Presentation is loading. Please wait.

Presentation is loading. Please wait.

OneDrive for Business: Administration, Security and Compliance

Published byJeffery Mills Modified over 6 years ago

Similar presentations

Presentation on theme: "OneDrive for Business: Administration, Security and Compliance"— Presentation transcript:

1 OneDrive for Business: Administration, Security and Compliance
Boston Office 365 User Group – December 2016 OneDrive for Business: Administration, Security and Compliance

2 Oliver Bartholdson Senior SharePoint Consultant Microsoft PTSP LinkedIn: linkedin.com/in/obartholdson

3 How many using OneDrive today?
How many have moved customers to OneDrive? How certain are you that the data is secure and not being shared with the wrong people? 80, 90, 100 Do you know how to access employee data when they quit? How long will you retain it? If you are hit with a lawsuit, do you know how to review employees personal documents? Are people logging from home and downloading everything in bulk? These are all questions my customers have asked me and that I’m planning to share with you today!

4 What you will get out of this session
Prepare for launch Protect after launch Secondary Administrator Storage Quota Pre-Provision OneDrive OneDrive Retention DLP Policies Sync Client Modern Experience External Sharing End User Activity Reports Content Search eDiscovery Governance Plan Data Migration

5 What you will NOT get out of this session
Prepare for launch Protect after launch Secondary Administrator Storage Quota Pre-Provision OneDrive OneDrive Retention DLP Policies Sync Client Modern Experience External Sharing End User Activity Reports Content Search eDiscovery Governance Plan Data Migration

6 OneDrive for Business Overview
All my files in one place Unlimited Storage Anywhere Access Sync client Get work done. Together. Office client integration Co-authoring Easy sharing Search & Discovery A trusted enterprise- grade service Security Management Admin Control Also explain the provisioning process – predecessor etc.

7 Add a Secondary Administrator
Global Admin view End user view Secondary Administrator Storage Quota Pre-Provision OneDrive OneDrive Retention DLP Policies Sync Client Modern Experience External Sharing End User Activity Reports Content Search eDiscovery

8 Add a Secondary Administrator
Automatically add a secondary administrator during the creation process of the OneDrive site (MySite) SharePoint Admin Center > User Profiles > Setup MySites Demo where to find this Secondary Administrator Storage Quota Pre-Provision OneDrive OneDrive Retention DLP Policies Sync Client Modern Experience External Sharing End User Activity Reports Content Search eDiscovery

9 Add a Secondary Administrator
For existing OneDrive sites, you must: Sign in to Office 365 as a Global Administrator Connect to the tenant using Connect-SPOService Create a list of all OneDrive for Business sites using GetOD4BSites.ps1 Assign a user as a site collection administrator across all OneDrive sites using OD4BAssignSCA.ps1 Secondary Administrator Storage Quota Pre-Provision OneDrive OneDrive Retention DLP Policies Sync Client Modern Experience External Sharing End User Activity Reports Content Search eDiscovery

10 Add a Secondary Administrator
Tips Assign permissions to no more than 2,500 OneDrive for Business sites per day Keep a record of the OneDrive sites and administrators Communicate to users that an administrative account has been assigned as a site collection administrator to OneDrive for Business sites in your organization Secondary Administrator Storage Quota Pre-Provision OneDrive OneDrive Retention DLP Policies Sync Client Modern Experience External Sharing End User Activity Reports Content Search eDiscovery

11 OneDrive for Business Storage
0TB TB TB TB TB TB TB TB Unlimited storage included in all Enterprise plans 1TB limit by default, can be increased to 5TB Ask Microsoft for more than 5TB Secondary Administrator Storage Quota Pre-Provision OneDrive OneDrive Retention DLP Policies Sync Client Modern Experience External Sharing End User Activity Reports Content Search eDiscovery

12 Set Storage Quota Sign in to Office 365 as a Global Administrator
Connect to the tenant using Connect-SPOService To set a global quota for new OneDrive sites Set-SPOTenant -OneDriveStorageQuota <quota> To reset an existing OneDrive site to new quota Set-SPOSite -Identity <siteURL> -StorageQuotaReset To set the storage quota for a specific OneDrive site Set-SPOSite -Identity <siteURL> -StorageQuota <quota> Secondary Administrator Storage Quota Pre-Provision OneDrive OneDrive Retention DLP Policies Sync Client Modern Experience External Sharing End User Activity Reports Content Search eDiscovery

13 Pre-Provision OneDrive
Why pre-provision? Migrate data from file server or other repository Migrate data from OnPrem MySite to OneDrive for Business Part of your on-boarding process Explain provisioning process Explain why you might want to pre-provision Secondary Administrator Storage Quota Pre-Provision OneDrive OneDrive Retention DLP Policies Sync Client Modern Experience External Sharing End User Activity Reports Content Search eDiscovery

14 Pre-Provision OneDrive
Configure Secondary Admin and Storage Quota Set up the SharePoint Online Management Shell Sign in to Office 365 as a Global Administrator Connect to the tenant using Connect- SPOService Run the Request-SPOPersonalSite cmdlet, or create a CSV file to provision up to 200 OneDrive libraries at once Your request will be queued through a timer job Be sure to assign a license to the Global Administrator account that will be running this PowerShell cmdlet. Secondary Administrator Storage Quota Pre-Provision OneDrive OneDrive Retention DLP Policies Sync Client Modern Experience External Sharing End User Activity Reports Content Search eDiscovery

15 OneDrive Retention 30 Days
Account gets deleted in Office 365 Admin Center or removed through Azure AD sync OneDrive site is marked for deletion through the MySite Cleanup Timer Job The Manager in AD gets notified via and obtains ownership of the OneDrive site 30 Days later the OneDrive data is deleted 30 Days Secondary Administrator Storage Quota Pre-Provision OneDrive OneDrive Retention DLP Policies Sync Client Modern Experience External Sharing End User Activity Reports Content Search eDiscovery

16 MySite Cleanup Job Add a secondary owner in case the manager field is not populated in AD Increase the retention period for the MySite Cleanup Timer Job to up to 10 years! Set-SPOTenant –OrphanedPersonalSitesRetentionPeriod <number of days> Secondary Administrator Storage Quota Pre-Provision OneDrive OneDrive Retention DLP Policies Sync Client Modern Experience External Sharing End User Activity Reports Content Search eDiscovery

17 Data Loss Prevention Policies (DLP)
Identify sensitive information across many locations, such as Exchange Online, SharePoint Online, and OneDrive for Business Prevent the accidental sharing of sensitive information Get notified or view DLP reports showing content that matches your organization’s DLP policies Secondary Administrator Storage Quota Pre-Provision OneDrive OneDrive Retention DLP Policies Sync Client Modern Experience External Sharing End User Activity Reports Content Search eDiscovery

18 Data Loss Prevention Policies
Security and Compliance > Threat Management > DLP Protect all OneDrive sites, or just a few Create your conditions Secondary Administrator Storage Quota Pre-Provision OneDrive OneDrive Retention DLP Policies Sync Client Modern Experience External Sharing End User Activity Reports Content Search eDiscovery

19 Data Loss Prevention Policies
Choose a sensitive information type, or create your own Create an action when conditions are met Secondary Administrator Storage Quota Pre-Provision OneDrive OneDrive Retention DLP Policies Sync Client Modern Experience External Sharing End User Activity Reports Content Search eDiscovery

20 Data Loss Prevention Policies
Must wait for the crawl Demo Secondary Administrator Storage Quota Pre-Provision OneDrive OneDrive Retention DLP Policies Sync Client Modern Experience External Sharing End User Activity Reports Content Search eDiscovery

21 Next Generation Sync Client
Original Sync Client (groove.exe) Windows 7, 8, 8.1, 10 OneDrive for Business, SharePoint, Groups 20,000 item limit 2GB file size limit No Selective Sync Supports co-authoring from local docs Included in Office ProPlus 2013 MFA App Passwords Next Gen Sync Client (onedrive.exe) Windows 7, 8, 8.1, 10, Mac OS X 10.9 OneDrive for Business, OneDrive Consumer, SharePoint, Groups (Preview) No item limit 10 GB file size limit Supports Selective Sync Supports real-time co-authoring in Office 2016 Included in Office ProPlus 2016 MFA with Modern Authentication Control bandwidth consumption Explain syncing Secondary Administrator Storage Quota Pre-Provision OneDrive OneDrive Retention DLP Policies Sync Client Modern Experience External Sharing End User Activity Reports Content Search eDiscovery

22 Next Generation Sync Client
Previous Sync Client New sync client If you see: A white icon with this hover text: "OneDrive - Personal" And you're using: Windows 10, 8, 7, or Vista You're using the new OneDrive sync client. A white icon with hover text like this: "Files are up to date" Windows 8.1 or RT 8.1 You're using the previous OneDrive personal sync client. A blue icon with this hover text: "OneDrive - <your company>" And you're syncing: OneDrive for Business in an Office 365 business subscription A blue icon with this hover text: "OneDrive for Business" An on-premises instance of OneDrive for Business in SharePoint Server OR SharePoint site libraries You're using the previous OneDrive for Business sync client. Secondary Administrator Storage Quota Pre-Provision OneDrive OneDrive Retention DLP Policies Sync Client Modern Experience External Sharing End User Activity Reports Content Search eDiscovery

23 Next Generation Sync Client
Already have the old groove sync client installed? The next gen sync client with automatically take over syncing Groove.exe with stop syncing OneDrive sites OneDrive.exe starts syncing the same OneDrive site without re- downloading the content Groove.exe stops running and removes itself from automatic startup, unless it’s syncing other content like SharePoint site libraries or OnPrem OneDrive for Business Secondary Administrator Storage Quota Pre-Provision OneDrive OneDrive Retention DLP Policies Sync Client Modern Experience External Sharing End User Activity Reports Content Search eDiscovery

24 Next Generation Sync Client
Download the sample SCCM package. Just update the OneDrive.exe path and the application owner. System Center Configuration Manager (SCCM) or Group Policy can be used to deploy the sync client Deploy OneDrive.exe to your users Launch OneDrive.exe to allow users to setup the sync client Set update cadence (Optional) Secondary Administrator Storage Quota Pre-Provision OneDrive OneDrive Retention DLP Policies Sync Client Modern Experience External Sharing End User Activity Reports Content Search eDiscovery

25 Next Generation Sync Client
Key Administration Settings via Group Policy Set the default location for the OneDrive folder Prevent users from changing the location of their OneDrive folder Prevent users from synchronizing their personal OneDrive accounts Set maximum upload bandwidth percentage that OneDrive.exe uses Download the OneDrive Deployment Package to get the adml and admx group policy files Secondary Administrator Storage Quota Pre-Provision OneDrive OneDrive Retention DLP Policies Sync Client Modern Experience External Sharing End User Activity Reports Content Search eDiscovery

26 Next Generation Sync Client
Set-SPOTenantSyncClientRestriction Block sync to non-domain joined machines Control the list of allowed domains Block Mac sync since they do not support domain join Block specific file extensions from synching Prevent users from synchronizing their personal OneDrive accounts Block the old sync client Secondary Administrator Storage Quota Pre-Provision OneDrive OneDrive Retention DLP Policies Sync Client Modern Experience External Sharing End User Activity Reports Content Search eDiscovery

27 Classic vs. Modern OneDrive
Secondary Administrator Storage Quota Pre-Provision OneDrive OneDrive Retention DLP Policies Sync Client Modern Experience External Sharing End User Activity Reports Content Search eDiscovery

28 External Sharing Tenant level options Site collection options
Allow sharing with people inside the directory – turns off user sharing – very restrictive MySite host will impact all OneDrives Site collection sharing cannot be less restrictive than the tenant setting Secondary Administrator Storage Quota Pre-Provision OneDrive OneDrive Retention DLP Policies Sync Client Modern Experience External Sharing End User Activity Reports Content Search eDiscovery

29 External Sharing All or nothing OneDrive sharing
Enable for all, block for some Set-SPOSite –Identity my.sharepoint.com – SharingCapability Disabled Secondary Administrator Storage Quota Pre-Provision OneDrive OneDrive Retention DLP Policies Sync Client Modern Experience External Sharing End User Activity Reports Content Search eDiscovery

30 External Sharing You can setup a list of approved domains or blocked domains but not both These settings apply to both SharePoint Online and OneDrive for Business! Secondary Administrator Storage Quota Pre-Provision OneDrive OneDrive Retention DLP Policies Sync Client Modern Experience External Sharing End User Activity Reports Content Search eDiscovery

31 Protect after launch

32 End User Activity Reports
Who has viewed that document? Who is sharing files with external parties? Who deleted those files? Who created an anonymous link to this file? Who is using the sync client to download files? Who deleted the compliance administrator from their OneDrive? Secondary Administrator Storage Quota Pre-Provision OneDrive OneDrive Retention DLP Policies Sync Client Modern Experience External Sharing End User Activity Reports Content Search eDiscovery

33 End User Activity Reports
Have to be enabled first.. Talk about alerts - demo Demo Alert Secondary Administrator Storage Quota Pre-Provision OneDrive OneDrive Retention DLP Policies Sync Client Modern Experience External Sharing End User Activity Reports Content Search eDiscovery

34 Advanced Alerts Secondary Administrator Storage Quota
Pre-Provision OneDrive OneDrive Retention DLP Policies Sync Client Modern Experience External Sharing End User Activity Reports Content Search eDiscovery

35 Content Search Unified, compliance permissions Secondary Administrator
Storage Quota Pre-Provision OneDrive OneDrive Retention DLP Policies Sync Client Modern Experience External Sharing End User Activity Reports Content Search eDiscovery

36 Content Search Secondary Administrator Storage Quota
Pre-Provision OneDrive OneDrive Retention DLP Policies Sync Client Modern Experience External Sharing End User Activity Reports Content Search eDiscovery

37 Content Search Demo Secondary Administrator Storage Quota
Pre-Provision OneDrive OneDrive Retention DLP Policies Sync Client Modern Experience External Sharing End User Activity Reports Content Search eDiscovery

38 eDiscovery Case Management
Permissions managed in the Compliance Center Secondary Administrator Storage Quota Pre-Provision OneDrive OneDrive Retention DLP Policies Sync Client Modern Experience External Sharing End User Activity Reports Content Search eDiscovery

39 Preservation Hold Library
Document Library Preservation Hold Library Secondary Administrator Storage Quota Pre-Provision OneDrive OneDrive Retention DLP Policies Sync Client Modern Experience External Sharing End User Activity Reports Content Search eDiscovery

40 eDiscovery Case Management
Preserve Identify Search Analyze Review Permissions managed in the Compliance Center Identifying Relevant Data Secondary Administrator Storage Quota Pre-Provision OneDrive OneDrive Retention DLP Policies Sync Client Modern Experience External Sharing End User Activity Reports Content Search eDiscovery

41 Advanced eDiscovery Secondary Administrator Storage Quota
Pre-Provision OneDrive OneDrive Retention DLP Policies Sync Client Modern Experience External Sharing End User Activity Reports Content Search eDiscovery

42 Questions

43 Resources Data Loss Prevention Policies
Downloads OneDrive Deployment Package sample SCCM package GetOD4BSites.ps1 OD4BAssignSCA.ps1 References Add a Secondary Administrator Assign eDiscovery Permissions to OneDrive OneDrive for Business Storage Set OneDrive Storage Quota Pre-Provision OneDrive Sites Overview of OneDrive Retention and Deletion OneDrive Retention PowerShell cmdlet Data Loss Prevention Policies Next Generation Sync Client Overview Determine Version of Sync Client Transition to the Next Gen Sync Client Deploying the Next Gen Sync Client Administrative Settings for the Next Gen Sync Client Block Sync From Non-Domain Joined Machines Overview of External Sharing End User Activity Reports Advanced Alerts in Office 365 Run a Compliance Search eDiscovery Case Management Advanced eDiscovery Stay Up to Date with the Sync Client Release Notes

44 Thank you! Don’t forget to follow me: LinkedIn: linkedin.com/in/obartholdson

45 Next Generation Sync Client https://support. microsoft
Cannot sync a library that requires check-out or IRM Cannot used a mapped drive as your sync location “Forms” cannot be a root folder No blocked file types in OD4B, but certain strings in filenames are not supported (example: Icon, Desktop.ini, ._, .DS_Store) Co-authoring only supported with Office 2016 Click 2 Run (version or higher) and OneDrive version or higher Secondary Administrator Storage Quota Pre-Provision OneDrive OneDrive Retention DLP Policies Sync Client Modern Experience External Sharing End User Activity Reports Content Search eDiscovery

46 End User Activity Reports https://support. office
Single audit tool for all Office 365 applications User activity in SharePoint Online and OneDrive for Business User activity in Exchange Online (Exchange mailbox audit logging) Admin activity in SharePoint Online Admin activity in Azure Active Directory (the directory service for Office 365) Admin activity in Exchange Online User and admin activity in Sway User and admin activity in Power BI for Office 365 User and admin activity in Yammer Secondary Administrator Storage Quota Pre-Provision OneDrive OneDrive Retention DLP Policies Sync Client Modern Experience External Sharing End User Activity Reports Content Search eDiscovery

47 Next Generation Sync Client
What deployment method is right for my organization? I just want to install the OneDrive.exe client on users’ machines Execute <pathToSomeAccessibleNetworkShare>\OneDriveSetup.exe /silent I want to install the OneDrive.exe client on users’ machines, and have them configure their business accounts Execute <pathToSomeAccessibleNetworkShare>\OneDriveSetup.exe /silent Execute %localappdata%\Microsoft\OneDrive\OneDrive.exe /configure_business:<tenantId> I want to display OneDrive Setup only to users who still need to set up their business accounts Execute %localappdata %\Microsoft\OneDrive\OneDrive.exe /configure_business:<tenantId> Secondary Administrator Storage Quota Pre-Provision OneDrive OneDrive Retention DLP Policies Sync Client Modern Experience External Sharing End User Activity Reports Content Search eDiscovery

48 End User Activity Reports
Secondary Administrator Storage Quota Pre-Provision OneDrive OneDrive Retention DLP Policies Sync Client Modern Experience External Sharing End User Activity Reports Content Search eDiscovery

Download ppt "OneDrive for Business: Administration, Security and Compliance"

Similar presentations

Configuring SharePoint 2013 and Office 365 Hybrid – Part 1

Configuring SharePoint 2013 and Office 365 Hybrid – Part 1
Microsoft Ignite /17/2017 2:11 PM

Microsoft Ignite /17/2017 2:11 PM
Agenda # Topic Time 1 What is OneDrive for Business? 30 min 2

Agenda # Topic Time 1 What is OneDrive for Business? 30 min 2
OFFICE 365 GROUPS Administrative look into Groups July 9, 2015.

OFFICE 365 GROUPS Administrative look into Groups July 9, 2015.
Why Compliance Legal and Regulatory requirements Organizational governance requests Internal and external threats Today’s Challenges Duplicate solutions.

Why Compliance Legal and Regulatory requirements Organizational governance requests Internal and external threats Today’s Challenges Duplicate solutions.
BusinessEnterprise Business Business Essentials Business Premium ProPlusE1E3 Target Customer Price per user per year $USD $99$60$150$144$96$240 Seat Cap.

BusinessEnterprise Business Business Essentials Business Premium ProPlusE1E3 Target Customer Price per user per year $USD $99$60$150$144$96$240 Seat Cap.
Welcome to the Exchange 2013 Webcast Archiving, eDiscovery, & Data Loss Prevention.

Welcome to the Exchange 2013 Webcast Archiving, eDiscovery, & Data Loss Prevention.
Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.

Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.
Office 365 Administration Ron Schindler See full Office 365 Admin course on Ron Schindler See.

Office 365 Administration Ron Schindler See full Office 365 Admin course on Ron Schindler See.
SharePoint and SharePoint Online: Today and what's next? Presented by Luke Abeling – IT Platforms.

SharePoint and SharePoint Online: Today and what's next? Presented by Luke Abeling – IT Platforms.
Module 9 Configuring Messaging Policy and Compliance.

Module 9 Configuring Messaging Policy and Compliance.
New SharePoint 2016 Features

New SharePoint 2016 Features
Microsoft SharePoint Server 2010 for the Microsoft ASP.NET Developer Yaroslav Pentsarskyy

Microsoft SharePoint Server 2010 for the Microsoft ASP.NET Developer Yaroslav Pentsarskyy
123456789101112…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.

…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.
Information explosion 1.4X 44X Empower the UserEnable the Compliance Officer In Place and Extensible Easy for IT Exchange, SharePoint, Windows Outlook,

Information explosion 1.4X 44X Empower the UserEnable the Compliance Officer In Place and Extensible Easy for IT Exchange, SharePoint, Windows Outlook,
Local Touch—Global Reach Microsoft SharePoint 2013 Overview Stacy Simpkins, Sr. Consultant, Sogeti Florida.

Local Touch—Global Reach Microsoft SharePoint 2013 Overview Stacy Simpkins, Sr. Consultant, Sogeti Florida.
One Drive for Business: More Than a File Share Erica Toelle

One Drive for Business: More Than a File Share Erica Toelle
Microsoft Virtual Academy Chris Oakman | Managing Partner Infrastructure Team | Eastridge Technology Curtis Sawin | Technical Solutions Professional |

Microsoft Virtual Academy Chris Oakman | Managing Partner Infrastructure Team | Eastridge Technology Curtis Sawin | Technical Solutions Professional |
SaaS apps.

SaaS apps.
Office 365 What Is The Right Fit For You? Andrew Riley, MCTS, MCTIP, ITIL v3.

Office 365 What Is The Right Fit For You? Andrew Riley, MCTS, MCTIP, ITIL v3.

Similar presentations

Ads by Google