onedrive-for-
business
Microsoft Tech Community
https://techcommunity.microsoft.com
Office 365 Roadmap
https://fasttrack.microsoft.com/roadmap
Office Blogs
https://blogs.office.com/
Office 365 Admin Center – Message Center
https://portal.office.com/AdminPortal
Office 365 for IT Pros
http://exchangeserverpro.com/ebooks/office-365-for-it-pros

50. Questions?
Email: dmadelung@concurrency.com
Twitter: @dmadelung
Website: drewmadelung.com
Slides: http://bit.ly/DrewSlides

51. Managing
OneDrive for
Business
SharePoint Saturday NYC 2017
#SPSNYC