One Drive

Contents
OneDrive
Get started
OneDrive guide for enterprises
OneDrive guide for small businesses
Sync
Sync client overview
Deploy using SCCM
Per-machine installation
Set Files On-Demand states
Use silent account configuration
Transition from previous sync client
Redirect known folders
B2B Sync
How sync works
Use Group Policy
Find your tenant ID
Sync on virtual desktops
Deploy and configure on macOS
Deploy using Intune
Network utilization planning
Sync client update process
Block file types
Let users sync IRM-protected files
Let users sync SharePoint files
Exclude or uninstall previous sync client
Prevent installation
Sharing and security
Manage sharing
Set external sharing individually
Turn on external sharing notifications
Allow syncing only on specific domains
Control access based on network location or app
Control access to mobile app features
Enable conditional access
Required URLs and ports
Users and storage
Pre-provision accounts
Set default storage space
Change user storage
Set retention
Restore deleted OneDrive
Retention and deletion
List OneDrive URLs
Help users use Discover view
Help your users store, sync, and share work files in the cloud with OneDrive.
Download the latest sync client or mobile apps
Use FastTrack onboarding and adoption services
Migrate to OneDrive
Suggest a feature
Read the OneDrive blog
See the OneDrive roadmap
Find apps that work with OneDrive
Troubleshoot issues
Adoption resources
The OneDrive admin center helps you quickly and easily manage your organization's OneDrive for Business settings in one place.
To access the OneDrive admin center:
From your own OneDrive, click OneDrive Admin in the lower-left corner.
Or
Go to https://admin.onedrive.com.
IM P O R T A N T
To use the OneDrive admin center, you must allow access to onedrive.com. You must also be a global admin for your organization,
or a custom admin with the SharePoint administrator role.
 T IP
To access a user's OneDrive, open the Microsoft 365 admin center, go to Active users, select the user, expand OneDrive Settings
in the user details pane, and then click Access files.
OneDrive guide for enterprises
7/15/2019 • 40 minutes to read • Edit Online
With OneDrive for Business, you can easily and securely store and access your files from all your devices. You can
work with others regardless of whether they’re inside or outside your organization and terminate that sharing
whenever you want. OneDrive helps protect your work through advanced encryption while the data is in transit
and at rest in data centers. OneDrive also helps ensure that users adhere to your most rigorous compliance
standards by enabling them to choose where their data lives and providing detailed reporting of how that data has
changed and been accessed. OneDrive connects you to your personal and shared files in Microsoft Office 365,
enhancing collaboration capabilities within Office 365 applications. With OneDrive on the web, desktop, or mobile,
you can access all your personal files plus the files shared with you from other people or teams, including files
from Microsoft Teams and SharePoint.
Why deploy OneDrive?

OneDrive provides a robust but simple-to-use cloud storage platform for small businesses, enterprises, and
everything in between. Unlike other cloud storage providers, most of the advanced enterprise-focused features in
OneDrive are available for every subscription type, enabling companies to use OneDrive in whatever way benefits
their business the most – whether that’s simply a cloud-based file share for a small business or a highly utilized
storage system that provides the basis for all collaboration within an enterprise. At its core, however, OneDrive
enables you to securely share and work together on all your files. With OneDrive, you can:
Access files from all your devices. Access all your personal files and those files others share with you on
all your devices, including mobile, Mac, and PC as well as in a web browser.
Share inside or outside your organization. Securely share files with people inside or outside your
organization by using their email address, even if they don’t have a Microsoft Services Account. This
common sharing experience is available in the web, mobile, and desktop versions of OneDrive.
Collaborate with deep Microsoft Office integration. Document coauthoring is available in the Office
web apps, Office mobile apps, and Office desktop apps, helping you maintain a single working version of
any file. Only OneDrive provides coauthoring capabilities in Office apps across all your devices.
Quickly find files that matter most. Finding content in your OneDrive is simplified through the
intelligence of the Microsoft Graph application programming interface. This technology simplifies finding
what’s important by providing file recommendations based on your relationship to other people, how you
received various files, and when you last accessed them.
Protect your files with enterprise-grade security. OneDrive has many security and compliance features,
enabling you to meet some of the strictest compliance requirements out there.
The Microsoft 365 family of products, which includes Office, Microsoft Outlook, SharePoint, Teams, OneDrive, and
Yammer, provides a complete, intelligent, and secure solution to empower employees. Together, the Microsoft 365
applications unlock creativity and encourage teamwork through product integration and a simple user experience,
all while providing intelligent security to help keep your data safe. In addition, Microsoft Graph enables you to
interact with and report on the data within many of the Microsoft 365 applications.
Key OneDrive features

Unlike most other cloud storage providers, OneDrive makes most of its advanced features available to all
subscription types. This gives smaller organizations the flexibility to use standard features out of the box, and
configure advanced features based on the needs of their organization.
The features listed in this section address common customer concerns or specific compliance requirements, or
provide unique functionality available only in OneDrive:
Known Folder Move
OneDrive Files On-Demand
Modern attachments
Real-time team collaboration: Coauthoring in full versions of Microsoft Word, Excel, and PowerPoint
Seamlessly connecting files to conversations
Intelligent discover with OneDrive Discover view
OneDrive Files Restore
Recycle bin
Data loss prevention (DLP )
eDiscovery
Auditing and reporting
Encryption of data in transit and at rest
Customer-controlled encryption keys
Office 365 Customer Lockbox
Hybrid integration with SharePoint Server
OneDrive Multi-Geo storage locations
Government cloud
For a full list of feature availability across OneDrive plans, see Microsoft OneDrive. More in-depth descriptions for
some of these features can be found below.
Known Folder Move
Known Folder Move makes it easier to move files in your users' Desktop, Documents, and Pictures folders to
OneDrive. This lets users continue working in the folders they're familiar with and access their files from any
device. It also helps you make sure your users' files are backed up in the cloud if anything happens to their device.
For more info, see Redirect and move Windows known folders to OneDrive.
OneDrive Files On-Demand enables users to view, search for, and interact with files stored in OneDrive from
within File Explorer without downloading them all to their device. The feature provides a seamless look and feel
for both OneDrive and local files without taking up space on the local hard drive. Files that have not been
downloaded have a cloud icon for their status, as shown below. For those files that have been downloaded, the
status shows a green checkmark.
Natively, files will be downloaded only when you need to access them. However, if you plan to access a file while
disconnected from the internet, you can simply make the file available offline by right-clicking it, and then selecting
Always keep on this device. Alternatively, if you want to free space on your device and remove the downloaded
copy of a file, right-click the file, and then select Free up space. The following image shows the right-click menu
for OneDrive files on a computer running the Windows operating system.
For more information about OneDrive Files On-Demand, see Learn about OneDrive Files On-Demand.
Modern attachments
OneDrive integrates with Outlook to allow seamless sharing of OneDrive files that appear just like email
attachments. This feature provides a familiar sharing experience but centralizes storage of attachments in
OneDrive, providing collaborative benefits such as version control typically lost when users email documents back
and forth. In addition, you can configure sharing permissions on the files directly from within the Outlook client.
See the following image for an example of a document in OneDrive being attached as a link to an email as well as
the experience of changing the sharing permissions on the link.
To reduce the potential for confusion when users choose to add a copy versus a link to attached OneDrive files,
you can set the default behavior of the Outlook client, as demonstrated in How to control default attachment state
when you attach a cloud file in Outlook.
Files Restore
The OneDrive Files Restore feature enables users to restore files to any point over the past 30 days. To select the
desired recovery time, OneDrive presents users with a histogram that shows file activity so that they can
determine which recovered time meets their needs. From there, users can simply select the file history entry to
which they want to restore, and all changes after that point will be rolled back. The following image shows the
Files Restore experience for a user.
In addition, because the histogram shows individual activity on a file, users can employ this feature to quickly view
their files’ modification history. For more information about this feature, see Restore your OneDrive.
Recycle bin
OneDrive has a recycle bin similar to the one available on the Windows desktop. Deleted files are moved to the
recycle bin and kept for a designated time before being permanently deleted. For work or school accounts, deleted
files are purged after 93 days unless configured otherwise. For a demonstration of how the recycle bin works, see
Restore deleted files or folders in OneDrive.
Auditing and reporting
OneDrive has detailed reporting and auditing capabilities for files it stores as well as for those files stored through
other services that use OneDrive for storage, such as Microsoft SharePoint Online. In addition, you can audit
individual file actions, including downloads, renames, and views.
The Office 365 admin center handles reporting for cloud services, including OneDrive. You can view historical
information like storage usage by user and for the organization, total file and active file counts, and account
activity. The following image shows an example of a OneDrive report in the Office 365 admin center: file usage
over the past 30 days.
NOTE
You can also export this information to a .csv file by selecting Export.
You can also consume this information in Power BI by using the Microsoft 365 usage analytics content pack.
Using this content pack, you can visualize and analyze Office 365 usage data by using prebuilt graphs and charts
or by creating custom reports to gain insights into how specific regions or departments within your organization
are using Office 365. For more information this content pack, see Microsoft 365 usage analytics.
Encryption of data in transit and at rest
OneDrive uses advanced data-encryption methods between your client and the data center, between servers in the
data center, and at rest. At rest, OneDrive uses disk encryption through BitLocker Drive Encryption and file
encryption to secure your data. Each file is encrypted with its own encryption key; anything larger than 64 KB is
split into individual chunks, each of which has its own encryption key locked in a key store.
Each file chunk is then randomly distributed among Microsoft Azure storage containers, and a construction map
for the complete file is stored in a separate secure content database. For attackers to access the file, they would
need all the file chunks, the keys, and the map—a highly improbable task. For more information about this
process, see Data Encryption in OneDrive for Business and SharePoint Online.
Customer-controlled encryption keys
By using an Office 365 feature called service encryption with Customer Key, you can upload your own encryption
keys to Azure Key Vault for use encrypting your data at rest in Azure data centers. Even though this encryption is
done natively through BitLocker, customers can require the use of their own key to meet their security compliance
requirements. Should users lose their key, they can retrieve a deleted key from the Recycle Bin for up to 90 days
(based on your configuration). Before you can use this feature, however, you must create an Azure subscription
and complete a few prerequisite steps. For detailed information about service encryption with Customer Key and
how to configure it in your environment, see Controlling your data in Office 365 using Customer Key.
Office 365 Customer Lockbox
If a Microsoft support engineer needs to access your data to resolve an issue, that engineer is required to obtain
approval from a Microsoft manager first. The Office 365 Customer Lockbox feature adds a requirement to that
process: you must approve or reject that access before the support engineer can access your data. With Customer
Lockbox, you can also set boundaries on how long the engineer can access your data, and all activity during that
time is logged for auditing purposes. For more information about how to configure and use the Customer
Lockbox feature, see Office 365 Customer Lockbox Requests.
Microsoft Trust Center
Microsoft Trust Center provides information about Microsoft’s trust policy, how Microsoft products help you
protect your data and maintain your customers’ and users’ trust, and why you should trust Microsoft products
with your data. The following two categories provide details about Office 365 and OneDrive data privacy,
compliance, and security:
Office 365 Trust Center. Privacy, compliance, and cybersecurity are as important to Microsoft as they are
to you. For information about how Office 365 can help you increase employee productivity while helping
you safeguard your data, see Microsoft Office 365 in the Microsoft Trust Center. For information about why
you should trust Microsoft, Office 365, and OneDrive with your data, see Office 365 Trust Center.
General Data Protection Regulation (GDPR). This new European Union regulation changes how
companies are required to handle data and the transparency with which they collect it. Windows 10 and
Office 365 with OneDrive give you GDPR -compliant tools; you simply need to incorporate those tools into
your overall data integrity story. For answers to some common questions about GDPR compliance with
OneDrive and SharePoint, see GDPR Compliancy with OneDrive and SharePoint. For a complete list of
helpful resources about GDPR, see Resources for GDPR compliance. For additional helpful information
about OneDrive, see the Microsoft OneDrive Blog.
OneDrive Multi-Geo storage locations
Multi-Geo is an Office 365 feature that allows organizations so span their storage over multiple Office 365 geo
locations and specify in which of those to store users’ data. You can designate storage geographies on a per-user
basis.
For multinational customers with data residency requirements, you can use this feature to ensure that each user’s
data is stored in the geo location necessary for compliance. For more information about this feature, see Multi-
Geo Capabilities in OneDrive and SharePoint Online in Office 365.
Government cloud
OneDrive is available in Office 365 U.S. Government plans. For information about these plans, see Office 365 U.S.
Government.
Deployment and management options

You can deploy and manage OneDrive in many ways, but certain options make more sense in larger organizations
than in smaller businesses and vice versa. For example, it likely wouldn’t make sense to have an enterprise
management solution like Microsoft System Center Configuration Manager for a business that has just 10
employees. Table1 outlines the deployment and management tools typically used for small businesses, medium-
sized businesses, and enterprises.
NOTE
Keep in mind that an organization in one size category would probably incorporate additional options from other size
categories. This table is not intended to exclusively identify a technology with a specific business size.
SIZE OF ORGANIZATION DEPLOYMENT TOOLS USED MANAGEMENT
Small business Local installation OneDrive admin center
Medium-sized business Scripted installation or Microsoft Intune Office365 with MDM, OneDrive admin
mobile device management (MDM) center, Intune mobile application
management (MAM) or MDM
Enterprise System Center Configuration Manager System Center Configuration Manger,

with Intune or Windows Autopilot Group Policy objects (GPOs), etc.
Depending on where your organization fits in this table and the technologies available to you, you can choose
which portion of this guide to use. For example, if you run a small business, you may want to keep your OneDrive
deployment simple by installing the sync client manually on your employees’ computers and using the OneDrive
admin center to manage a few settings for your users. Alternatively, if you’re running an enterprise, you may
choose to deploy and manage OneDrive by using advanced tools like System Center Configuration Manager and
Group Policy, and you could use the sections that correspond to those tools, instead. To accommodate various
situations, the deployment and management portions of this guide are in a modular format so that you can
consume the document in the way that best aligns with your deployment needs and capabilities. This format also
provides visibility into alternate technologies to improve your current processes.
Prerequisites
Client and app requirements. Even though you can upload, download, and interact with your OneDrive
files from a web browser, the ideal OneDrive experience comes from the Windows and Mac sync clients
and the iOS and Android mobile apps. With that in mind, OneDrive is available for most operating systems
and browsers and requires minimal hardware. For a full list of client and app requirements for using
OneDrive, see OneDrive system requirements.
License requirements. There are multiple methods by which you can acquire a license for OneDrive.
However, a few OneDrive features are available only within certain licensing models. For information about
the licensing requirements for OneDrive, its advanced features, and any special licensing required for them,
see Office 365 plans.
Deployment process
When deploying any new technology, there’s always an ideal process to follow to ensure that you deploy it
correctly. This section covers the high-level planning and deployment steps to help ensure that your OneDrive
deployment is successful.
NOTE
OneDrive deployment can be as simple as a local installation and may not require all the steps in this section. For example,
the “Determine devices” and “Align technologies” sections may not be applicable to small business interested in performing a
simple installation of OneDrive.
Determine devices
Your organization doesn’t have to manage all connected devices for them to use OneDrive, but securing and
managing the interaction with the data do require a layer of management capabilities. Start by determining which
types of devices—iOS, Android, Windows 10—require access to OneDrive and who owns them (the business or
the employee). Put this information in a spreadsheet to help you determine which capabilities you need from your
technology solutions. Some management options are more suitable for devices that the company owns and
manages. Regardless of the platform running OneDrive and who owns it, the following management options are
available to you:
OneDrive admin center
Office 365 MDM
Intune MDM or MAM
For Windows 10 client devices that are joined to a domain, you have the additional option of using GPOs for
management. Also, for those devices that are company owned and managed, you can use System Center
Configuration Manager to deploy OneDrive.
Align technologies
When you've identified the devices that require access to OneDrive, you then identify the technology options
available to you or that align with your organization’s size. If you’re considering implementing a new deployment
and management solution, the table in How organizations deploy and manage OneDrive lists the technologies
that make the most sense based on organization size. Using this information, you can align the technologies you
need or already have with the deployment and management capabilities that fit the devices you need to manage.
Deploy, secure, and manage OneDrive
You deploy, manage, and secure OneDrive based on the tools you chose in the previous steps. Each technology
has different deployment, update, and management options, so when deploying OneDrive, you must first consider
whether you need to upgrade existing devices. Also, securing OneDrive may include both client-side and cloud
service–side configuration. Finally, be sure to consider data compliance requirements, such as dedicated storage
regions.
OneDrive limitations
Because OneDrive provides access to files on many kinds of devices, it restricts the use of certain characters, file
names, and folder names. In addition, certain features are available only in the Windows operating system. For a
full list of these and other limitations of OneDrive, see Invalid file names and file types in OneDrive, OneDrive for
Business, and SharePoint.
Feature releases and requests

If you want to see the functionality currently under development for OneDrive and Office 365, check out the
Microsoft 365 Roadmap or the Microsoft OneDrive Blog. Finally, if you want to request new functionality or vote
on great community ideas for OneDrive, visit OneDrive UserVoice.
Keys to successful user adoption

User adoption is important to the overall success of any new application. Ideally, to feel that you have maximized
your investment in Office 365 and OneDrive, you need to maximize user engagement with them. To do that, start
by focusing on three critical success factors:
Stakeholders. Securing the participation and buy-in of key people within your organization is critical to
successful user adoption. This support can come from business-focused leaders, IT leadership, or anyone
else who has a vested interest in seeing OneDrive and Office 365 succeed in the organization. It is
important to have both executive or business leader support and product champions to help carry the
knowledge to their peers. Whether you’re formally delegating the product champion role or allowing it to
grow organically, champions are mission critical to user adoption. In fact, a SharePoint user study in 2013
showed that people prefer to learn from a coworker than from an IT employee. For more information about
how to identify key stakeholders for your OneDrive and Office 365 implementation, see the Identify key
stakeholders guide. For more information about building a sustainable champion community, see Build a
champion program.
Scenarios. When planning to implement OneDrive and Office 365, identify and define your business
scenarios and how those scenarios align with the benefits of implementing OneDrive and Office 365. Work
with your key stakeholders to identify the goals of the business scenarios, and then match those goals
against usage scenarios. For example, a business goal may be to maximize user productivity; a key usage
scenario enabling that goal would be using OneDrive to access files from mobile devices, PCs, and Macs.
For help with this process, see the Office 365 Productivity Library.
Awareness and training. Creating awareness through awareness campaigns such as announcements,
launch events, newsletters, town hall meetings, contests, and giveaways is a critical path to maximizing
adoption. In addition, providing users with knowledge through classroom-style sessions and self-help
guides helps them feel empowered to use OneDrive and Office 365. For more information about user
communication and training on Office 365, see the Plan your Office 365 Launch: Communication and
Training Guide.
Many resources are available from Microsoft to help you drive user adoption within your environment. For more
information about a recommended Microsoft 365 user adoption strategy, see the Microsoft 365 End User
Adoption Guide. For more information about driving user engagement, see Success Factors for Office 365 End
User Engagement. You can also contribute to or comment on adoption-related ideas in the Driving Adoption Tech
Community.
Preparing your environment

Before you deploy OneDrive, prepare your environment.
Network utilization
A variety of factors can impact the amount of network bandwidth used by OneDrive. For the best experience, we
recommend that you assess this impact before doing a full OneDrive deployment across your organization. The
article Network utilization planning for the OneDrive sync client includes the recommended process for
determining your network bandwidth needs for OneDrive. Be sure to include this as part of your deployment plan.
Multi-Geo
If you have data residency requirements, consider OneDrive Multi-Geo. With OneDrive Multi-Geo, you can
specify a preferred data location (PDL ), from available locations around the world, for each user’s OneDrive. For
detailed information about OneDrive Multi-Geo, see Multi-Geo Capabilities in OneDrive and SharePoint Online in
Office 365.
If you plan to deploy OneDrive Multi-Geo, there are two user scenarios:
Users who start using OneDrive before you configure OneDrive Multi-Geo – their OneDrive will be located
in the central location once you configure OneDrive Multi-Geo. If you need to move a user's OneDrive to a
different geo location, follow the steps in Move a OneDrive site to a different geo-location to the.
Users who start using OneDrive after you configure OneDrive Multi-Geo – you can configure their
preferred data location as part of your general user onboarding process and their OneDrive will be created
in the appropriate geo location.
Features such as file sync and mobile device management work normally in a multi-geo environment. There’s no
special configuration or management needed. The multi-geo experience for your users has minimal difference
from a single-geo configuration. See User experience in a multi-geo environment for details.
If you plan to configure OneDrive Multi-Geo prior to deploying OneDrive for your users, read Plan for OneDrive
for Business Multi-Geo and follow the steps in OneDrive for Business Multi-Geo tenant configuration.
Key decisions:
Do you plan to use OneDrive Multi-Geo?
Will you have OneDrive Multi-Geo fully configured before your users start using OneDrive?
Hybrid
If you currently use OneDrive or MySites in SharePoint Server on-premises, we highly recommend deploying
hybrid OneDrive. With hybrid OneDrive, users are redirected from their on-premises OneDrive to OneDrive in
Office 365. Hybrid OneDrive allows for seamless navigation to OneDrive in the cloud from both SharePoint on-
premises and Office 365.
When you deploy hybrid OneDrive, the OneDrive links in the SharePoint Server ribbon and app launcher will
point to OneDrive in Office 365. If your users have files in on-premises OneDrive, they may have trouble
accessing them unless they’ve bookmarked the old URL. It’s important to have a migration plan for these files
before you deploy hybrid OneDrive. See Migrating data later in this article for migration options.
If you don’t use OneDrive in SharePoint Server, but you do have an on-premises SharePoint environment, you
may still want to consider deploying hybrid OneDrive. Doing so will update the OneDrive navigation links in
SharePoint Server to point to OneDrive in Office 365 – again, giving your users seamless navigation to OneDrive
in the cloud from either location.
For more information about how to configure OneDrive in a hybrid scenario and how it works, see Plan hybrid
OneDrive for Business.
SharePoint hybrid has a variety of features to create a seamless experience when using both SharePoint Server
and SharePoint Online. If you’re planning to configure hybrid OneDrive, consider including other SharePoint
hybrid features for a better overall user experience. See Explore SharePoint Server hybrid for more information.
Once you’ve migrated your users’ files from on-premises OneDrive and configured hybrid OneDrive, you can
reduce the quota for your on-premises OneDrive top-level site collection to a minimal value to save disk space.
Key decisions:
Do you want to deploy hybrid OneDrive?
Do your users have OneDrive on-premises data that needs to be migrated to OneDrive in Office 365?
Information protection
OneDrive shares can contain sensitive information that could damage your organization if it were shared with the
wrong people. This section provides information about how to help prevent accidental data leakage and protect
your data by controlling who can access it.
Information rights management–protected file synchronization
If you’re using information rights management (IRM ), OneDrive can synchronize those file libraries and provide a
seamless experience for users. For detailed information about how OneDrive handles IRM, see How Office
applications and services support Azure Rights Management. For OneDrive to synchronize these IRM -protected
libraries, however, additional configuration is required, including deploying the latest Rights Management Services
(RMS ) client to your users’ computers. For details about the additional configuration required for OneDrive to
support IRM libraries, see SharePoint Online and OneDrive for Business: IRM Configuration.
Windows Information Protection
You can use Windows Information Protection (WIP ) to help prevent data leakage by deploying application or
device policies that restrict how your employees can store, access, and use your organization's data. For example,
you can restrict users to synchronizing files that contain company data only to OneDrive and not to personal cloud
storage providers like Dropbox. For information about how to use WIP, see Protect your enterprise data using
Windows Information Protection (WIP ).
If you’ve decided to use Windows Information Protection with OneDrive, see the following resources to set up
your Windows Information Protection policies:
Create a Windows Information Protection (WIP ) policy using Microsoft Intune
Create a Windows Information Protection (WIP ) policy using System Center Configuration Manager
Azure Information Protection
Azure Information Protection is a cloud-based solution that helps organizations classify, label, and protect their
documents and emails. This classification can occur automatically when administrators define rules and conditions;
manually by users; or both, where users receive recommendations. Users can synchronize Azure Information
Protection–protected files to OneDrive after you have configured their accounts to do so.
For more information about Azure Information Protection, see What is Azure Information Protection? You can
add Azure Information Protection to your Office 365 subscription on the Subscriptions page of the Microsoft 365
admin center.
If you have decided to use Azure Information Protection, see Office 365: Configuration for clients and online
services to use the Azure Rights Management service to configure the necessary settings for it to work with
OneDrive.
OneDrive integration with other Office 365 features
OneDrive integrates with many other applications, such as SharePoint, Teams, and Yammer. With that integration
comes the necessity to protect the data stored in OneDrive. When considering security, for example, think about
potential leakage scenarios through each integrated application and apply WIP, IRM, Azure Information
Protection, or another protection option to help prevent unauthorized access. For information about how these
products integrate with each other to provide a better collaboration solution and how they can introduce
additional vectors for data leakage, see How SharePoint Online and OneDrive for Business interact with Microsoft
Teams.
Sharing options
Using the OneDrive admin center, you can specify sharing options such as the default sharing type for users, with
whom they can share, and how long sharing links remain active.
These are the key decisions around sharing for OneDrive:
Do you want to allow external sharing? If you enable external sharing for OneDrive, your users will be
able to share files and folders with people outside your organization.
If you allow external sharing, do you want to allow unauthenticated users? If you enable sharing
with Anyone, users can create sharable links that don’t require sign-in.
What do you want the default sharing link to be? Users can choose which type of link to send (Anyone,
Internal, or Direct), but you can choose the default option that is presented to users.
Do you want to restrict external sharing by domain? You can restrict external sharing to specific
domains or prevent sharing with specific domains.
Note that the OneDrive sharing settings are a subset of the SharePoint Online sharing settings. If you want to
allow external sharing in OneDrive, it must be enabled for SharePoint Online.
Data retention
When a user leaves your organization and you’ve deleted that user’s account, what happens to his or her data?
When considering data retention compliance, determine what needs to happen with the deleted user’s data. For
some organizations, retaining deleted user data could be important continuity and preventing critical data loss.
The default retention policy for deleted OneDrive users is 30 days. You can configure the setting to a range
between 0 days and 3,650 days (ten years).
For more information about OneDrive retention, see OneDrive retention and deletion and Overview of document
deletion policies.
Key decision:
What data retention time do you need for your organization?
Migrating data
A key task in deploying OneDrive for your organization is a plan to migrate your users existing files to OneDrive.
Depending on where these files are kept, there are several options, discussed below. You can choose one or more
of these options depending on the number and location of files that you need to migrate.
Another planning consideration is who will be migrating the data. Normally, a user’s OneDrive is created the first
time they access OneDrive. If you will be migrating your users’ files on their behalf before they begin using
OneDrive, you may need to pre-provision OneDrive for each of them. (This can be done with a PowerShell script.)
Keep in mind that any of the migration options listed below may result in a surge of network activity as large
numbers of files are migrated to OneDrive.
Key decisions:
Which of the following migration methods do you want to use?
Are you configuring hybrid OneDrive? (See the hybrid section of this article for the considerations around
this option.)
Do you need to pre-provision OneDrive for your users? (Are you migrating files before users have started
using OneDrive?)
Files in on-premises OneDrive or MySites libraries

If users' existing files are in on-premises SharePoint, OneDrive, or MySites, you can use the SharePoint Migration
Tool to migrate the files to Office 365.
For detailed information about the SharePoint Migration Tool, see How the SharePoint Migration Tool works.
The SharePoint Migration Tool can be used by your IT department to migrate files on their behalf. This is the
recommended method of migration for files in an on-premises SharePoint farm.
Files on users' local disk in known folders
If user files are located in Windows known folders such as their desktop, Documents, or Pictures, you can use
Known Folder Move. Known Folder Move enables users to select known folders to automatically synchronize to
OneDrive. You can add this feature during the initial setup of OneDrive or after it has been configured. This
capability provides a simple migration option for users looking to add known folders to their existing list of
synchronized folders.
Known Folder Move can be configured by administrators to automatically redirect known folders for all users on
the domain. It's an easy way to migrate files kept in these locations.
Files in other local disk folders
If users have their additional work files in various locations on their computers, it's often easiest for them to
manually move the files to OneDrive. After you deploy the OneDrive sync client to your users' computers, you can
instruct them to move their work files to the OneDrive folder on their computer.
Migrating with FastTrack
FastTrack is a Microsoft benefit that is included in your subscription. FastTrack provides you with a set of best
practices, tools, resources, and experts committed to making your experience with the Microsoft Cloud a great
one! Guidance around OneDrive onboarding, migration, and adoption are included in the benefit offering. This
guidance includes: help to discover what’s possible, creating a plan for success, and onboarding new users,
providing guidance on migrating content from file share, Box, or Google Drive source environments, and
introducing capabilities at a flexible pace, your pace! FastTrack guidance provides enablement of both OneDrive
for Business and getting the source environment ready for your transition. In addition, the FastTrack data
migration benefit will also perform specific data migration activities on behalf of you, the customer, for those with
500 or more licenses. See more details in the provided FastTrack Center Benefit Overview. Interested in getting
started? Visit FastTrack.Microsoft.Com, review resources, and submit a Request for Assistance.
Sync
Even though you can upload, download, and interact with your OneDrive files from a web browser, the ideal
OneDrive experience comes from the Windows and Mac sync clients and the iOS and Android mobile apps.
OneDrive is available for most operating systems and browsers and requires minimal hardware. For a full list of
client and app requirements for using OneDrive, see OneDrive system requirements.
If you already have the OneDrive client installed on Windows devices, start by determining the version or versions
of OneDrive in your environment. Depending on your findings, you may need to change your deployment process
to accommodate the current version (for example, run takeover commands in PowerShell to ensure that data sync
responsibilities transition to the new client). To determine which version of OneDrive you’re currently using, see
Which version of OneDrive am I using?
Upgrade from the Groove sync client to the OneDrive sync client
If you currently have the old OneDrive sync client (Groove.exe), then you’ll need to follow a slightly different
process to upgrade to the new sync client. If you had more than 250 licensed users before June 2016, you may
need to run a takeover command to continue syncing existing libraries using the new client. For detailed
information about this process (and caveats), see Transition from the previous OneDrive for business sync client.
Sync client update process
You can update the OneDrive sync client in two waves:
Production ring – in this ring, you get new features and improvements sooner – as soon as they’ve been
validated within Microsoft.
Enterprise ring – in this ring, changes are rolled out after they’ve been validated in the Production ring,
reducing the risk of issues.
This setting is configured by using Group Policy.
For details about the update process for the OneDrive sync client, see The OneDrive sync client update process.
To find out about new features available in current OneDrive updates as well as the current and historical version
numbers, see New OneDrive sync client release notes.
Key decision:
Which ring do you want to use for updates to the OneDrive sync client?
Configure settings
After you have planned your rollout, configure any settings you need before you begin deploying apps to your
users:
Specify settings for sharing links and control external sharing: Manage sharing
To manage the sync client deployment centrally, prevent users from installing the sync client when they go
to their OneDrive in a web browser: Prevent installation
To make sure that users sync OneDrive files only on managed computers, configure OneDrive to sync only
on PCs that are joined to specific domains: Allow syncing only on specific domains
To prevent users from uploading specific file types, such as exe or mp3 files: Block file types
Set the default storage space for your users: Set the default storage space
Specify how long you want to retain a user's OneDrive files when the user is deleted: Set OneDrive
retention for deleted users
To prevent users from accessing OneDrive and SharePoint content on devices outside of specific domains,
or from apps that don't use modern authentication: Control access based on network authentication or app
To control user access to features in the OneDrive and SharePoint mobile apps: Control access to mobile
app features
Deployment options
You have several different options for deploying OneDrive: manually, using scripting, using Windows AutoPilot
(for the sync client on Windows), using an MDM such as Intune, or using SCCM.
The OneDrive sync client is included as part of Windows 10 and Office 2016. You do not need to deploy the sync
client to devices running these, though you may need to update the sync client to the latest version.
Install OneDrive apps and sync clients manually

Although not particularly scalable, you always have the option of installing OneDrive manually on a device. For
some devices, this process may be as simple as installing an app. For others, you may need to delete older
versions of OneDrive first. This section walks you through the manual installation and configuration of OneDrive
on iOS and Android mobile devices, Windows devices, and computers running macOS.
Manually install and configure OneDrive on a mobile device

Installing the OneDrive app on a mobile device is simple: users can download the app from the app store on any
Android, iOS, or Windows mobile device. To simplify the manual installation process even further, users can go to
https://onedrive.live.com/about/download and enter the mobile phone number of their device. Microsoft will send
a text message to the mobile device with a link to the app in the device’s app store. Once installed, users can start
the configuration process by opening the app and responding to the prompts.
Send your users the following links to set up OneDrive on their mobile devices:
Use OneDrive on iOS
Use OneDrive for Android
Manually install and configure OneDrive on a Windows device
Manually installing OneDrive on a Windows device may or may not be necessary: many devices may already have
it, either because the user installed Microsoft Office 2016 or simply because the device runs Windows 10, both of
which include the OneDrive client by default. For devices running older versions of Windows or on which
Office 2016 is not installed, you can download the new OneDrive sync client for Windows from
https://onedrive.live.com/about/download.
NOTE
You may be required to uninstall an old version of the OneDrive sync client before you can install the new one. If so, you will
receive a notification stating that you must uninstall the previous version before you can proceed.
To manually configure OneDrive on a Windows device, see Sync files with the OneDrive sync client in Windows.
Manually install and configure OneDrive on a macOS device
For information about installing the OneDrive app on a computer running macOS or adding a work account to an
existing installation, see Sync files with the OneDrive sync client on Mac OS X.
Install OneDrive on Windows devices by using scripting methods

To silently install the OneDrive sync client on an individual computer, run the following command:
\<pathToExecutable\>\\OneDriveSetup.exe /silent
To silently update the OneDrive sync client, run the following command:
\<pathToExecutable\>\\OneDriveSetup.exe /update
For information about enabling silent account configuration, see Silently configure user accounts.
Deploy and configure OneDrive through Windows AutoPilot

Windows AutoPilot provides a simple way to deliver PCs to users. It is an alternative to the traditional system
imaging you typically perform when provisioning a new computer or repurposing an existing computer for a user.
Rather than using deployment tools such as System Center Configuration Manager, you can register your
hardware information in Azure and use a deployment profile to control the out-of-box experience and register the
device in Azure Active Directory (Azure AD ).
From there, Intune can deploy apps such as OneDrive to the device automatically. To deliver OneDrive during this
process, complete the configuration steps in Deploy OneDrive by using Intune.
For an overview of Windows AutoPilot, see Overview of Windows AutoPilot.
Deploy OneDrive by using Intune

To deploy the OneDrive sync client to Windows 10 or the mobile apps to Android or iOS, follow the steps in
Deploy OneDrive apps by using Intune, or take a look at the following video.
Deploy OneDrive by using System Center Configuration Manager

To deploy the OneDrive sync client to Windows or the mobile apps to Android or iOS by using System Center
Configuration Manager, see Deploy OneDrive apps by using SCCM.
Before you can deploy applications to computers running macOS, you need to complete some prerequisite tasks
on the System Center Configuration Manager site. For detailed information about these prerequisites and how to
prepare a System Center Configuration Manager environment for Mac management, see Prepare to deploy client
software to Macs. When you’ve completed the prerequisites, you can deploy applications to Macs by completing
the steps described in How to Create and Deploy Applications for Mac Computers in Configuration Manager. For
information about configuring the OneDrive sync client for macOS, see Deploy and configure the new OneDrive
sync client for Mac.
Manage OneDrive
The tools and technologies you use to manage OneDrive are based on the individual management task you want
to perform. The following table shows the three primary categories to consider when managing OneDrive and the
technologies and methods available for that category.
CATEGORY TASKS TECHNOLOGY OR METHOD
OneDrive organization-wide settings Manage settings such as storage limits OneDrive admin center
and sharing capabilities. Microsoft PowerShell
App updates Update the OneDrive sync client or MDM (for example, Intune)
mobile apps System Center Configuration Manager
Group Policy
OneDrive admin center
Manually
Sync client settings Configure the sync client update ring, MDM (for example, Intune)
DLP policies, and other device or app System Center Configuration Manager
restrictions. Group Policy
Manually
Manage OneDrive by using the OneDrive admin center

The OneDrive admin center https://admin.onedrive.com in Office 365 enables you to manage OneDrive settings
and device access from one central location. Some settings in the OneDrive admin center you’ll use regardless of
any other technologies you use to manage OneDrive (for example, to configure storage space settings). Others
may overlap management apps in use (for example, the MDM section). Most organizations will use the OneDrive
admin center for some of their settings, but only those organizations without an MDM application would likely use
the device access functionality in the OneDrive admin center.
For more info about the admin center, see OneDrive for Business for admins
Settings in the OneDrive admin center are grouped into six categories:
Sharing - On the Sharing page, you can configure the default sharing link users send out to colleagues to
share a file as well as external sharing settings. These settings are organization-wide and applicable to all
organizations, regardless of the device management tool in use. Use this page to configure the sharing
option based on the sharing decisions you made in Part 2, Plan for OneDrive for enterprises.
Sync - On the Sync page, you can configure sync restrictions based on file types, require that synced
devices be domain joined, or restrict synchronization from computers running macOS. Depending on your
device management tool, the PC device restrictions in this section may overlap other management settings.
Storage - On the Storage page, you specify the default OneDrive storage limit for users within your
Office 365 organization. You can also configure data retention settings for users whose accounts have been
deleted (the maximum value is 10 years). These organization-wide configuration settings are applicable to
all organizations, regardless of the device management tool they use. Use this page to configure the data
retention value based on the decisions you made in Part 2, Plan for OneDrive for enterprises.
Device Access - On the Device Access page, you can restrict device access to OneDrive based on
network location and apps that don’t use modern authentication among other application management
options. Depending on your device management tool, the restrictions configurable on this page may
overlap with other management settings. If a conflict occurs with an Intune policy, for example, the Intune
policy will take precedence for the users that policy targets.
Compliance - The Compliance page provides a centralized list of links to auditing, DLP, retention,
eDiscovery, and alerting capabilities within Office 365 that are applicable to OneDrive. Selecting an item’s
link redirects you to the Office 365 Security & Compliance Center, where you can configure that item. You
can create DLP policies from templates that protect certain types of data, such as Social Security numbers,
banking information, and other financial and medical content. Some capabilities won’t be available if you’re
using Intune (for example, device management). For a walkthrough of how to create DLP policies in
Office 365 and apply them to OneDrive, see Create a DLP policy from a template.
Notifications - On the Notifications page, you define when OneDrive owners should receive
notifications about sharing or accessing their data. For information about enabling these options, see Turn
on external sharing notifications for OneDrive.
Manage OneDrive settings by using Intune

Unlike Windows, OneDrive doesn’t have a configuration service provider. Therefore, to use Intune to configure
OneDrive settings, you must deploy the setting’s corresponding registry key and value by using a PowerShell
cmdlet. Read Use Group Policy to control OneDrive sync client settings for a list of settings and their
corresponding registry values; then, construct a PowerShell script using the following cmdlet syntax:
New-ItemProperty -Path \$Path -Name \$Name -Value \$Value -PropertyType DWORD -Force | Out-Null
where $Path is the full path to the subkey to which you want to add a value to (for example,
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OneDrive), $Name is the name of the value you’re adding
(for example, AutomaticUploadBandwidthPercentage), $Value is the data within the new value (for example,
32), and the value following the PropertyType switch is the type of value you’re adding.
Save the PowerShell script as a .ps1 file. Then, see Manage PowerShell scripts in Intune for Windows 10 devices
for instructions on how to deploy the PowerShell script in your environment.
Manage OneDrive updates by using Intune
OneDrive is updated through Windows Update in two waves. Out of the box, OneDrive sync clients are in the first
wave, which means that they receive updates as soon as they’re published. The second wave receives those same
updates several weeks later. To configure Windows devices to be in the second wave, you must configure the
EnableEnterpriseUpdate entry by using the following command:
New-ItemProperty -Path 'HKCU:\\SOFTWARE\\Microsoft\\OneDrive' -Name 'EnableEnterpriseUpdate' -Value '1' -

PropertyType DWORD -Force | Out-Null
Save the script as a .ps1 file. Then, see Manage PowerShell scripts in Intune for Windows 10 devices for
instructions on how to deploy the PowerShell script in your environment.
Manage OneDrive by using third-party MDM tools
Intune isn’t the only MDM option you can use to manage OneDrive apps and settings. For information about
managing OneDrive for Windows 10 by using VMware AirWatch, see Modern Management for Windows 10. For
information about managing OneDrive for Windows 10 by using MobileIron, see Windows 10 in the Enterprise.
Manage OneDrive by using Group Policy
You can use Group Policy to manage OneDrive settings for domain-joined computers in your environment. For
information, see Use Group Policy to control OneDrive sync client settings. Using Group Policy, you can redirect
and move Windows known folders to OneDrive, and enable silent account configuration.
Manage OneDrive by using System Center Configuration Manager

Because Windows devices that you use System Center Configuration Manager to manage are either domain
joined (and therefore managed in Active Directory) or administered through Intune, the role of System Center
Configuration Manager in managing OneDrive settings is limited. When using System Center Configuration
Manager to manage OneDrive, Microsoft recommends using either Group Policy or Intune, depending on
whether the device is domain joined.
System Center Configuration Manager can manage OneDrive updates and configuration alongside other updates
in your environment, such as for Windows and Office applications.
Manage OneDrive updates by using System Center Configuration Manager
Depending on where the OneDrive client originated—as part of an Office package, Windows 10, or as a stand-
alone installation—there are two primary methods for using System Center Configuration Manager to manage
OneDrive updates:
Traditional updates managed through Windows Service Update Services (WSUS ). OneDrive
product updates are downloaded to WSUS, and you can manage them alongside your Windows and Office
updates. For information about how to configure System Center Configuration Manager with WSUS, see
Install and configure a software update point.
Single-instance updates. If you want to perform an ad hoc update of the OneDrive sync client on a
Windows device, start by downloading the updated OneDrive sync client from OneDrive for Windows. This
method is typically applicable only for older installations of Office running on devices with a Windows
version earlier than Windows 10 that are not updating OneDrive as part of their other updates.
Once downloaded, you can create a script in System Center Configuration Manager by following the
process in Create and run PowerShell scripts from the Configuration Manager Console or by using a
traditional script-based application such as that in Create applications with System Center Configuration
Manager. When using either option, the command to update the OneDrive client using the installer is:
> Execute \<pathToExecutable\>\\OneDriveSetup.exe /update /restart

OneDrive QuickStart guide for small businesses
OneDrive for Business is a robust but simple-to-use cloud storage platform for small businesses, enterprises, and
everything in between. Unlike other cloud storage providers, most of the advanced enterprise-focused features in
OneDrive are available for every subscription type, enabling organizations to use OneDrive in whatever way
benefits them the most. This guide focuses on the deployment and configuration options that make the most sense
for small businesses looking to use OneDrive. From there, these organizations can select whatever additional
management capabilities they require. For the full deployment guide, which contains other methods of deploying,
configuring, and managing OneDrive, see OneDrive guide for enterprises.
Getting started with OneDrive

OneDrive is effective in even the largest enterprises, but it still has a small, easy-to-implement footprint that small
businesses can take advantage of. After all, small businesses are often at highest risk for losing files on failed
devices because few are concerned with centralized storage and backups. By using OneDrive, however, your small
business can keep files safe, and your users can easily access them from all their devices.
To get started with OneDrive, follow these steps:
1. Review basic OneDrive information. Start by reviewing the introductory OneDrive information available
at the OneDrive help center. You’ll get answers to many of your questions, including the OneDrive
experience and how it works.
2. Set up a Microsoft Office 365 subscription. You must set up an Office 365 subscription to use OneDrive,
but you aren’t required to purchase all the applications in the Office 365 suite. To get started, follow the
steps in Set up Office 365 for business.
3. Add OneDrive licenses. Review your plan options in Compare OneDrive for Business plans, and then add
the licenses you need.
When you’ve completed these tasks, you’re ready to plan for, deploy, and configure the OneDrive sync client and
applications. To do that, complete these three simple steps:
1. Plan for adoption. For small businesses, planning for user adoption can be as simple as individually
showing your users how to use OneDrive. Often, small business customers don’t consider this step for new
applications, and that can negatively affect the application’s success. The section Adopt OneDrive provides
helpful resources for OneDrive adoption.
2. Install and configure. Sync clients are available for the Windows and macOS operating systems that
provide a seamless experience for users interacting with their files. Most small businesses start by installing
the sync client on their users’ devices, and then consider the OneDrive mobile apps later. In fact, you may
already have the OneDrive client on your devices. Devices running the Windows 10 operating system and
devices running Windows or macOS with Microsoft Office 2016 or later will have the OneDrive sync client
already. For information about how to install and configure the OneDrive sync client and apps, see the
section Install and configure OneDrive.
3. Manage OneDrive. For many small businesses, managing OneDrive is optional. You could simply install
and configure OneDrive and leave it at that. If you want to use advanced features of OneDrive or add device
sharing or access restrictions, however, you can easily manage those and other settings in the OneDrive
admin center. For more information about managing OneDrive, see the section Manage OneDrive.
Key OneDrive features for small businesses
Unlike most other cloud storage providers, OneDrive not only provides robust features to small businesses out of
the box, but it also makes most of its advanced features available to them. This gives small businesses the flexibility
to use advanced features based on the needs of their organization.
The features listed in this section address common customer concerns or specific compliance requirements, or
provide unique functionality available only in OneDrive. For a full list of features available across OneDrive plans,
see Microsoft OneDrive.
NOTE
The information in this section is for awareness purposes only and is not required to install and use OneDrive.

OneDrive Files On-Demand enables users to view, search for, and interact with files stored in OneDrive from within
File Explorer, without downloading all the files to their device. The feature provides a seamless look and feel for
both OneDrive and local files without taking up space on the local hard drive. As shown in the following screenshot,
files that have not been downloaded have a cloud icon for their status. For those files that have been downloaded,
the status shows a green checkmark.
By default, files are downloaded only when you need to access them. However, if you plan to access a file while
disconnected from the internet, simply make the file available offline by right-clicking it, and then selecting Always
keep on this device. Alternatively, if you want to free space on your device and remove the downloaded copy of a
file, right-click the file, and then select Free up space. The following screenshot shows the right-click menu for
OneDrive files on a device running Windows.
For more information about OneDrive Files On-Demand, see Learn about OneDrive Files On-Demand.
Modern attachments
OneDrive integrates with Microsoft Outlook to enable easy sharing of OneDrive files that appear just like email
attachments. This feature provides a familiar sharing experience but centralizes storage of attachments in
OneDrive. This allows your users to all collaborate on the same file instead of sending different versions bach and
forth in email. In addition, you can configure sharing permissions on the files directly from within the Outlook
client.
To reduce the potential for confusion when users choose to add a copy versus a link to attached OneDrive files, you
can set the default behavior of the Outlook client, as demonstrated in How to control default attachment state when
you attach a cloud file in Outlook 2016.
Files Restore
The OneDrive Files Restore feature lets users restore files to any point over the past 30 days. To select the desired
recovery time, OneDrive presents you with a histogram that shows file activity so that you can determine which
recovered time meets your needs. From there, simply select the file history entry to which you want to restore, and
all changes after that point will be rolled back.
In addition, because the histogram shows individual activity on a file, you can use this feature to quickly view your
files’ modification history. For more information about this feature, see Restore your OneDrive.
Recycle bin
OneDrive has a recycle bin similar to the one available on the Windows desktop. Deleted files are moved to the
recycle bin and kept for a designated time before being permanently deleted. For work or school accounts, deleted
files are purged after 93 days unless configured otherwise. For a demonstration of how the recycle bin works, see
Restore deleted files or folders in OneDrive.
Known Folder Move
Known Folder Move enables users to select Windows known folders, such as their desktop, Documents, or Pictures,
to automatically synchronize to OneDrive. You can add this feature during the initial setup of OneDrive or after it
has been configured. This capability provides a simple migration option for users looking to add known folders to
their existing list of synchronized folders. For more information about Known Folder Move, see Protect your files
by saving them to OneDrive.
Adopt OneDrive
User adoption is important to the overall success of any new application. Ideally, to feel that you have maximized
your investment in Office 365 and OneDrive, you need to maximize user engagement with them. For small
businesses, driving user adoption can be as simple as introducing users to OneDrive when you’re installing it or
showing them any of the videos available at the Office 365 Training Center.
Personally showing your users how to save and share documents in OneDrive tends to be the most effective option
for driving adoption, given that you’ll likely be performing manual installations. The primary value proposition for
small businesses is file availability and redundancy. A document saved on local storage can be lost with a device; a
document saved to OneDrive cannot. Simply having this discussion with your users beforehand, coupled with
demonstrating the application’s ease of use, can drive positive outcomes for this effort.
For information about a more formal Microsoft 365 user adoption strategy, see the Microsoft 365 End User
Adoption Guide. For more information about driving user engagement through a similar, more formal process, see
Success Factors for Office 365 End User Engagement. You can also contribute to or comment on adoption-related
ideas in the Driving Adoption Tech Community.
Install and set up OneDrive apps

You can upload, download, and interact with your OneDrive files from a web browser, but the ideal OneDrive
experience comes from the Windows and Mac sync clients and the iOS and Android mobile apps. With these
clients and apps, saving files to OneDrive and interacting with them is much easier than visiting a website each time
you need something. Through this experience, you can seamlessly integrate OneDrive into your existing file
interaction experiences.
You can install OneDrive on any supported device. For small businesses, manual installations typically make the
most sense. For some devices, the installation process may be as simple as installing an app from the app store. For
others, you may need to delete older versions of OneDrive first. This section walks you through the installation and
configuration of OneDrive on iOS and Android mobile devices, Windows devices, and computers running macOS.
You may not need to install OneDrive on all these platforms, depending on the devices used in your organization.
Most small businesses start by installing the OneDrive sync client on users’ Windows and macOS devices, and
then consider the OneDrive mobile apps afterwards. You don’t need to install and configure OneDrive on all your
devices before you start using it.
Install and configure the sync client on a Windows device

If your Windows device has either Office 2016 or Windows 10, it already has the OneDrive sync client.
For devices running older versions of Windows or on which Office 2016 is not installed, you can download the
OneDrive sync client for Windows from https://onedrive.live.com/about/download.
NOTE
If the device has an older version of the sync client, you’ll be asked to uninstall it when you install the new one.
Configuring OneDrive for Windows is simple, but if you want to see a demonstration, see Sync files with the
OneDrive sync client in Windows
Install and configure OneDrive on a macOS device
To install the OneDrive sync client on a computer running macOS, just follow the steps in Sync files with the
OneDrive sync client on Mac OS X. The setup experience is similar to that for Windows. For more information
about OneDrive on macOS, see OneDrive for Mac – FAQ.
Install and configure OneDrive on a mobile device

Installing the OneDrive app on a mobile device is simple: download the app from the app store on any Android,
iOS, or Windows mobile device. If you want to simplify the manual installation process even further, go to
https://onedrive.live.com/about/download and enter the mobile phone number of the device on which you want to
install OneDrive. Microsoft will send a text message to the mobile device with a link to the app in the device’s app
store. Once installed, start the configuration process by opening the app and responding to the prompts.
To learn how to perform tasks in OneDrive on an iOS device, see Use OneDrive on iOS.
FTo learn how to perform tasks in OneDrive on an iOS device, see Use OneDrive for Android.
Manage OneDrive
Many small businesses use OneDrive without changing any of the options.
If you want to add some basic device and sharing restrictions to OneDrive, you can use the OneDrive admin center.
To access the new OneDrive admin center, go to https://admin.onedrive.com. There, you can restrict the people with
whom your users can share files, choose the devices your employees can use to access OneDrive, and more.
Settings in the OneDrive admin center are grouped into six categories:
Sharing. On the Sharing page, you can configure the default sharing link users send out to colleagues to
share a file. For example, when users share a file, you can specify that the default sharing type is Internal.
You can also change the external sharing settings to prevent users from sharing files with people outside
your organization. This is useful if you have a lot of confidential information.
Sync. On the Sync page, you can configure sync restrictions based on file type, require that synced devices
be joined to your domain, or restrict synchronization from computers running macOS.
Storage. On the Storage page, you specify the default OneDrive storage limit for users within your
Office 365 organization. You can also configure how long to keep data for users whose accounts have been
deleted (the maximum value is 10 years).
Device Access. On the Device Access page, you can restrict device access to OneDrive based on network
location and apps that don’t use modern authentication, among other application management options.
Compliance. The Compliance page provides a centralized list of links to auditing, data loss prevention
(DLP ), retention, ediscovery, and alerting capabilities within Office 365 that are applicable to OneDrive.
(Most small businesses won’t use these options.)
Selecting an item’s link redirects you to the Office 365 Security & Compliance Center, where you can
configure that item. You can create DLP policies from templates that protect certain types of data, such as
Social Security numbers, banking information, and other financial and medical content. For a walkthrough of
how to create DLP policies in Office 365 and apply them to OneDrive, see Create a DLP policy from a
template.
Notifications. On the Notifications page, you define when OneDrive owners should receive notifications
about sharing or accessing their data. These settings are helpful for small businesses that likely don’t have IT
staff who can audit this information. For information about enabling these options, see Turn on external
sharing notifications for OneDrive.
Get help with OneDrive

If you need help with OneDrive, you have many ways to find solutions to common issues or request help:
Tech community. Find helpful information from other customers in the community by reviewing the
discussions in the OneDrive for Business Tech Community and the Microsoft OneDrive Blog.
Support documentation. For a list of recent issues in OneDrive and how to resolve or work around them,
see Fixes or workarounds for recent issues in OneDrive. For getting started info, see Get started with
OneDrive, Employee file storage (video training) and Why use OneDrive to store your docs.
Microsoft Support. If you need help from Microsoft to troubleshoot an issue or configure or deploy
OneDrive, see Contact Microsoft.
OneDrive UserVoice. You can review and submit feature requests and provide feature feedback at
OneDrive UserVoice.
The OneDrive sync client
When a user installs the OneDrive sync client for Windows or Mac, they can work with their OneDrive files in File
Explorer or Finder. They can also easily save files to OneDrive from the programs they use. When users add,
change, and delete files and folders from the OneDrive mobile app or by accessing their OneDrive from a web
browser, the files and folders are automatically added, changed, or deleted on their computer and vice versa. To
upload files to OneDrive, users can simply copy or move them to OneDrive in File Explorer or Finder. They can
also use File Explorer to easily organize their OneDrive by creating new folders, and moving and renaming files
and folders. All these changes sync automatically.
Windows10 devices come with the OneDrive sync client installed. Office2016 and later installations also have the
sync client installed.
Read the release notes and install the latest fully released versions
Invalid file names and file types in OneDrive, OneDrive for Business, and SharePoint
Fix sync problems
Deploy OneDrive apps by using System Center
Configuration Manager
You can use System Center Configuration Manager (SCCM ) to deploy the new OneDrive sync client
(OneDrive.exe), as well as the mobile apps for iOS and Android. Before you begin deploying, make sure you have
reviewed the planning information and deployment options in the OneDrive guide for enterprises.
Deploy the OneDrive sync client for Windows

The OneDrive sync client (OneDrive.exe) can be installed on Windows 7 and later. It can also be installed on
macOS. For info about deploying the OneDrive sync client on macOS, see Configure the new OneDrive sync
client on macOS
The new OneDrive sync client can be used with SharePoint Server 2019, but not earlier versions of SharePoint
Server. For more information about the restrictions and limitations of the OneDrive sync client, see Invalid file
names and file types in OneDrive, OneDrive for Business, and SharePoint.
IMPORTANT
If your users are currently using the OneDrive for Business sync client (Groove.exe), and you want to move them to the
OneDrive sync client, see Transition from the previous OneDrive for Business sync client before proceeding.
Check if users already have the OneDrive sync client

If the computers in your organization are running Windows 10, they already have the new sync client installed. If
the computers have Office 2016 or Office 2013 (Home & Student, Home & Business, Professional, Personal,
Home, or University) installed, they might also have the new sync client.
NOTE
Office is installed per machine, whereas OneDrive needs to be installed per user. If you plan on deploying Office to your
organization, you will need to deploy OneDrive.exe separately for additional users on individual machines.
Deploy any administrative settings

To set registry keys on computers in your domain, install OneDrive and copy the OneDrive.admx and
OneDrive.adml files from %localappdata%\Microsoft\OneDrive\BuildNumber\adm\ to your Group Policy central
store. For more info, see Use Group Policy to control OneDrive sync client settings.
Use System Center Configuration Manager to deploy the OneDrive sync client
1. In System Center Configuration Manager, select Create Device Collection and follow the steps in the
Create Device Collection Wizard.
2. Save the OneDriveSetup.exe installer for Windows to your local computer or a network share. Download
the Production ring OneDriveSetup.exe installer for Windows or download the Enterprise ring
OneDriveSetup.exe installer for Windows.
3. Download the sample SCCM package. It's a .zip file that contains the script installer deployment type. For
more information about packages and programs in System Center Configuration Manager, see Packages
and programs in System Center Configuration Manager.
NOTE
The script installer deployment type already has a detection method script and will correctly assess the installation. Also,
there is an uninstall switch, which means that you can easily remove the OneDrive sync client, if necessary.
4. Copy the installer to a folder in the SCCM source content share.

5. In SCCM, select the Software Library workspace. Under Application Management, right-click
Applications, and then select Import Application.
6. Select the sample package.

7. Select the Deployment Types tab on the bottom of SCCM, right-click the deployment, and edit the
properties to update the Content location.
8. Right-click the package, select Deploy, and follow the steps in the Deploy Software Wizard.
If you don't use the sample package, run the following command using System Center Configuration Manager:
Execute <pathToExecutable>\OneDriveSetup.exe /silent
(where pathToExecutable is a location on the local computer or an accessible network share).
NOTE
This command must be run at user logon and using Administrator permissions. It must be run for each user on a machine.
For an example of how to deploy an .exe on every user account, see How to deploy the OneDrive sync client with SCCM.
If you run the command with no command line parameter, users will see the installation status. After installation,
OneDriveSetup.exe will automatically execute OneDrive.exe and display OneDrive Setup to users. If you run the command
with the /silent parameter, OneDrive.exe will be installed transparently and OneDrive Setup won't appear. You'll need to run
OneDrive.exe with an additional command. If you want to control the launch of OneDrive across your organization, we
recommend using the /silent parameter.
Learn more about application management in Configuration Manager. The installer will install the OneDrive
executable file under %localappdata%\Microsoft\OneDrive.
Deploy the RMS client to enable syncing IRM -protected files
The new OneDrive sync client for Windows now supports syncing IRM -protected SharePoint document libraries
and OneDrive locations. To create a seamless IRM sync experience for your users, deploy to your users'
computers the latest Rights Management Service (RMS ) client from the Microsoft Download Center. Even if these
computers have the Azure Information Protection client installed, which includes the RMS client, the OneDrive
sync client still needs a separate installation of the RMS client from the Microsoft Download Center.
To silently install the RMS client on computers, use the /qn switch as part of the command-line options of the
Microsoft Windows Installer Tool (Msiexec.exe). For example, the following command shows the silent mode
installation (assuming the RMS Client installer package is already downloaded to C:\Downloads)
msiexec /qn c:\downloads\setup.msi
You can have the setup file on a network share and use managed software deployment to run the msiexec
command.
NOTE
The sync client does not support IRM policies that expire document access rights.
Help users sign in

To help users sign in, you can use silent account configuration or one of these methods:
Use the following URL to start OneDrive Setup on users' computers. When users click to begin Setup, a
sign-in window will appear for users can enter email address.
odopen://launch
Use the following URL with each user's email address to start Setup and prepopulate user email addresses
in the sign-in window.
odopen://sync?useremail=youruseremail@organization.com
If you want to auto-configure a SharePoint site to be synced, you can use the URL below as a guide to build the
path to the SharePoint site you want to sync automatically. Replace HERE with the correct values for each
component of the URL.
NOTE
Replace special characters like the period (.), hyphen (-), and at sign (@) with the corresponding encoded values. For example,
if the URL includes a hyphen, replace the hyphen with its encoded value, %2D. Additionally, you will need Client Side Object
Model (CSOM) knowledge to query the team site to determine the appropriate SiteID, WebID and ListID to build the
appropriate URL.
odopen://sync/?
siteId=SiteID_HERE&webId=WebID_HERE&listId=ListID_HERE&userEmail=UserEmail_HERE&webUrl=WebURL_
HERE"
Run the following command using System Center Configuration Manager (SCCM ) script:
%localappdata%\Microsoft\OneDrive\OneDrive.exe
It starts the OneDrive process. If users haven't set up any accounts, it displays OneDrive Setup. To display
OneDrive Setup specifically to users who haven't set up an account for your organization, use the
command line parameter:
/configure_business:<tenantId>
NOTE
When you use System Center Configuration Manager, make sure you run OneDrive.exe with User permissions (not as an
Administrator).
For help finding your tenant ID, see Find your Office 365 tenant ID.
Deploy the OneDrive app on mobile devices running iOS or Android

You can use System Center Configuration Manager to deploy apps to mobile devices. Before you do, however, you
need to complete a few prerequisite steps because integration with Intune is required to manage mobile devices in
System Center Configuration Manager. For information about managing mobile devices with System Center
Configuration Manager and Intune, see Manage Mobile Devices with Configuration Manager and Microsoft
Intune.
Deploy the OneDrive app for iOS
1. In SCCM, on the Home ribbon, select Create Application.
2. In the Type box, select App Package for iOS from App Store.
3. In the Location box, enter the app store URL, https://itunes.apple.com/us/app/onedrive/id823766827?
mt=12.
4. Target the app to users.

For more info, see Create iOS applications with System Center Configuration Manager, and use as the app
location, as shown below.
Deploy the OneDrive app for Android
1. In SCCM, on the Home ribbon, select Create Application.
2. In the Type box, select App Package for Android on Google Play.
3. In the Location box, enter the app store URL, https://play.google.com/store/apps/details?
id=com.microsoft.skydrive&hl=en
4. Target the app to users.

For more info, see Create Android applications with System Center Configuration Manager.
See also
Invalid file names and file types in OneDrive, OneDrive for Business, and SharePoint
Install the sync client per machine (preview)
By default, the OneDrive sync client installs per user, meaning OneDrive.exe needs to be installed for each user
account onthe PC under the %localappdata% folder. Withthe new per-machine installation option, you can install
OneDrive under the “ProgramFiles (x86)” directory, meaning all profiles on the computer will use the same
OneDrive.exe binary. Other than where the sync client is installed, the behavior is the same.
The new per-machine sync client provides:
Automatic transitioning from the previous OneDrive sync client (Groove.exe)
Automatic conversion from per-user to per-machine
Automatic updates when a new version is available
The per-machine sync client supports syncing OneDrive and SharePoint files in Microsoft 365 and in SharePoint
Server 2019.
Requirements
All Windows versions supported by the sync client. Learn more
Sync client build 19.043.0304.0006 or later. For info about which sync client build is available in each ring, see
New OneDrive sync client release notes.
To apply sync client updates, computers in your organization must be able to reach the following:
"oneclient.sfx.ms" and "g.live.com." Make sure you don't block these URLs. They are also used to enable and
disable features and apply bug fixes. More info about the URLs and IP address ranges used in Office 365.
Deployment instructions
1. Download OneDriveSetup.exe.
2. Run “OneDriveSetup.exe /allusers” from a command prompt window (will result in a UAC prompt) or by using
SCCM. This will install the sync client under the “Program Files (x86)\Microsoft OneDrive” directory. When
setup completes, OneDrive will start. If accounts were added on the computer, they'll be migrated automatically.
FAQ
Do I need to move to the per-machine sync client? The per-machine sync client is helpful especially for multi-
user computers and when you don’t want exe files running from the user profile.Over time, we will recommend
that more and more customers switch to per-machine installation.
With per-machine installation, will a single OneDrive.exe process be shared by all users on the
computer? No, although a single version of OneDrive.exe is installed, a new process is created for every OneDrive
account syncing on the computer.
Will the same update rings apply to per-machine? If you selected the Insiders ring (via the Windows Insider
program or Office Insider programs) or are in the default Production ring, you will continue to be in the same ring
as before.
In the past you may have used a user group policy (under HKCU ) to select the Enterprise ring (Receive OneDrive
sync client updates on the Enterprise ring). This group policy will not work with the per-machine install. To select
the ring, use the computer group policy (under HKLM ) instead (Set the sync client update ring).
NOTE
We do not recommend selecting the Enterprise ring while this feature is in preview because you will not receive bug fixes for
any issues we find.
Does the per-machine sync client follow the same update process/cadence as the per-user sync client?
Yes, the per-machine sync client will auto-update on the same cadence as the per-user sync client and the same
rings are supported (see question above). The release notes are the same. More info about the sync client update
process
The sync client is an extension of the service and a very thin client so auto-updating to the latest version is critical
to maintaining a high-quality sync experience. As a result, we recommend that you keep your users in the default
Production ring and rely on auto-update to take care of updating to the latest version. If your organization requires
you to deploy updates manually through SCCM, we recommend that you select the Enterprise ring and deploy the
upcoming builds before auto-update takes effect as described here.
Do automatic updates of the per-machine sync client require user intervention? User intervention is not
required for the per-machine sync client to update itself. Elevation is required when you first set it up. During setup,
we install a scheduled task and a Windows service, which are used to perform the updates silently without user
intervention since they run in elevated mode.
How do I revert back to the per-user sync client if required? We do not support automated migration from
per-machine to per-user. To revert back after installing per-machine, please uninstall the sync client and install the
latest released version without the “/allusers” parameter.
How can I detect the installation through SCCM?
For SCCM, to detect the install we used the following two registry detection rules with an OR () connector;
[HKLM\SOFTWARE\Wow6432Node\Microsoft\OneDrive]"1111-2222-3333-4444"=dword:0005000
HKLM\SOFTWARE\Wow6432Node\Microsoft\OneDrive | Version | 32bit on 64bit TRUE | Type=Version | =
19.043.0304.0007 HKLM\SOFTWARE\Microsoft\OneDrive | Version | 32bit on 64bit FALSE | Type=Version | =
19.043.0304.0007
This allows the per-machine version to be detected independent of the underlying client architecture.
Query and set Files On-Demand states
With OneDrive Files On-Demand, files can be in one of three states. Each of these states corresponds to a file
attribute state. To query the current state of a file or folder, use the following commands:
Windows: attrib
Mac: /Applications/OneDrive.App/Contents/MacOS/OneDrive /getpin
Scriptable commands
Use the following commands to set file and folder states.
FILES ON-DEMAND STATE FILE ATTRIBUTE STATE WINDOWS COMMAND MAC COMMAND
Always available Pinned attrib +p <path> /Applications/OneDrive.App/

Contents/MacOS/OneDrive
/setpin <path>
Locally available Clearpin attrib -p <path> /Applications/OneDrive.App/

/clearpin <path>
Online-only Unpinned attrib +u <path> /Applications/OneDrive.App/

/unpin <path>
NOTE
To set the file attribute state for all items within a folder on Mac, add the /r parameter.
Pinning an online-only file makes the sync client download the file contents, and unpinning a downloaded file frees up space
on the device by not storing the file contents locally.
To set an online-only file or folder to "locally available," you must first set it to "always available."
Meet Windows and OneDrive sync client requirements and still can't see Files On-Demand option available at
"Settings"? Make sure service "Windows Cloud Files Filter Driver" start type is set to 2 (AUTO_START). Enabling
this feature sets the following registry key value to 2.
[HKLM\SYSTEM\CurrentControlSet\Services\CldFlt]"Start"="dword:00000002"
Silently configure user accounts
This article is for IT admins who would like to silently configure user accounts when deploying the new OneDrive
sync client (OneDrive.exe) to managed Windows computers in their enterprise. This feature works for computers
that are joined to Azure Active Directory (Azure AD ).
Overview
If you enable this feature, OneDrive.exe will attempt to sign in to the work or school account on the device that's
joined to Azure AD. Before if begins syncing, it will check the available disk space. If syncing the user's entire
OneDrive would cause the available space to drop below 1 GB or if the size exceeds the threshold you set (on
devices that don't have Files On-Demand enabled), OneDrive will prompt the user to choose folders to sync. For
info about setting this threshold using Group Policy, see Set the maximum size of a user's OneDrive that can
download automatically.
If you enable this setting and the user is syncing files with the previous OneDrive for Business sync client
(Groove.exe), the new sync client (OneDrive.exe) will attempt to take over syncing and import the user's sync
settings.
Prerequisites
Before you can enable silent account configuration, you need to join your devices to Azure AD. You can join
devices running Windows 10 and Windows Server 2016 directly to Azure AD. To learn how, see Join your work
device to your organization's network.
If you have an on-premises environment that uses Active Directory, you can enable hybrid Azure AD joined
devices to join devices on your domain to Azure AD. Devices must be running one of the following operating
systems:
Windows 10
Windows 8.1
Windows 7
Windows Server 2016
Windows Server 2012 R2
Windows Server 2012
Windows Server 2008 R2
If you federate your on-premises Active Directory with Azure AD, you must use AD FS to enable this feature. For
info about using Azure AD Connect, see Getting started with Azure AD Connect using express settings.
NOTE
For more info, see How to configure hybrid Azure Active Directory joined devices. To check the join status and fix problems,
see Troubleshoot hybrid Azure AD-joined devices.
Enable silent configuration
If the computers on your network are joined to Active Directory on-premises, you can use domain group policy to
configure silent account configuration.
Using Group Policy:
1. Enable silent account configuration. For info, see Silently sign in users to the OneDrive sync client with
their Windows credentials. If a device is not already joined to Azure AD, enabling this setting will join it.
2. Optionally, specify the maximum OneDrive size that will download automatically in silent configuration.
For info, see Set the maximum size of a user's OneDrive that can download automatically. Note that if you
enable Files On-Demand, OneDrive will ignore the maximum size value.
3. Optionally, set the default location for the OneDrive folder. For info, see Set the default location for the
OneDrive folder.
TIP
To test single sign-on, run OneDrive setup using the /silent parameter and enter your user name. Setup should not prompt
for credentials.
NOTE
Silent account configuration won't work on devices for which you've required multi-factor authentication. Select third-party
identity providers (IdPs) are supported, but there are caveats. For more information, make sure to check out the Azure AD
federation compatibility list.
If the computers on your network are not connected to Active Directory on-premises, but only to Azure AD, we
recommend using Intune and a Microsoft PowerShell script to set the registry keys required to enable silent
config. Be sure you have automatic enrollment set up for Windows 10 devices.
Using a script:
$HKLMregistryPath = 'HKLM:\SOFTWARE\Policies\Microsoft\OneDrive'##Path to HKLM keys
$DiskSizeregistryPath = 'HKLM:\SOFTWARE\Policies\Microsoft\OneDrive\DiskSpaceCheckThresholdMB'##Path to max

disk size key
$TenantGUID = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
IF(!(Test-Path $HKLMregistryPath))
{New-Item -Path $HKLMregistryPath -Force}
IF(!(Test-Path $DiskSizeregistryPath))
{New-Item -Path $DiskSizeregistryPath -Force}
New-ItemProperty -Path $HKLMregistryPath -Name 'SilentAccountConfig' -Value '1' -PropertyType DWORD -Force |
Out-Null ##Enable silent account configuration
New-ItemProperty -Path $DiskSizeregistryPath -Name $TenantGUID -Value '102400' -PropertyType DWORD -Force |
Out-Null ##Set max OneDrive threshold before prompting
Send feedback
Please let us know if you have feedback on this feature or encounter any issues:
1. Right-click the blue OneDrive icon in the notification area, at the far right of the taskbar.
2. Click Report a problem.
3. Enter a brief description and include the phrase "SilentConfig" in your message to send your feedback
directly to engineers working on this feature.
4. Click OK. You'll receive an email message with a ticket number to track your feedback.
Transition from the previous OneDrive for Business
sync client
This article is for Office 365 admins who would like to transition their users off of the previous OneDrive for
Business sync client (Groove.exe) so that they sync only with the new OneDrive sync client (OneDrive.exe).
If you're not an IT admin, see Sync files with the new OneDrive sync client in Windows to learn how to begin
syncing files using the new OneDrive sync client.
IMPORTANT
If your organization never used the previous OneDrive for Business sync client, or had fewer than 250 licensed Office 365
users in June 2016, your users are already using the new OneDrive sync client to sync files in OneDrive and SharePoint
Online.
The new OneDrive sync client supports Windows 10, Windows 8.1, Windows 8, and Windows 7. It can also be used with
SharePoint Server 2019.
The OneDrive sync client for Windows now supports syncing IRM-protected SharePoint document libraries and OneDrive
locations. To create a seamless IRM sync experience for your end users, deploy the latest Rights Management Service (RMS)
client to your users' computers.
If you're ready now, download the latest version of the new OneDrive sync client that's fully released to
production. To learn about other versions that are rolling out to different rings, see New OneDrive sync client
release notes.
IMPORTANT
OneDrive.exe must be deployed and configured before you try the takeover command.
Overview
When users who are syncing files with the previous OneDrive for Business sync client (Groove.exe) sign in to the
new OneDrive sync client (OneDrive.exe), the following things happen:
If the new OneDrive sync client can take over syncing a library, the previous sync client stops syncing it and
the new OneDrive sync client takes over syncing it without re-downloading the content. If the new
OneDrive sync client can't sync the library, the previous sync client continues to sync it. If a library requires
checkout or has required columns or metadata, it will be synced read-only.
The previous sync client stops running and removes itself from automatic startup, unless it's still syncing
libraries that the new OneDrive sync client can't sync.
When SharePoint Online libraries begin syncing with the new OneDrive sync client, the folder hierarchy that
appears in File Explorer may be simplified.
To help your users get started with the OneDrive sync client, you can refer them to the following articles:
Sync files with the new OneDrive sync client in Windows
Get started with the new OneDrive sync client on Mac OS X
Sync SharePoint files with the new OneDrive sync client
The following library types are not yet supported by the new OneDrive sync client, and will not transition from the
previous sync client:
On-premises locations in SharePoint Server 2016 or earlier.
SharePoint Online libraries that people from other organizations shared that your users are syncing with
the previous sync client.
For more info about sync restrictions and limitations, see Invalid file names and file types in OneDrive, OneDrive
for Business, and SharePoint
Prerequisites
1. Make sure users have the following versions of Office or higher installed. For info about deploying Office, see
Choose how to deploy Office 365 ProPlus. Make sure you don't install the previous OneDrive for Business
sync client. For info, see Changes to the previous OneDrive sync client (Groove.exe) in Office 2016 Click-to-
Run.
Office version Minimum version
Office 365 ProPlus 16.0.7167.2*
Office 2016 MSI 16.0.4432.1*
Office 2013 MSI/C2R 15.0.4859.1*
2. Make sure users have version 17.3.6743.1212 or higher of the new OneDrive sync client installed. For info
about deploying the new OneDrive sync client, see Deploy OneDrive apps by using System Center
Configuration Manager.
NOTE
If any users have Office 2010 installed, we strongly recommend removing the SharePoint Workspace component. If users
previously set up SharePoint Workspace (even if they're no longer using it), it will cause problems syncing team sites. Before
starting OneDrive Setup, either Uninstall Office from a PC or modify the installation. To do this by running Setup, first create
the following XML file:
<Configuration Product="ProPlus"> <Display Level="none" CompletionNotice="no" SuppressModal="yes"
NoCancel="yes" AcceptEula="yes" /> <Logging Type="standard" Path="C:\Windows\temp\"
Template="MicrosoftSharePointWorkspaceSetup(*).txt" /> <Setting Id="SETUP_REBOOT" Value="Never" />
<OptionState Id="GrooveFiles" State="absent" Children="force" /> </Configuration>
Then run Setup: Setup.exe /modify ProPlus /config RemoveSharepointDesigner.xml For more info, see Setup
command-line options for Office 2010 and Config.xml file in Office 2010.
Configure takeover
When the new OneDrive sync client (OneDrive.exe) is deployed and configured on a computer, it will automatically
transition off of the previous OneDrive for Business sync client (Groove.exe).
You can configure the sync client in two ways:
Silently - Review the prerequisites and steps, and then use this policy.
Manually - In the SharePoint admin center, set OneDrive and SharePoint to sync with the new OneDrive sync
client. This will run the new sync client the next time users click the Sync button in a SharePoint document
library. If the options aren't available in the SharePoint admin center, the new OneDrive sync client is already
set up to sync files in OneDrive and SharePoint Online. Once OneDrive.exe is installed and configured,
Groove.exe should no longer be able to sync.If the takeover did not succeedor your users are stuck in a hybrid
state (some content syncing with OneDrive.exe and some with Groove.exe), try running
%localappdata%\Microsoft\OneDrive\OneDrive.exe /takeover. You must set up OneDrive.exe on the computer
before you run this command.
TIP
Make sure to run the command in a user context, rather than as admin, or the user will see the error "OneDrive.exe cannot
be run with Admin privileges."
To affect all users on the computer, configure the command to run on every user account so it will run for any user who
signs in.
If the takeover did not succeed, the previous OneDrive for Business sync client (Groove.exe) may be an older
version that can't successfully transition to the new client. To patch the previous sync client, update groove-x in
Office 2016 or Office 2013, and then try again.
Block the previous sync client from syncing

To prevent users from using the previous OneDrive for Business sync client, follow these steps.
WARNING
Running this command will disconnect Groove.exe even if the user is still syncing content.
1. Download the latest SharePoint Online Management Shell.

2. Connect to SharePoint Online as a global admin or SharePoint admin in Office 365. To learn how, see
Getting started with SharePoint Online Management Shell.
3. Run the following command:
Set-SPOTenantSyncClientRestriction [-GrooveBlockOption <String> "OptOut"|"HardOptIn"|"SoftOptIn"]
For more information, see Get-SPOTenantSyncClientRestriction.

Redirect and move Windows known folders to
OneDrive
This article is for IT admins managing the OneDrive sync client in a Windows Server enterprise environment that
uses Active Directory Domain Services.
There are two primary advantages of moving or redirecting Windows known folders (Desktop, Documents,
Pictures, Screenshots, and Camera Roll) to OneDrive for Business for the users in your domain:
Your users can continue using the folders they're familiar with. They don't have to change their daily work
habits to save files to OneDrive.
Saving files to OneDrive backs up your users' data in the cloud and gives them access to their files from
any device.
For these reasons, we recommend moving or redirecting known folders to OneDrive if you're an enterprise or
large organization. Small or medium businesses may also find this useful, but keep in mind you'll need some
experience with Group Policy. For info about the end-user experience, see Protect your files by saving them to
OneDrive.
About the Known Folder Move Group Policy objects

To use the following Group Policy objects, you need the OneDrive sync build 18.111.0603.0004 or later. You can
see your build number in the About tab in OneDrive settings. We recommend upgrading to the latest available
build before deploying to decrease deployment issues. Known Folder Move does not work for users syncing
OneDrive files in SharePoint Server.
IMPORTANT
The OneDrive Known Folder Move Group Policy objects won't work if you previously used Windows Folder Redirection
Group Policy objects to redirect the Documents, Pictures, or Desktop folders to a location other than OneDrive. Remove the
Windows Group Policy objects for these folders before you enable the OneDrive Group Policy objects. The OneDrive Group
Policy objects won't affect the Music and Videos folders, so you can keep them redirected with the Windows Group Policy
objects. For info about Windows Folder Redirection, see Deploy Folder Redirection with Offline Files.
If your organization is large and your users have a lot of files in their known folders, make sure you roll out the Group Policy
objects slowly to minimize the network impact of uploading files. For users who have a lot of files in their known folders,
consider using the policy "Limit the sync client upload rate to a percentage of throughput" temporarily if you would like to
minimize the network impact and then disable the policy once uploads are complete.
If users have OneNote notebooks in their known folders, the known folders won't be moved. For guidance on moving
OneNote notebooks to OneDrive, see Move a OneNote notebook to OneDrive.
Prompt users to move Windows known folders to OneDrive

Use this setting to give the users a call to action to move their Windows known folders.
If users dismiss the prompt, a reminder notification will appear in the activity center until they move all
known folders.
If a user has already redirected their known folders to a different OneDrive account, they'll be prompted to
direct the folders to the account for your organization (leaving existing files behind).
Silently move Windows known folders to OneDrive
Use this setting to redirect known folders to OneDrive without any user interaction. Before sync client build
18.171.0823.0001, this setting redirected only empty known folders to OneDrive. Now, it redirects known
folders that contain content and moves the content to OneDrive.
NOTE
You can choose to display a notification to users after their folders have been redirected.
A number of errors can prevent this setting from taking effect, such as:
A known folder contains an Outlook database file (.pst), or a OneNote file that isn't already stored in
OneDrive.
A known folder is on a different volume than the OneDrive folder.
A file exceeds the maximum path length
The known folders aren't in the default locations
A folder isn't selected for syncing
Folder protection is unavailable
Known folders are prohibited from being redirected
For info about these errors, see Fix problems with folder protection.
We recommend using this setting together with "Prompt users to move Windows known folders to
OneDrive." If moving the known folders silently does not succeed, users will be prompted to correct the
error and continue.
Prevent users from redirecting their Windows known folders to their PC
Use this setting to force users to keep their known folders directed to OneDrive.
NOTE
Users can direct their known folders by opening OneDrive sync client settings, clicking the Backup tab, and then
clicking Manage backup.
Prevent users from moving their Windows known folders to OneDrive

For info about using the OneDrive Group Policy objects, see Use Group Policy to control OneDrive sync client
settings.
B2B Sync
The OneDrive sync client now lets users sync libraries or folders in SharePoint or OneDrive that have been shared
from other organizations. This scenario is often referred to as Business-to-Business (B2B ) Collaboration. We’re
calling this new feature in the OneDrive sync client "B2B Sync".
IMPORTANT
This feature is not yet enabled for our customers in our Enterprise ring. Once build 19.086.* or newer is available to
Enterprise ring users, the B2B Sync feature will be enabled. See the release notes for rollout info.
Azure Active Directory (AAD ) guest accounts play a key role in making B2B Collaboration possible. A guest
account at one organization links to a member account at another organization. Once created, a guest account
allows Office 365 services like OneDrive and SharePoint to grant a guest permission to sites and folders the same
way a member within the organization is granted permission. Since the accounts at two organizations are linked,
the user only needs to remember the username and password for the account at their organization. As a result, a
single sign in to their account enables access to content from their own organization and from any other
organization that have created guest accounts for them.
IMPORTANT
We recommend that you sign up for the SharePoint and OneDrive integration with Azure AD B2B Preview to help ensure
that the required Azure AD guest account for the share recipient is created in your organization's directory.
B2B Sync requirements

For people outside your organization to sync shared libraries and folders:
External sharing must be enabled for your organization.
External sharing must be enabled for the site or OneDrive.
The content must be shared with people outside the organization at the site or folder level. If a folder is shared,
it must be through a link that requires sign-in.
Sharing recipients must have an Office 365 work or school account (in Azure AD ).
ADAL must not be enabled if using builds before 19.086.*.
This article gives an overview of the B2B Sync experience and describes these requirements in more detail.
Known issues with this release

On the Mac, Files On-Demand thumbnails will not display from external organization's sites. Thumbnails will
display correctly for files from the user's own organization.
On the Mac, if the guest account was created with a different email address format than the form they are using
with the sync client, the external site's content cannot be synced. For example, first.last@fabrikam.com vs
alias@fabrikam.com.
On the Mac, the external content may be placed on the local computer in the user's own organization's folder
instead of one with the external organization's name.
Overview of the B2B Sync experience
Here's an example of what happens after someone at "Contoso" shares a site or folder with someone at
"Fabrikam":
1. The Fabrikam recipient receives an email like the following.
2. When the recipient clicks the link in the email to go to the shared item, they need to click "Organizational
account" to sign in with their Fabrikam account. Behind the scenes, this creates the Contoso guest account in
Azure AD.
3. The recipient may need to enter their Fabrikam username or password, and then they can view the shared
item. If they don't want to sync everything that was shared, they can browse to the library or folder they
want to sync. To set up syncing, they need to click the Sync button.
4. The guest’s browser will display up a message asking if they want to open "Microsoft OneDrive," and they
will need to allow this.
5. If this is the first time the guest has used the sync client with their Fabrikam account, they'll need to sign in.
The email address will be automatically set to the Fabrikam account used in the previous steps. The guest
needs to select "Sign in."
6. The guest might be able to sign in to the sync client without entering their Fabrikam password if they're
signed in to Windows with the same account. Otherwise they'll need to enter their password.
7. The guest will confirm where they want to sync the shared item on their computer.
NOTE
The content is placed in a folder whose name includes the name of the organization ("SharePoint - Contoso" in this
example). If the user is syncing SharePoint content from Fabrikam as well, they'll also have a "SharePoint - Fabrikam"
folder.
8. The guest will continue through the OneDrive sync client setup wizard.
9. After closing the wizard, the site will begin syncing. The user can click the blue cloud icon in the notification
area to open the OneDrive sync activity center and see the files syncing, open the local folder with the files,
or open the SharePoint site in a web browser.
Enable external sharing for your organization

In order for users at your organization to be able to share with their partners at other organizations, external
sharing must be enabled at the organization level. To do this, you must be a global or SharePoint admin in Office
365. After you enable external sharing at the organization level, you can restrict it site by site. A site's settings can
be the same as the organization setting, or more restrictive, but not more permissive.
You can change your organization-level sharing settings in three different places (all three control the same thing):
In the Microsoft 365 admin center, under Settings > Services & add-ins > Sites. For more info, see Change the
organization-level external sharing setting
On the Sharing page in the OneDrive admin center
On the sharing page in the in the classic SharePoint admin center, where you can also specify detailed options.
For more info, see Additional settings.
IMPORTANT
If you allow “anyone” links (sometimes referred to as “anonymous access” or “shareable”), these links do not create guest
accounts and therefore the external share recipient will not be able to leverage B2B Sync when receiving that link type.
For more info, see External sharing overview.

Control external sharing
When you allow users to share content from your organization externally, you can use several features in Office
365 to manage who has access to the content. Office 365 admins and site owners can review permissions and
audit access to sites. For info, see Searching for site content shared with external users and Turn on external
sharing notifications. You can enable external sharing with only specific internet domains, or you can block specific
domains. For info, see Restricted domains sharing. You can also allow only members of specific security groups to
share externally. For info, see Turn external sharing on or off.
We recommend creating separate sites (site collections, not subsites) for each unit of work that you want to share
externally. This way, you can clearly annotate the sites to indicate that external users have access, and avoid
unintentional disclosure of information. For individual users sharing content from their OneDrive, we recommend
creating separate folders for different projects or collaboration groups. You can remove a guest's permission to a
site or folder, or you can delete the guest account to remove their permission from all of your organization’s
content.
IMPORTANT
Any synced content will remain on the user's computer after permissions have been removed.
Enable external sharing for a site

To view or change the sharing setting for any site, use the new SharePoint admin center.
1. Sign in to https://admin.microsoft.com as a global or SharePoint admin. (If you see a message that you
don't have permission to access the page, you don't have Office 365 administrator permissions in your
organization.)
NOTE
If you have Office 365 Germany, sign in at https://portal.office.de. If you have Office 365 operated by 21Vianet
(China), sign in at https://login.partner.microsoftonline.cn/. Then select the Admin tile to open the admin center.
2. In the left pane, under Admin centers, select SharePoint. (You might need to select Show all to see the
list of admin centers.)
3. If the classic SharePoint admin center appears, click Try it now to open the new SharePoint admin center
preview.
4. Under Sites, click Active sites, and customize the view as necessary to see the External sharing column.
5. If you need to, change the external sharing setting for a site.
Methods of sharing
Sites and folders can be shared in different ways in SharePoint and OneDrive:
If users are syncing a folder, they can right-click it in File Explorer to share it.
Users can go to the SharePoint site or folder on the web and click the Share button to share the it.
Users can share sites and folders in the SharePoint and OneDrive mobile apps.
Admins can create guest accounts and use the admin center or PowerShell to add them to sites.
NOTE
For more info about these methods, see Learn how to share a site and Learn how to share a folder.
B2B Sync works with all these methods of sharing. It has only the following requirements:
For guests to sync shared content, the content must be shared at the site or folder level. Guests can't sync files
that are shared individually (for example, from the Office apps).
B2B sync works only when guest accounts are created in the organization, and when the recipient has an Azure
AD account. It doesn't work when users share by creating an anonymous access link (also known as "anyone"
link or "shareable" link), or when they share with people who have a Microsoft account or other personal
account.
Add guests to SharePoint sites
As an admin in Office 365, you can share with people outside the organization by creating guests individually in
the Azure AD admin center, and then adding them to a SharePoint team site individually or by adding them to a
security group that already has permissions to the site you want to share. If you grant permissions by using the
advanced permissions page (instead of by using the Share site button), you'll need to inform the guest that you've
given them permission to the site. They won't receive an invitation email.
IMPORTANT
If you use the advanced permissions page, we recommend granting permissions at the site level, not at the document library
or folder level.
Use PowerShell to bulk create guest accounts and add them to a SharePoint group
If you need to create and grant permissions to many guest accounts, you can use the following PowerShell script,
which creates guest accounts and grants them permissions to a site. The script takes a CSV (comma separated
value) file as input, which contains a list of user display names and email addresses. For each name and email
address, a guest account is created and that account is added to a security group to grant it permission. The script
is designed so that you can feed the resulting output CSV as input to the script on a subsequent run. This lets you
add more users to your CSV file or retry creating any failed account.
As users are added to the Azure AD Group, they should receive an email welcoming them to the group. After
running the script, you'll need to email the users with a direct link to the SharePoint site you gave them
permissions to. When they click the link, they'll be presented with the below UI to accept the terms of the
invitation. Once they accept, they will be taken to the site you shared with them. At that point they can click the
Sync button to begin syncing the sites files to their PC or Mac.
# first line of InviteGuests.ps1 PowerShell script

# first line of InviteGuests.ps1 PowerShell script
# requires latest AzureADPreview
# Get-Module -ListAvailable AzureAD*
# Uninstall-Module AzureAD
# Uninstall-Module AzureADPreview
# Install-Module AzureADPreview
# customizable properties for this script
$csvDir = ''
$csvInput = $csvDir + 'BulkInvite.csv'
$csvOutput = $csvDir + 'BulkInviteResults.csv'
$domain = 'YourTenantOrganization.onmicrosoft.com'
$admin = "admin@$domain"
$redirectUrl = 'https://YourTenantOrganization.sharepoint.com/sites/SiteName/'
$groupName = 'SiteName'
# CSV file expected format (with the header row):

# Name,Email
# Jane Doe,jane@contoso.com
$csv = import-csv $csvInput
# will prompt for credentials for the tenantorganization admin account

# (who has permissions to send invites and add to groups)
Connect-AzureAD -TenantDomain $domain -AccountId $admin
$group = (Get-AzureADGroup -SearchString $groupName)
foreach ($row in $csv)

{
Try
{
if ((Get-Member -inputobject $row -name 'error') -and `
($row.error -eq 'success'))
{
$out = $row #nothing to do, user already invited and added to group
}
else
{
echo ("name='$($row.Name)' email='$($row.Email)'")
$inv = (New-AzureADMSInvitation -InvitedUserEmailAddress $row.Email -InvitedUserDisplayName

$row.Name `
-InviteRedirectUrl $redirectUrl -SendInvitationMessage $false)
$out = $row
$out|Add-Member -MemberType ScriptProperty -force -name 'time' -Value {$(Get-Date -Format u)}
$out|Add-Member -MemberType ScriptProperty -force -name 'status' -Value {$inv.Status}
$out|Add-Member -MemberType ScriptProperty -force -name 'userId' -Value {$inv.InvitedUser.Id}
$out|Add-Member -MemberType ScriptProperty -force -name 'redeemUrl' -Value {$inv.inviteRedeemUrl}
$out|Add-Member -MemberType ScriptProperty -force -name 'inviteId' -Value {$inv.Id}
# this will send a welcome to the group email

Add-AzureADGroupMember -ObjectId $group.ObjectId -RefObjectId $inv.InvitedUser.Id
$out|Add-Member -MemberType ScriptProperty -force -name 'error' -Value {'success'}

}
}
Catch
{
$err = $PSItem.Exception.Message
$out|Add-Member -MemberType ScriptProperty -force -name 'error' -Value {$err}
}
Finally
{
$out | export-csv -Path $csvOutput -Append
$out | export-csv -Path $csvOutput -Append
}
}
# for more information please see

# https://docs.microsoft.com/azure/active-directory/b2b/b2b-tutorial-bulk-invite
# end of InviteGuests.ps1 powershell script
For more info, see:

Redemption experience
Add user without invite
When a guest loses access to shared content

If a person’s guest account is deleted or their permission to shared content is removed, the sync client will display
an error.
A notification will appear indicating that the library can’t be synced.
The OneDrive icon in the notification area will show an error.
When the guest clicks the icon, they will see an error banner in the activity center.
When they click the “One or more libraries could not be synced” banner, they can learn how to resolve the issue.
Policy Setting to Prevent B2B Sync

The B2B Sync feature of the OneDrive sync client allows users at an organization to sync content shared with them
from another organization. If you wish to prevent users at your organization from being able to use B2B Sync, you
may set a policy value on your users' Windows PC or Mac to block external sync.
You only need to take these actions if you wish to prevent users at your organization from using the B2B Sync
feature (to prevent syncing libraries and folders shared from other organizations).
The new BlockExternalSync setting is described in the adm\OneDrive.admx and OneDrive.adml files installed as
part of the OneDrive sync product build 19.086.* or higher. If you use ADM to manage your OneDrive sync client
policies, import the new files as you normally would to see the new setting.
If you are using other management systems to deploy policies to your users' Windows PCs, use the equivalent of
the following command to prevent B2B Sync: reg add "HKLM\SOFTWARE\Policies\Microsoft\OneDrive" /v
BlockExternalSync /t REG_DWORD /d 1
On a Mac with the Apple Store version of OneDrive, use the equivalent of the following command to prevent B2B
Sync: defaults write com.microsoft.OneDrive-mac BlockExternalSync -bool YES
On a Mac with the Standalone version of OneDrive, use the equivalent of the following command to prevent B2B
Sync: defaults write com.microsoft.OneDrive BlockExternalSync -bool YES
How sync works
This article gives you an overview of how sync works in OneDrive. It helps you understand the logic behind how
information flows between applications, how the technologies work together, and how data is secured.
Download the PDF
How information flows
The OneDrive sync client uses Windows Push Notification Services (WNS ) to sync files in real time. WNS informs
the sync client whenever a change actually happens, eliminating redundant polling and saving on unnecessary
computing power.
Here’s how it works:
A change occurs in Office 365.
WNS alerts the OneDrive sync client of the change.
OneDrive adds it to the Internal Server Changes Queue.
Any metadata changes happen immediately, like renaming or deleting files.
Downloading content also starts a specific session with the client.
Office 365 has metadata pointers directing it through Microsoft Azure.
The changes are processed in the order they are received.
The previous OneDrive for Business sync client (Groove.exe) used a polling service to check for changes on a
predetermined schedule. Polling can lead to system lag and slowness because it requires a lot of computing power.
Using WNS is a significant enhancement.
Syncing different file types

OneDrive handles sync differently depending on the type of file.
For Office 2016 and Office 2019 files, OneDrive collaborates directly with the specific apps to ensure data are
transferred correctly. If the Office desktop app is running, it will handle the syncing. If it is not running, OneDrive
will.
For other types of files and folders, items smaller than 8 MB are sent inline in a single HTTPS request. Anything 8
MB or larger is divided into file chunks and sent separately one at a time through a Background Intelligent Transfer
Service (BITS ) session. Other changes are batched together into HTTPS requests to the server.
The underlying technologies

The OneDrive sync client uses the following to sync files:
To find new changes and upload information: Microsoft-my.shareppoint.com/personal//_api/SPFileSync.svc
To download items: Microsoft-
my.shareppoint.com/personal/<useraccount_company_com>/_layouts/15/download.aspx
To discover the sites and organizations a user can access: odc.officeapps.live.com
Security and encryption

File chunks are stored in multiple containers in Azure, each of which is given a unique key. Each key is required to
reassemble the complete file. There’s also a separate master key encrypting each file chunk key, ensuring the data
remain secure even when not moving.
Use Group Policy to control OneDrive sync client
settings
This article is for IT admins who manage the new OneDrive sync client in a Windows Server enterprise
environment that uses Active Directory Domain Services (AD DS ).
NOTE
If you're not an IT admin, see Sync files with the new OneDrive sync client in Windows for info about OneDrive sync settings.
Manage OneDrive using Group Policy

1. Install the OneDrive sync client for Windows. (To see which builds are releasing and download builds, go to
the release notes.) Installing the sync client downloads the .adml and .admx files.
2. Browse to %localappdata%\Microsoft\OneDrive\BuildNumber\adm, to the subfolder for your language as
necessary.
(Where BuildNumber is the number displayed in sync client settings on the About tab.)
3. Copy the .adml and .admx files.

4. Paste the .admx file in your domain's Central Store, \domain\sysvol\domain\Policies\PolicyDefinitions
(where domain is your domain name, such as corp.contoso.com), and the .adml in the appropriate
language subfolder (such as en-us). If the PolicyDefinitions folder does not exist, see How to create and
manage the Central Store for Group Policy Administrative Templates in Windows.
5. Configure settings from the domain controller or on a Windows computer by running the Remote Server
Administration Tools.
6. Link the Group Policy objects to an Active Directory container (site, domain, or organizational unit). For
info, see Link Group Policy objects to Active Directory containers.
7. Use security filtering to narrow the scope of a setting. By default, a setting is applied to all user and
computer objects within the container to which it's linked, but you can use security filtering to narrow the
scope of the policy's application to a subset of users or computers. For info, see Filtering the scope of a
GPO.
The OneDrive Group Policy objects work by setting registry keys on the computers in your domain.
When you enable or disable a setting, the corresponding registry key is updated on computers in your
domain. If you later change the setting back to Not configured, the corresponding registry key is not
modified and the change does not take effect. So after you configure a setting, set it to Enabled or
Disabled going forward.
The location where registry keys are written has been updated. When you use the latest files, you might
delete registry keys that you set previously.
NOTE
For information about storage see OneDrive Files On-Demand and Storage Sense for Windows 10 and Policy CSP - Storage.
List of policies
Allow syncing OneDrive accounts for only specific organizations
Allow users to choose how to handle Office file sync conflicts
Block syncing OneDrive accounts for specific organizations
Coauthor and share in Office desktop apps
Configure team site libraries to sync automatically
Continue syncing on metered networks
Continue syncing when devices have battery saver mode turned on
Convert synced team site files to online-only files
Disable the tutorial that appears at the end of OneDrive Setup
Limit the sync client download speed to a fixed rate
Limit the sync client upload rate to a percentage of throughput
Limit the sync client upload speed to a fixed rate
Prevent the sync client from generating network traffic until users sign in
Prevent users from changing the location of their OneDrive folder
Prevent users from fetching files remotely
Prevent users from syncing libraries and folders shared from other organizations
Prevent users from syncing personal OneDrive accounts
Receive OneDrive sync client updates on the Enterprise ring
Require users to confirm large delete operations
Set the default location for the OneDrive folder
Set the maximum size of a user's OneDrive that can download automatically
Set the sync client update ring
Silently sign in users to the OneDrive sync client with their Windows credentials
Use OneDrive Files On-Demand
NOTE
"Specify SharePoint Server URL and organization name" and "Specify the OneDrive location in a hybrid environment" are for
customers who have SharePoint Server 2019. More info about using the new OneDrive sync client with SharePoint Server
2019
Computer Configuration policies

Computer Configuration policies can be found under Computer Configuration\Policies\Administrative
Templates\OneDrive.
Allow syncing OneDrive accounts for only specific organizations

This setting lets you prevent users from easily uploading files to other organizations by specifying a list of allowed
tenant IDs.
If you enable this setting, users will get an error if they attempt to add an account from an organization that is not
allowed. If a user has already added the account, the files will stop syncing.
In the Options box, click Show to enter the tenant ID.
This policy sets the following registry key.
[HKLM\SOFTWARE\Policies\Microsoft\OneDrive\AllowTenantList] "1111-2222-3333-4444"
(where "1111-2222-3333-4444" is the tenant ID )
This setting will take priority over Block syncing OneDrive accounts for specific organizations. Do not enable both
settings at the same time.
Block syncing OneDrive accounts for specific organizations
This setting lets you prevent users from easily uploading files to another organization by specifying a list of
blocked tenant IDs.
If you enable this setting, users will get an error if they attempt to add an account from an organization that is
blocked. If a user has already added the account, the files will stop syncing.
In the Options box, click Show to enter the tenant ID.
This policy sets the following registry key.
[HKLM\SOFTWARE\Policies\Microsoft\OneDrive\BlockTenantList] "1111-2222-3333-4444"
This setting will NOT work if you have Allow syncing OneDrive accounts for only specific organizations enabled.
Do not enable both settings at the same time.
Convert synced team site files to online -only files
This setting lets you convert synced SharePoint files to online-only files when you enable OneDrive Files On-
Demand. If you have many PCs syncing the same team site, enabling this setting helps you minimize network
traffic and local storage usage.
If you enable this setting, files in currently syncing team sites will be changed to online-only files by default. Files
later added or updated in the team site will also be downloaded as online-only files. To use this setting, the
computer must be running Windows 10 Fall Creators Update (version 1709) or later, and OneDrive Files On-
Demand must be enabled. This feature is not enabled for on-premises SharePoint sites.
Enabling this policy sets the following registry key value to 1.
[HKLM\SOFTWARE\Policies\Microsoft\OneDrive]"DehydrateSyncedTeamSites"="dword:00000001"
For info about querying and setting file and folder states, see Set Files On-Demand states.
This setting lets you balance the performance of different upload tasks on a computer by specifying the
percentage of the computer's upload throughput that the OneDrive sync client (OneDrive.exe) can use to upload
files. Setting this as a percentage lets the sync client respond to both increases and decreases in throughput. The
lower the percentage you set, the slower files will upload. We recommend a value of 50% or higher. The sync
client will periodically upload without restriction for one minute and then slow down to the upload percentage
you set. This lets small files upload quickly while preventing large uploads from dominating the computer’s
upload throughput. We recommend enabling this setting temporarily when you roll out Silently move Windows
known folders to OneDrive or Prompt users to move Windows known folders to OneDrive to control the network
impact of uploading known folder contents.
NOTE
The maximum throughput value detected by the sync client can sometimes be higher or lower than expected because of the
different traffic throttling mechanisms that your Internet Service Provider (ISP) might use.
For info about estimating the network bandwidth you need for sync, see Network utilization planning for the OneDrive sync
client.
If you enable this setting, and enter a percentage (from 10-99) in the Bandwidth box, computers will use the
percentage of upload throughput that you specify when uploading files to OneDrive, and users will not be able to
change it.
Enabling this policy sets the following registry key value. For example:
[HKLM\SOFTWARE\Policies\Microsoft\OneDrive]"AutomaticUploadBandwidthPercentage"="dword:00000032"
The above registry key sets the upload throughput percentage to 50%, using the hexadecimal value for 50, which
is 00000032.
If you disable or do not configure this setting, users can choose to limit the upload rate to a fixed value (in
KB/second), or set it to "Adjust automatically," which sets the upload rate to 70% of throughput. For info about the
end-user experience, see Change the OneDrive sync client upload or download rate.
IMPORTANT
If you enable or disable this setting, and then change it back to Not Configured, the last configuration will remain in effect.
We recommend enabling this setting instead of "Limit the sync client upload speed to a fixed rate" to limit the upload rate.
You should not enable both settings at the same time.
Prevent the sync client from generating network traffic until users sign in
This setting lets you block the OneDrive sync client (OneDrive.exe) from generating network traffic (checking for
updates, etc.) until users sign in to OneDrive or start syncing files on their computer.
If you enable this setting, users must sign in to the OneDrive sync client on their computer, or select to sync
OneDrive or SharePoint files on the computer, for the sync client to start automatically.
If you disable or do not configure this setting, the OneDrive sync client will start automatically when users sign in
to Windows.
IMPORTANT
If you enable or disable this setting, and then change it back to Not Configured, the last configuration will remain in effect.

[HKLM\SOFTWARE\Policies\Microsoft\OneDrive]"PreventNetworkTrafficPreUserSignIn"="dword:00000001"
Prevent users from fetching files remotely
This setting lets you block users from using the fetch feature when they’re signed in to the OneDrive sync client
(OneDrive.exe) with their personal OneDrive account. The fetch feature lets users go to OneDrive.com, select a
Windows computer that's currently online and running the OneDrive sync client, and access all files from that
computer. By default, users can use the fetch feature.
If you enable this setting, users will be prevented from using the fetch feature.
[HKLM\SOFTWARE\Policies\Microsoft\OneDrive\Remote Access] "GPOEnabled"="dword:00000001"
If you disable or do not configure both this setting and Prevent users from syncing personal OneDrive accounts,
users can use the fetch feature. For more info about fetching files, see Fetch files on your PC.
This setting prevents users from moving their Documents, Pictures, and Desktop folders to any OneDrive for
Business account.
NOTE
Moving known folders to personal OneDrive accounts is already blocked on domain-joined PCs.
If you enable this setting, users won't be prompted with a window to protect their important folders, and the
"Start protection" command will be disabled. If the user has already moved their known folders, the files in those
folders will remain in OneDrive. This setting will not take effect if you've enabled "Prompt users to move
Windows known folders to OneDrive" or "Silently move Windows known folders to OneDrive."
If you disable or do not configure this setting, users can choose to move their known folders.
[HKLM\SOFTWARE\Policies\Microsoft\OneDrive]"KFMBlockOptIn"="dword:00000001"
This setting forces users to keep their Documents, Pictures, and Desktop folders directed to OneDrive.
NOTE
This setting is available in the OneDrive sync client build 18.111.0603.0004 or later.
If you enable this setting, the "Stop protecting" button in the "Set up protection of important folders" window will
be disabled and users will receive an error if they try to stop syncing a known folder.
If you disable or do not configure this setting, users can choose to redirect their known folders back to their PC.
Enabling this policy sets the following registry key:
[HKLM\SOFTWARE\Policies\Microsoft\OneDrive]"KFMBlockOptOut"="dword:00000001"
This setting displays the following window that prompts users to move their Documents, Pictures, and Desktop
folders to OneDrive.
NOTE
This setting is available in the OneDrive sync client build 18.111.0603.0004 or later.
If you enable this setting and provide your tenant ID, users who are syncing their OneDrive will see the window
above when they're signed in. If they close the window, a reminder notification will appear in the activity center
until they move all three known folders. If a user has already redirected their known folders to a different
OneDrive account, they will be prompted to direct the folders to the account for your organization (leaving
existing files behind).
If you disable or do not configure this setting, the window that prompts users to protect their important folders
won't appear.
[HKLM\SOFTWARE\Policies\Microsoft\OneDrive]"KFMOptInWithWizard"="1111-2222-3333-4444"
More info about known folder move
Require users to confirm large delete operations
This setting makes users confirm that they want to delete files in the cloud when they delete a large number of
synced files.
If you enable this setting, a warning will always appear when users delete a large number of synced files. If a user
does not confirm a delete operation within 7 days, the files will not be deleted.
If you disable or do not configure this setting, users can choose to hide the warning and always delete files in the
cloud.
[HKLM\SOFTWARE\Policies\Microsoft\OneDrive]"ForcedLocalMassDeleteDetection"="dword:00000001"
Set the maximum size of a user's OneDrive that can download automatically
This setting is used in conjunction with Silently sign in users to the OneDrive sync client with their Windows
credentials on devices that don't have OneDrive Files On-Demand enabled. Any user who has a OneDrive that's
larger than the specified threshold (in MB ) will be prompted to choose the folders they want to sync before the
OneDrive sync client (OneDrive.exe) downloads the files.
In the Options box, click Show to enter the tenant ID and the maximum size in MB (from 0 to 4294967295). The
default value is 500.
Enabling this policy sets the following registry key.
[HKLM\SOFTWARE\Policies\Microsoft\OneDrive\DiskSpaceCheckThresholdMB ]"1111-2222-3333-
4444"=dword:0005000
(where "1111-2222-3333-4444" is the tenant ID and 0005000 sets a threshold of 5000 MB )
Set the sync client update ring
We release OneDrive sync client (OneDrive.exe) updates to the public through three rings- first to Insiders, then
Production, and finally Enterprise. This setting lets you specify the ring for users in your organization. When you
enable this setting and select a ring, users won't be able to change it.
Insiders ring users will receive builds that let them preview new features coming to OneDrive.
Production ring users will get the latest features as they become available. This ring is the default.
Enterprise ring users get new features, bug fixes, and performance improvements last. This ring lets you deploy
updates from an internal network location and control the timing of the deployment (within a 60-day window ).
If you disable or do not configure this setting, users can join the Windows Insider program or the Office Insider
program to get updates on the Insiders ring.
[HKLM\SOFTWARE\Policies\Microsoft\OneDrive]"GPOSetUpdateRing"="dword:0000000X"
Set the value 4 for Insider, 5 for Production, or 0 for Enterprise. Note that when you configure this setting to 5 for
Production, or 0 for Enterprise, the "Get OneDrive Insider preview updates before release" checkbox will not
appear on the client Settings > About tab.
For more info on the builds currently available in each ring, see the release notes. For more info about the update
rings and how the sync client checks for updates, see The OneDrive sync client update process.
Use this setting to redirect your users' Documents, Pictures, and Desktop folders to OneDrive without any user
interaction. This setting is available in the OneDrive sync client build 18.111.0603.0004 or later. Before sync client
build 18.171.0823.0001, this setting redirected only empty known folders to OneDrive. Now, it redirects known
folders that contain content and moves the content to OneDrive.
NOTE
If you're using this setting with a build earlier than 18.171.0823.0001, we recommend also enabling Prompt users to move
Windows known folders to OneDrive.
If you enable this setting and provide your tenant ID, you can choose whether to display a notification to users
after their folders have been redirected.
If you disable or do not configure this setting, your users' known folders will not be silently redirected to
OneDrive.
Enabling this policy sets the following registry keys:
[HKLM\SOFTWARE\Policies\Microsoft\OneDrive]"KFMSilentOptIn"="1111-2222-3333-4444"
[HKLM\SOFTWARE\Policies\Microsoft\OneDrive]"KFMSilentOptInWithNotification"
Setting this value to 1 displays a notification after successful redirection.
More info about known folder move
Silently sign in users to the OneDrive sync client with their Windows credentials
IMPORTANT
ADAL is now enabled automatically when you enable this setting through Group Policy or by using the registry key, so you
don't have to download and enable it separately.
If you enable this setting, users who are signed in on a PC that's joined to Azure AD can set up the sync client
without entering their account credentials. Users will still be shown OneDrive Setup so they can select folders to
sync and change the location of their OneDrive folder. If a user is using the previous OneDrive for Business sync
client (Groove.exe), the new sync client will attempt to take over syncing the user's OneDrive from the previous
client and preserve the user's sync settings. This setting is frequently used together with Set the maximum size of
a user's OneDrive that can download automatically on PCs that don't have Files On-Demand, and with Set the
default location for the OneDrive folder.
[HKLM\SOFTWARE\Policies\Microsoft\OneDrive]"SilentAccountConfig"="dword:00000001"
For more info about this feature, see Silently configure user accounts. Please let us know if you have feedback on
this feature or encounter any issues. Right-click the OneDrive icon in the notification area and click "Report a
problem." Please tag any feedback with "SilentConfig" so that your feedback will be sent directly to engineers
working on this feature.
Use OneDrive Files On-Demand
This setting lets you control whether OneDrive Files On-Demand is enabled for your organization. Files On-
Demand helps you save storage space on your users' computers and minimize the network impact of sync. The
feature is available to users running Windows 10 Fall Creators update (version 1709 or later). Learn about
OneDrive Files On-Demand.
If you enable this setting, new users who set up the sync client will download online-only files by default. If you
disable this setting, Windows 10 users will have the same sync behavior as users of previous versions of
Windows, and won't be able to turn on Files On-Demand. If you do not configure this setting, users can turn Files
On-Demand on or off.
[HKLM\SOFTWARE\Policies\Microsoft\OneDrive]"FilesOnDemandEnabled"="dword:00000001"
Meet Windows and OneDrive sync client requirements and still can't see Files On-Demand option available at
"Settings"? Make sure service "Windows Cloud Files Filter Driver" start type is set to 2 (AUTO_START). Enabling
this feature sets the following registry key value to 2.
[HKLM\SYSTEM\CurrentControlSet\Services\CldFlt]"Start"="dword:00000002"
Prevent users from syncing libraries and folders shared from other organizations
The B2B Sync feature of the OneDrive sync client allows users at an organization to sync OneDrive for Business
and SharePoint libraries and folders shared with them from another organization. Learn about OneDrive B2B
Sync.
Enabling this setting will prevent users at your organization from being able to use B2B Sync. Once the setting is
enabled (value 1) on a computer, the sync client will not sync libraries and folders shared from other
organizations. Modify the setting to the disabled state (value 0) in order to restore B2B Sync capability for your
users.
prevent B2B Sync with: [HKLM\SOFTWARE\Policies\Microsoft\OneDrive] "BlockExternalSync"="dword:1"
restore B2B Sync with: [HKLM\SOFTWARE\Policies\Microsoft\OneDrive] "BlockExternalSync"="dword:0"
User Configuration policies

User Configuration policies can be found under User Configuration\Policies\Administrative Templates\OneDrive.
Allow users to choose how to handle Office file sync conflicts

This setting specifies what happens when conflicts occur between Office file versions during sync. By default,
users can decide if they want to merge changes or keep both copies. Users can also change settings in the
OneDrive sync client to always keep both copies. (This option is available for Office 2016 or later only. With
earlier versions of Office, both copies are always kept.)
If you enable this setting, users can decide if they want to merge changes or keep both copies. Users can also
configure the sync client to always fork the file and keep both copies as shown below.
[HKCU\SOFTWARE\Policies\Microsoft\OneDrive] "EnableHoldTheFile"="dword:00000001"
If you disable this setting, the Sync conflicts setting on the Office tab will be disabled and when a sync conflict
occurs, both copies of the file will be kept.
You must enable Coauthor and share in Office desktop apps to enable this setting. For more info about the Office
settings in the sync client, see Use Office 2016 to sync Office files that I open.
Continue syncing on metered networks
This setting lets you turn off the auto-pause feature when devices connect to metered networks.
If you enable this setting, syncing will continue when devices are on a metered network. OneDrive will not
automatically pause syncing.
If you disable or do not configure this setting, syncing will pause automatically when a metered network is
detected and a notification will be displayed. Users can choose not to pause by clicking "Sync Anyway" in the
notification. When syncing is paused, users can resume syncing by clicking the OneDrive cloud icon in the
notification area of the taskbar and then clicking the alert at the top of the activity center.
[HKCU\SOFTWARE\Policies\Microsoft\OneDrive] "DisablePauseOnMeteredNetwork"=dword:00000001
Continue syncing when devices have battery saver mode turned on
This setting lets you turn off the auto-pause feature for devices that have battery saver mode turned on.
If you enable this setting, syncing will continue when users turn on battery saver mode. OneDrive will not
automatically pause syncing.
If you disable or do not configure this setting, syncing will pause automatically when battery saver mode is
detected and a notification will be displayed. Users can choose not to pause by clicking "Sync Anyway" in the
notification. When syncing is paused, users can resume syncing by clicking the OneDrive cloud icon in the
notification area of the taskbar and then clicking the alert at the top of the activity center.
[HKCU\SOFTWARE\Policies\Microsoft\OneDrive] "DisablePauseOnBatterySaver"=dword:00000001
Coauthor and share in Office desktop apps
This setting lets multiple users use the Office 365 ProPlus, Office 2019, or Office 2016 desktop apps to
simultaneously edit an Office file stored in OneDrive. It also lets users share files from the Office desktop apps.
If you enable this setting, the Office tab will appear in OneDrive sync settings, and "Use Office 2016 to sync Office
files that I open" will be selected by default.
Enabling this policy sets the following registry key value to 1:

[HKCU\SOFTWARE\Policies\Microsoft\OneDrive] "EnableAllOcsiClients"="dword:00000001"
If you disable this setting, the Office tab is hidden in the sync client, and coauthoring and in-app sharing for
Office files is disabled. The Users can choose how to handle Office files in conflict setting will act as disabled
and when file conflicts occur, both copies of the file will be kept. For more info about the settings in the sync client,
see Use Office 2016 to sync Office files that I open.
Configure team site libraries to sync automatically
This setting allows you to specify SharePoint team site libraries to sync automatically the next time users sign in to
the OneDrive sync client (OneDrive.exe), within an eight-hour window, to help distribute network load. To use this
setting, the computer must be running Windows 10 Fall Creators Update (version 1709) or later, and OneDrive
Files On-Demand must be enabled. This feature is not enabled for on-premises SharePoint sites.
IMPORTANT
Do not enable this setting for libraries with more than 5,000 files or folders. Do not enable this setting for the same library
to more than 1,000 devices.
If you enable this setting, the OneDrive sync client will automatically sync the contents of the libraries you
specified as online-only files the next time the user signs in. The user won't be able to stop syncing the libraries.
If you disable this setting, team site libraries that you've specified won't be automatically synced for new users.
Existing users can choose to stop syncing the libraries, but the libraries won't stop syncing automatically.
To configure the setting, in the Options box, click Show, and then enter a friendly name to identify the library in
the Value Name field and the entire library ID
(tenantId=xxx&siteId=xxx&webId=xxx&listId=xxx&webUrl=httpsxxx&version=1) in the Value field.
To find the library ID, sign in as a global or SharePoint admin in Office 365, browse to the library, and click the
Sync button. In the "Starting sync" dialog box, click the Copy library ID link.
Enabling this policy sets the following registry key, using the entire URL from the library you copied:
[HKCU\Software\Policies\Microsoft\OneDrive\TenantAutoMount]"LibraryName"="LibraryID"
Disable the tutorial that appears at the end of OneDrive Setup
This setting lets you prevent the tutorial from launching in a web browser at the end of OneDrive Setup.
If you enable this setting, users will not see the tutorial after they complete OneDrive Setup.
[HKCU\SOFTWARE\Policies\Microsoft\OneDrive] "DisableTutorial"="dword:00000001"
This setting lets you configure the maximum speed at which the OneDrive sync client (OneDrive.exe) can
download files. This rate is a fixed value in kilobytes per second, and applies only to syncing, not to downloading
updates. The lower the rate, the slower files will download.
We recommend that you use this setting in cases where Files On-Demand is NOT enabled and where strict traffic
restrictions are required, such as when you initially deploy the sync client in your organization or enable syncing
of team sites. We don't recommend that you use this setting on an ongoing basis because it will decrease sync
client performance and negatively impact the user experience. After initial sync, users typically sync only a few
files at a time, and it doesn't have a significant effect on network performance. If you enable this setting,
computers will use the maximum download rate that you specify, and users will not be able to change it.
If you enable this setting, enter the rate (from 1 to 100000) in the Bandwidth box. The maximum rate is 100000
KB/s. Any input lower than 50 KB/s will set the limit to 50 KB/s, even if the UI shows a lower value.
If you disable or do not configure this setting, the download rate is unlimited and users can choose to limit it in
OneDrive sync client settings. For info about the end-user experience, see Change the OneDrive sync client
upload or download rate.
Enabling this policy sets the following registry key value to a number from 50 through 100,000. For example:
[HKCU\SOFTWARE\Policies\Microsoft\OneDrive] "DownloadBandwidthLimit"="dword:00000032"
The above registry key sets the download throughput rate limit to 50KB/sec, using the hexadecimal value for 50,
which is 00000032.
NOTE
OneDrive.exe must be restarted on users' computers to apply this setting.
For info about estimating the network bandwidth you need for sync, see Network utilization planning for the
OneDrive sync client.
This setting lets you configure the maximum speed at which the OneDrive sync client (OneDrive.exe) can upload
files. This rate is a fixed value in kilobytes per second. The lower the rate, the slower the computer will upload files.
If you enable this setting and enter the rate (from 1 to 100000) in the Bandwidth box, computers will use the
maximum upload rate that you specify, and users will not be able to change it in OneDrive settings. The maximum
rate is 100000 KB/s. Any input lower than 50 KB/s will set the limit to 50 KB/s, even if the UI shows a lower value.
If you disable or do not configure this setting, users can choose to limit the upload rate to a fixed value (in
KB/second), or set it to "Adjust automatically" which sets the upload rate to 70% of throughput. For info about the
end-user experience, see Change the OneDrive sync client upload or download rate.
We recommend that you use this setting only used in cases where strict traffic restrictions are required. In
scenarios where you need to limit the upload rate (such as when you roll out Known Folder Move), we
recommend enabling Limit the sync client upload rate to a percentage of throughput to set a limit that adjusts to
changing conditions. You should not enable both settings at the same time.
Enabling this policy sets the following registry key value to a number from 50 through 100,000. For example:
[HKCU\SOFTWARE\Policies\Microsoft\OneDrive]"UploadBandwidthLimit"="dword:00000032"
The above registry key sets the upload throughput rate limit to 50KB/sec, using the hexadecimal value for 50,
which is 00000032.
NOTE
OneDrive.exe must be restarted on users' computers to apply this setting.
For info about estimating the network bandwidth you need for sync, see Network utilization planning for the
OneDrive sync client.
Prevent users from changing the location of their OneDrive folder
This setting lets you block users from changing the location of the OneDrive folder on their computer.
To use this setting, in the Options box, click Show to enter your tenant ID, and enter 1 to enable the setting or 0
to disable it.
If you enable this setting, the “Change location” link is hidden in OneDrive Setup. The OneDrive folder will be
created in the default location, or in the custom location you specified if you enabled Set the default location for
the OneDrive folder.
[HKCU\Software\Policies\Microsoft\OneDrive\DisableCustomRoot] "1111-2222-3333-
4444"="dword:00000001"
If you disable this setting, users can change the location of their sync folder in OneDrive Setup.
Prevent users from syncing personal OneDrive accounts
This setting lets you block users from signing in with a Microsoft account to sync their personal OneDrive files. By
default, users are allowed to sync personal OneDrive accounts.
If you enable this setting, users will be prevented from setting up a sync relationship for their personal OneDrive
account. Users who are already syncing their personal OneDrive when you enable this setting won’t be able to
continue syncing (and will be shown a message that syncing has stopped), but any files synced to the computer
will remain on the computer.
[HKCU\SOFTWARE\Policies\Microsoft\OneDrive]"DisablePersonalSync"="dword:00000001"
Receive OneDrive sync client updates on the Enterprise ring
This setting lets you specify the Enterprise ring for users in your organization. We release OneDrive sync client
(OneDrive.exe) updates to the public through three rings— first to Insiders, then Production, and finally
Enterprise.
Selecting the Enterprise ring gives you some extra time to prepare for updates, but means users will need to wait
to receive the latest improvements. The Enterprise ring also lets you deploy updates from an internal network
location on your own schedule.
Enabling this policy sets the following registry key value to 1:
[HKCU\SOFTWARE\Policies\Microsoft\OneDrive] "EnableEnterpriseUpdate"="dword:00000001"
IMPORTANT
This setting will be removed soon. We recommend using the new setting Set the sync client update ring instead.
For more info about the update rings and how the sync client checks for updates, see The OneDrive sync client
update process.
Set the default location for the OneDrive folder
This setting lets you set a specific path as the default location of the OneDrive folder on users' computers. By
default, the path is under %userprofile%.
If you enable this setting, the default location of the OneDrive - {organization name} folder will be the path that
you specify. Click Show in the Options box to specify your tenant ID and the path.
This policy sets the following registry key to a string that specifies the file path.
[HKCU\SOFTWARE\Policies\Microsoft\OneDrive\DefaultRootDir] "1111-2222-3333-4444"="{User path}"
If you disable this setting, the local OneDrive - {organization name} folder location will default to %userprofile%.
NOTE
The %logonuser% environment variable won't work through Group Policy. We recommend you use %username% instead.
See also
Deploy the new OneDrive sync client in an enterprise environment
Prevent users from installing the sync client
Allow syncing only on computers joined to specific domains
Block syncing of specific file types
Deploy and configure the new OneDrive sync client for Mac
Find your Office 365 tenant ID
Your Office 365 tenant ID is a globally unique identifier (GUID ) that is different than your organization name or
domain. You might need this identifier when you configure Group Policy objects for OneDrive.
To find your Office 365 tenant ID in the Azure AD admin center
1. Sign in to the Azure Active Directory admin center as a global or user management admin.
2. Under Manage, select Properties. The tenant ID is shown in the Directory ID box.
NOTE
For info about finding your tenant ID by using PowerShell instead, first read Azure Active Directory PowerShell for Graph
and then use Get-AzureADTenantDetail.
Use the sync client on virtual desktops
For all supported operating systems, the OneDrive sync client supports:
Virtual desktops that persist between sessions.
Non-persistent environments that use Windows Virtual Desktop preview.
The sync client also supports non-persistent environments that have FSLogix Apps 2.8 or later, FSLogix Office 365
Container, and a Microsoft 365 or Office 365 subscription for all of the following operating systems:
Windows 10, 32 or 64-bit (supports VHDX files)
Windows 7, 32 or 64-bit (supports VHD files)
Windows Server 2016 R2 or Windows Server 2012 R2 (both support VHDX)
Windows Server 2008 R2 (supports VHD )
Using the OneDrive sync client with non-persistent environments requires that you install the sync client per
machine.
NOTE
For Windows Server, the SMB network file sharing protocol is also required.
See also
Learn more about VHDX and VHD
For info about creating virtual hard disks, see Manage virtual hard disks
Deploy and configure the new OneDrive sync client for Mac
This article is for IT administrators managing OneDrive for Business settings in work or school environments. If you're not an IT administrator, read Get
started with the new OneDrive sync client on Mac OS X.
Manage OneDrive settings on macOS using property list (Plist) files

Use the following keys to preconfigure or change settings for your users. The keys are the same whether you run the store edition or the standalone edition
of the sync client, but the property list file name and domain name will be different. When you apply the settings, make sure to target the appropriate
domain depending on the edition of the sync client.
STANDALONE MAC APP STORE
PList Location ~/Library/Preferences/com.microsoft.OneDrive.plist ~/Library/Containers/com.microsoft.OneDrive-

mac/Data/Library/Preferences/com.microsoft.OneDrive-
mac.plist
Domain com.microsoft.OneDrive com.microsoft.OneDrive-mac
Deploy the sync client settings

Deploy the settings on macOS in the typical way:
1. Quit the OneDrive application.
2. Define the settings you want to change by creating a Plist with the values, or use a script to set the default values.
3. Deploy the settings onto the local computer.
4. Refresh the preferences cache.
On the next start of OneDrive, the new settings will be picked up.
Overview of settings
The following table lists all the settings that are currently exposed for the OneDrive sync client. You need to configure the parameters in parentheses.
SETTING DESCRIPTION PARAMETERS EXAMPLE PLIST ENTRY
Disable personal accounts Blocks users from signing in and syncing DisablePersonalSync (Bool): When set to <key>DisablePersonalSync</key>
files in personal OneDrive accounts. If true, this parameter prevents users from <(Bool)/>
this key is set after a user has set up adding or syncing personal accounts.
sync with a personal account, the user
will be signed out.
Default folder location Specifies the default location of the TenantID (String): TenantID determines <key>Tenants</key>
OneDrive folder for each organization which accounts the default folder <dict>
location setting should apply to. Find <key>(TenantID)</key>
your Office 365 tenant ID <dict>
DefaultFolderPath (String): DefaultFolder <key>DefaultFolder</key>
specifies the default folder location. <string>(DefaultFolderPath)</string>
Mac App Store: </dict>
The path must already exist when users </dict>
set up the sync client.
Standalone:
The path will be created on users'
computers if it doesn't already exist.
Only with the Standalone sync client can
you prevent users from changing the
location.
Automatic upload bandwidth Enables the sync client to automatically AutomaticUploadBandwidthPercentage <key>AutomaticUploadBandwidthPerce
percentage set the amount of bandwidth used (int): This parameter determines the ntage</key>
based on available bandwidth for percentage of local upload bandwidth <int>(Bandwidth)</int>
uploading files that the sync client can use. Accepted
values are from 1 through 99.
Set maximum upload throughput Sets the maximum upload throughput UploadBandwidthLimited (int): This <key>UploadBandwidthLimited</key>
rate in kilobytes (KB)/sec for computers parameter determines the upload <int>(Upload Throughput Rate in
running the OneDrive sync client throughput in KB/sec that the sync KB/sec)</int>
client can use. The minimum rate is 50
KB/sec and the maximum rate is
100,000 KB/sec.
Set maximum download throughput Sets the maximum download DownloadBandwidthLimited (int): This <key>DownloadBandwidthLimited</key
throughput rate in kilobytes (KB)/sec for parameter determines the download >
computers running the OneDrive sync throughput in KB/sec that the sync <int>(Download Throughput Rate in
client client can use. The minimum rate is 50 KB/sec)</int>
KB/sec and the maximum rate is
100,000 KB/sec.
Dock icon Specifies whether a dock icon for HideDockIcon (Bool): When set to true, <key>HideDockIcon</key>
OneDrive is shown this parameter hides the OneDrive dock <(Bool)/>
icon even when the application is
running.
Open at login Specifies whether OneDrive starts OpenAtLogin (Bool): When set to true, <key>OpenAtLogin</key>
automatically when the user logs in OneDrive will start automatically when <(Bool)/>
the user logs in on the Mac.
Enable Files On-Demand Specifies whether Files On-Demand is FilesOnDemandEnabled (Bool): When set <key>FilesOnDemandEnabled</key>
enabled. If you don't set this setting, to true, new users who set up the sync <(Bool)/>
Files On-Demand will be enabled client will download online-only files by
automatically as we roll out the feature, default. When set to false, Files On-
and users can turn the setting on or off Demand will be disabled and users won't
be able to turn it on.
Disable download toasts Prevents toasts from appearing when DisableHydrationToast (Bool): When set <key>DisableHydrationToast</key>
applications cause file contents to be to true, toasts will not appear when <(Bool)/>
downloaded applications trigger the download of file
contents.
Block apps from downloading online- Prevents applications from automatically HydrationDisallowedApps (String): Json <key>HydrationDisallowedApps </key>
only files downloading online-only files. You can in the following format <string>
use this setting to lock down [{"ApplicationId":"appId","MaxBundleVersion":"1.1","MaxBuildVersion":"1.0"}]
[{"ApplicationId":"appId","MaxBundleVersion":"1.1","M
applications that don't work correctly {"ApplicationId":"appId2","MaxBundleVersion":"3.2","M
"AppID" can be either the BSD process
with your deployment of Files On- name or the bundle display name. </string>
Demand. MaxBuildVersion denotes the maximum <(Bool)/>
build version of the application that will
be blocked. MaxBundleVersion denotes
the maximum bundle version of the
application that will be blocked
SharePoint Server Front Door URL Specifies the SharePoint Server 2019 on- SharePointOnPremFrontDoorUrl (string): <key>SharePointOnPremFrontDoorUrl
premises URL that the OneDrive sync The URL of the on-premises SharePoint </key>
client should try to authenticate and Server. <string>https://Contoso.SharePoint.co
sync against m</string>
SharePoint Server Tenant Name Specifies the name of the folder created SharePointOnPremTenantName (string): <key>SharePointOnPremTenantName<
for syncing the SharePoint Server 2019 The name that will be used when /key>
files specified in the Front Door URL. creating a folder to sync the on- <string>Contoso</string>
premises SharePoint Server files. If
specified, the folder names will take the
form of:
OneDrive – TenantName
TenantName
If not specified, the folder names will use
the first segment of the FrontDoorURL
as the Tenant Name.
Example -
https://Contoso.SharePoint.com will use
Contoso as the Tenant Name
SharePoint OnPrem Prioritization For hybrid scenarios where the email is SharePointOnPremPrioritizationPolicy <key>SharePointOnPremPrioritizationP
the same for both SharePoint Server on- (int): This parameter determines which olicy</key>
premises and SharePoint Online, service to attempt to authenticate <int>(0 or 1)</int>
determines whether or not the client against for setting up sync.
should set up sync for SharePoint Server 1 indicates OneDrive should setup
or SharePoint Online first during the SharePoint Server on-premises first,
first-run scenario. followed by SharePoint Online.
BlockExternalSync Prevents the sync client from syncing BlockExternalSync (Bool): Set to true to <key>BlockExternalSync</key>
libraries and folders shared from other prevent syncing OneDrive for Business <(Bool)/>
organizations. and SharePoint libraries and folders from
organizations other than the user's own
organization. Set to false or do not
include the setting to allow.
Learn about OneDrive B2B Sync.
You can also configure the OneDrive Standalone sync client to receive delayed updates.
PList Location ~/Library/Preferences/com.microsoft.OneDriveUpdater.plist

Domain com.microsoft.OneDriveUpdater
Tier Defines the update ring for the UpdateRing (String): This parameter has <key>Tier</key>
computer two different values. <string>(UpdateRing)</string>
Production - The default update ring for
OneDrive updates.
Insiders - This update ring receives
updates that are "pre-production" and
will allow you to play with features
before they are released. Note that
builds from this ring may be less stable.
Enterprise - This update ring receives
updates after they have rolled out
through the Production ring. It also lets
you control the deployment of updates.
For more info about the update rings
and how the sync client checks for
updates, see The OneDrive sync client
update process.
Deploy OneDrive apps by using Intune
You can use Intune to deploy the mobile apps for iOS and Android and to deploy the new OneDrive sync client
(OneDrive.exe). Before you begin deploying, make sure you have reviewed the planning information and
deployment options in the OneDrive guide for enterprises.
Deploy OneDrive to iOS devices by using Intune

1. Create a group of devices or users to target the deployment in the Azure AD admin center.
2. In Intune, select Client apps select Apps, and then click Add.
3. Under App type, select iOS.
4. Under Search the App Store, click Select app.
5. In the search box, enter Microsoft OneDrive to find the OneDrive app, as shown below.
6. Select it, click Select, and then click Add.

7. Select Assignments and choose the group you created. For info about this, see How to assign apps to groups
with Microsoft Intune.
For more information about using Intune to deploy apps to iOS devices, see How to add iOS store apps to
Microsoft Intune.
For more information about deploying Office 365 apps to MacOS devices using Intune, see How to assign Office
365 to MacOS devices with Microsoft Intune.
Deploy OneDrive to Android devices by using Intune
3. Under App type, select Android.
4. Click to configure the app information, and enter the required info, including
https://play.google.com/store/apps/details?id=com.microsoft.skydrive for the Appstore URL and
Android 4.0 (Ice Cream Sandwich) for the minimum operating system.
5. Click OK and then click Add.
6. Select Assignments and choose the group you created. For info about this, see How to assign apps to groups
with Microsoft Intune.
For more information about using Intune to deploy OneDrive to Android devices, see How to add Android store
apps to Microsoft Intune.
Deploy OneDrive to Windows devices by using Intune
To use Intune to deploy OneDrive to Windows devices, follow these steps:
3. In the App type list, under Office 365 Suite, select Windows 10.
4. Select Configure App Suite.
5. Select OneDrive Desktop, and then click OK.
NOTE
You aren’t required to deploy the entire Office 365 suite at once. If you need the OneDrive sync client only, you can select
that one item.
6. Click to configure the required App Suite information, and then click OK.
7. Click to configure the required App Suite Settings, and then click OK.
8. Click Add.
9. Select Assignments and choose the group you created.
10. If you want to use silent account configuration, add a PowerShell script to do this and assign it to the group. For
info about this, see Silently configure user accounts.
For more info about deploying Office 365 apps to Windows 10 devices using Intune, see How to assign Office 365
apps to Windows 10 devices with Microsoft Intune.
Network utilization planning for the OneDrive sync
client
This article is for IT admins planning to deploy the OneDrive sync client and wanting to estimate the network
bandwidth users will need for syncing. If you're not an IT admin, follow the steps in this article to limit the network
bandwidth used for syncing your files: Change the OneDrive sync client upload or download rate.
Estimate the network bandwidth you need in your organization

Follow these steps to estimate the bandwidth that will be used when you fully deploy the sync client.
1. Assess the number of users and computers per user to which you'll deploy the sync client. Each installation
multiplies the bandwidth used, so a user who has 3 syncing computers uses 3 times the bandwidth as a
user who has a single syncing computer.
2. Assess the available bandwidth and network conditions.
3. Measure the network utilization of the sync client for a pilot group.
When you deploy, Control sync throughput.
Assess the available bandwidth and network conditions
You can leverage tools like Microsoft Message Analyzer or third-party speed test tools such as Wireshark or
Fiddler to understand the actual download and upload throughput that the users experience.
Packet loss, latency, and other factors can also impact OneDrive upload and download experience. For example, a
high-latency network or network experiencing a lot of loss could result in a degraded OneDrive upload and
download experience even on high bandwidth networks (1000 Mbps, for example). The loss and latency will likely
vary based on the number of users that are on the same network and what those users are doing (downloading or
uploading large files, etc).
The bandwidth used by the sync client is predominantly file upload and download traffic and is usually closely
correlated with file size and the number of files being synced. Therefore, the bandwidth used depends on the
number of files in the user's OneDrive and in SharePoint document libraries they choose to sync, multiplied by the
size of files, and then by the rate of change of any file. Other sync client traffic (such as checking for file changes
and checking for app updates) is minimal.
Measure the network utilization of the sync client for a pilot group
When you create a pilot group, make sure the users are representative of the different profiles of people in your
organization as well as the different geographic locations. To establish a group:
Estimate the number of files, typical file sizes, file types, total size of each library, how frequently files are
modified, and how frequently new files are added.
Evaluate network utilization during each sync state as described below.
Use the measurements from the pilot group to extrapolate the entire organization's needs and re-test to
validate the estimations. Each organization is different.
Initial deployment and initial sync of team sites
When users download locations for the first time, bandwidth usage will spike. To avoid this spike, enable Learn
about OneDrive Files On-Demand. This allows users to browse their files in File Explorer without downloading
them.
Below you can see and contrast the patterns of network utilization in cases of classic sync and when Files On-
Demand functionality is enable
Operational sync
After the initial sync is complete, the network usage will decrease and then level out.
NOTE
Network usage varies depending on file types most frequently synced. When users change Office files, only the changes are
uploaded or downloaded and not the whole file. For other types of files, the whole file is uploaded or downloaded. You
should expect traffic to be higher during regular work hours when users are online and working on files.
A spike in upload traffic is expected if you deploy the Known Folder Move setting in your organization. If your
organization is large and your users have a lot of files in their known folders, make sure you roll out the Group
Policy objects slowly to minimize the network impact of uploading files.
Control sync throughput

If you need to control sync client traffic, we recommend using your network quality of service (QoS ) policies or
Windows QoS policies when possible. They provide better control over sync client traffic on your network. If you
can't use these policies, you can use the network throughput policies provided by the sync client or let users
choose their throughput settings. For info about the network settings you can make available to your users, see
Change the OneDrive sync client upload or download rate.
To protect upload bandwidth on a relatively slow Internet connection, you can use a Windows QoS policy to:
Assign differentiated services code point (DSCP ) values to network packets originating from the OneDrive
sync client to enable appropriate handling of the traffic by your network devices.
Limit the maximum upload throughput rate that the OneDrive sync client can reach.
Prioritize traffic by using DSCP
To define the priority of outbound network traffic, you can configure a QoS policy with a specific differentiated
services code point (DSCP ) value. Network routers use the DSCP value to classify network packets and determine
the appropriate queue. A higher value indicates a higher priority for the packet. The number of queues and their
prioritization behavior needs to be designed as part of your organization's QoS strategy.
Create a Windows QoS policy for the OneDrive sync client
To manage the use of network bandwidth, you can configure a QoS policy with a specific throttle rate for
outbound traffic. With throttling, a QoS policy will limit the outgoing network traffic to a specified rate.
1. Open the Group Policy Management Console.
2. Browse to the location where you want to create the new policy. For example, if all your client computers
are located in an OU (Organizational Unit) named "Clients" then the new policy should be created in the
"Clients" OU.
3. Right-click the location, and then click Create a GPO in this domain, and Link it here.
4. In the New GPO dialog box, enter a name for the new Group Policy object in the Name box (for example,
"OneDrive sync client") and then click OK.
5. Right-click the policy and then click Edit.
6. In the Group Policy Management Editor, expand Computer Configuration, expand Policies, expand
Windows Settings, right-click Policy-based QoS, and then click Create new policy.
7. In the Policy-based QoS dialog box, enter a name for the new policy in the Name box (for example,
"OneDrive sync client").
8. Select Specify DSCP Value and set the appropriate value between 0 and 63 based on your organization's
QoS strategy.
9. In the Outbound Throttle Rate box, enter a rate in KBps and click Next.
10. Select Only applications with this executable name and enter "onedrive.exe" to apply the QoS policy to
only the OneDrive sync client process. Click Next.
11. Make sure that both Any source IP address and Any destination IP address are selected and then click
Next. These two settings ensure that packets will be managed regardless of which computer (IP address)
sent those packets and which computer (IP address) will receive those packets.
12. In the Select the protocol this QoS policy applies to list, select TCP. Leave from any source port and
to any destination selected. Click Finish.
Use OneDrive Group Policy objects
You can also use policies included with the OneDrive sync client to control network throughput. These policies are
available in the OneDrive installation directory, %localappdata%\Microsoft\OneDrive\BuildNumber\adm. (Where
BuildNumber is the number displayed in sync client settings on the About tab.)
For info about these policies, see:
See also
Network planning and performance tuning for Office 365
The OneDrive sync client update process
This article is for IT admins who manage the new OneDrive sync client in an enterprise environment. It explains
how we release updates to the Windows sync client and the standalone Mac sync client through rings of
validation, and how the sync client (OneDrive.exe) checks for updates.
NOTE
If you allow your users to sync personal OneDrive accounts, the update process described in this article and any settings
you select apply to all instances of the sync client.
The sync client installed from the Mac App Store follows a separate update process. After we finish rolling out updates
within the Production ring, we publish them to the Mac App Store, where they're immediately released to everyone.
How we release updates through multiple rings

After we validate updates through rings within Microsoft, we release them to the first public ring, Insiders. To try
these latest features, join the Windows Insider program or the Office Insider program. It takes about 3 days to roll
out to this ring. Later, we release to organizations in the default update ring, Production. We roll them out to a
small percentage of users in the ring at first, and slowly roll them out to everyone in the ring. This typically takes
one to two weeks. At each increase along the way, we monitor telemetry for quality assurance purposes. In the
rare case we detect an issue, we suspend the release, address the issue, and release a new update to users in the
same order. After updates have completely rolled out within the Production ring, we release them to the next ring,
Enterprise.
The Enterprise ring provides builds that have been monitored throughout the Production rollout, so fewer
releases are suspended. The Enterprise ring also lets you as an admin:
Control when you deploy updates (within 60 days of their release).
Deploy new versions from an internal network location to avoid using Internet bandwidth. (If you don't
deploy an update after 60 days, it will be automatically downloaded and installed.)
However, as the slowest ring, the Enterprise ring receives performance improvements, reliability fixes, and new
features last.
NOTE
Microsoft reserves the right to bypass the 60-day grace period for critical updates.
To learn how to set the Enterprise ring for the Windows sync client using Group Policy, see Set the sync client
update ring. To learn how to set it for the Mac sync client, see Configure the new OneDrive sync client on macOS.
For info about the Office 365 update process, see Overview of update channels for Office 365 ProPlus. For info
about the Windows 10 update process, see Build deployment rings for Windows 10 updates.
How the sync client checks for and applies updates
The OneDrive sync client checks for available updates every 24 hours when it's running. If it has stopped and
hasn't checked for updates in more than 24 hours, the sync client will check for updates as soon as it's started.
Windows 10 also has a scheduled task that updates the sync client even when it's not running.
To determine if an update is available, the OneDrive sync client checks if:
The latest version released to the update ring is higher than what's installed on the computer. If the
installed version is too old to be updated to the current version, the sync client will first be updated to the
minimum version within the ring.
The update is available to the computer based on the rollout percentage we set within the ring.
If both of these are true, OneDrive downloads the update to a hidden folder without any user interaction. After
the download is complete, OneDrive verifies and installs it. If OneDrive is running, it's stopped and then restarted.
Users don't need to sign in again, and they don't need administrative rights to install the update.
For info about the latest releases, see New OneDrive sync client release notes.
NOTE
To apply sync client updates, computers in your organization must be able to reach the following: "oneclient.sfx.ms" and
"g.live.com." Make sure you don't block these URLs. They are also used to enable and disable features and apply bug fixes.
More info about the URLs and IP address ranges used in Office 365.
Deploying updates in the Enterprise ring

At any given time, the next planned Enterprise ring release is published on the OneDrive sync client release notes
page with a link to the corresponding installer and the target date when that version will be released. On the
specified date, the "Rolling out" version for the Enterprise ring becomes the new minimum. All sync clients below
that version will automatically download the installer from the Internet and update themselves.
To deploy an updated version of the sync client for Windows, run the following command using System Center
Configuration Manager:
Execute <pathToExecutable>\OneDriveSetup.exe /update /restart
Where pathToExecutable is a location on the local computer or an accessible network share and
OneDriveSetup.exe is the target version downloaded from the release notes page. Running this command
restarts OneDrive.exe on all computers. If you don't want to restart the sync client, remove the /restart parameter.
See Deploy using SCCM for tips on how to set up the SCCM deployment package.
To deploy an updated version of the sync client for Mac, deploy the OneDrive.pkg with the target version by using
your MDM solution.
Block syncing of specific file types
You can prevent users from uploading specific file types when they sync their OneDrive for Business files.
NOTE
This setting prevents file types from being uploaded but not downloaded. If users already have blocked file types in their
OneDrive, the files will sync to their computer, but any changes they make on their computer won't be uploaded.
To block uploading of specific file types

1. Open the OneDrive admin center, and click Sync in the left pane.
2. Select the Block syncing of specific file types check box.

3. Click Edit.
4. Type the file name extensions you want to block, for example: exe or mp3.
IMPORTANT
Do not include the periods with the extensions, or any other punctuation, spaces, or special characters.
5. Click Save on the Sync page.

For info about setting this sync client restriction by using PowerShell, see Set-SPOTenantSyncClientRestriction
Changes to OneDrive sync client deployment in
Office Click-to-Run
Starting in October 2017, we're changing how the previous OneDrive for Business sync client installs for enterprise
customers using Office 365 ProPlus or Office 2016 with Click-to-Run.
The previous OneDrive for Business sync client (Groove.exe) will no longer be installed by default with
Office 2016 Click-to-Run. If your organization provides an Office deployment configuration file to
Setup.exe, you'll need to update your file to exclude Groove from the install.
When not in use or running, the previous OneDrive for Business sync client (Groove.exe) will be uninstalled,
unless: (a) Groove is already configured to sync one or more SharePoint Online or SharePoint Server
libraries or (b) a "PreventUninstall" registry key is present on the computer.
These changes won't affect Office 365 customers who are already using the new OneDrive sync client
(OneDrive.exe) to sync OneDrive and SharePoint Online files. Neither will these changes affect enterprises who
have deployed Office with the traditional Windows Installer-based (MSI) method.
NOTE
The new OneDrive sync client (OneDrive.exe) is the recommended option for Office 365 customers. However, the previous
OneDrive for Business sync client (Groove.exe) is still fully supported and is used for on-premises instances of OneDrive for
Business or SharePoint Server (when your organization doesn't subscribe to an Office 365 Business plan). Which version of
OneDrive am I using?
Ensuring Groove.exe is no longer installed

When these changes roll out, the previous OneDrive for Business sync client (Groove.exe) will no longer be
installed by default when a user installs Office 2016 via Click-to-Run. If your organization provides an Office
deployment configuration file to Setup.exe, you'll need to update your file to exclude Groove from the install.
To exclude Groove in your deployment, add this to your config file:
<Product ID="O365ProPlusRetail" >

<Language ID="en-us" />
<ExcludeApp ID="Groove" />
</Product>
For more information about configuration options, see Configuration options for the Office 2016 Deployment
Tool.
To override the default behavior and make sure the previous OneDrive for Business sync client installs and stays
installed, you'll need to provide a config file that doesn't exclude Groove.exe. Also, you'll need to set the
"PreventUninstall" registry key on all computers where you need Groove.exe installed, so that the process doesn't
uninstall Groove.exe.
Uninstalling Groove when not in use

On Office upgrade, the installer runs on each computer to detect whether Groove.exe is currently in use or the
"PreventUninstall" registry key is set. If either Groove.exe is in use or the registry key is set, Groove.exe is left in
place. Otherwise, if Groove.exe isn't in use and the registry key isn't set, Groove.exe gets uninstalled automatically
on that computer.
Registry key to prevent uninstallation
[HKLM\SOFTWARE\Microsoft\Office\Groove] "PreventUninstall"=dword:00000001
Who these changes affect and when

These changes will affect organizations who have deployed the previous OneDrive for Business sync client to sync
on-premises SharePoint libraries, or libraries that have Information Rights Management enabled on them.
The following table shows more detail about which Office installations are affected by these changes and when. All
these changes are Office client-level changes rolled out across clients, and are not turned on organization by
organization.
GROOVE.EXE IS NO LONGER INSTALLED BY GROOVE.EXE IS UNINSTALLED ON NEX T

OFFICE VERSION DEFAULT UPDATE IF NOT IN USE FOR 30 DAYS
MSI (all versions) Not applicable Not applicable
Office 2013 Click-to-Run Not applicable Not applicable
Office 2016 Click-to-Run - Office Sept. 2017 - Version 1710 (Build Sept. 2017 - Version 1710 (Build
Insider channel 8530.1000) 8530.1000)
Office 2016 Click-to-Run - Monthly Oct. 2017 - Version 1709 (Build Oct. 2017 - Version 1709 (Build
channel 8528.2139) 8528.2139)
Office 2016 Click-to-Run - Semi-annual Sept. 2018 - Version 1808 (Build Sept. 2018 - Version 1808 (Build
channel (Targeted) 10730.20102) 10730.20102)
Office 2016 Click-to-Run - Semi-annual Jan. 2019 - Version 1808 (Build Jan. 2019 - Version 1808 (Build
channel 10730.20264) 10730.20264)
For more information about Office channels, see Overview of update channels for Office 365 ProPlus.
Unless you need Groove.exe for some of your scenarios (for example, syncing on-premises SharePoint files), we
strongly recommend leaving the new defaults in place and excluding Groove.exe from Office 2016 installations.
Related Topics
Learn more about the Sync button update on SharePoint sites
Prevent users from installing the OneDrive sync client
The Sync button helps users install and set up the new OneDrive sync client. If you want to manage the rollout of
the sync client to your organization, you can hide the Sync button on the OneDrive website to prevent your users
from downloading the sync client themselves.
To prevent users from downloading the OneDrive sync client
1. Open the OneDrive admin center, and click Sync in the left pane.
2. Clear the Show the Sync button on the OneDrive website check box.
3. Click Save.
See also
Use Group Policy to control OneDrive sync client settings
Manage sharing in OneDrive and SharePoint
As a global admin or SharePoint admin in Office 365, you can use the OneDrive admin center to control how
sharing works at the organization level in OneDrive and SharePoint Online. Because each OneDrive is a site
(previously called "site collection") within SharePoint, your organization's SharePoint settings and OneDrive
settings are related.
To learn how to change the external sharing setting of an individual user's OneDrive, see Change the external
sharing setting for a user's OneDrive. For info about how to share a file or folder in OneDrive, see Share OneDrive
files and folders.
NOTE
Some sharing settings exist in multiple admin centers. When you change them in one place, the other admin centers will
reflect the change. If you have multiple admins in your organization, make sure you communicate the changes you're
making. In the Microsoft 365 admin center, under Settings > Services & add-ins > Sites, the External sharing setting is the
same as the SharePoint external sharing setting in the OneDrive admin center. The Sharing page in the OneDrive admin
center and the in the classic SharePoint admin center control the same settings.
Change your sharing link settings

If you haven't yet specified the external sharing settings you allow, do that first: Control external sharing for
OneDrive and SharePoint. Then follow these steps to guide your users into creating the kind of sharing link you
prefer.
1. Open the OneDrive admin center, and select Sharing in the left pane.
2. Under Default link type, choose the kind of link that's selected by default when users share items:
IMPORTANT
The following setting applies to both SharePoint and OneDrive. It syncs with the setting in the SharePoint admin
center. For more info about this setting in the SharePoint admin center, see Change the default link type when users
get links for sharing.
Shareable links (accessible by anyone with the link). This option is only available if your external sharing
setting for SharePoint is set to Anyone. If the external sharing setting for OneDrive or a specific site isn't set
to "Anyone," the default link type for OneDrive or the site will be "Internal."
Internal links (accessible only by users within your organization, can be shared internally). If you allow
external sharing, users will have to switch the link type every time they share externally.
Direct links (accessible only by the people specified when the user creates the link). Select this type if most
of the time users will share with guests (who will need to authenticate) or with a small group of individuals
in your organization.
3. Click Save.
Advanced settings for shareable links
Links must expire within this number of days This value sets the expiration time for links. Entering a
value of 0 will set it so that links do not expire.
Files and Folders
View Using this setting will make it so that the shared files or folders can only be viewed or accessed.
Think of this as a "read only" option.
View, edit, and upload Using this setting will make it so that the shared files or folders can be
edited by anyone who has the link.
Control external sharing for OneDrive and SharePoint

By default, users are allowed to share files in OneDrive and SharePoint with anyone using links that don't require
sign-in. If you want to change this, it's best to do it first before you customize your link settings. Keep the following
in mind as you configure sharing for OneDrive.
The external sharing setting for SharePoint can be more permissive than what you allow in OneDrive, but
not less permissive. If you turn off external sharing for SharePoint in your organization, you can't turn it on
for OneDrive.
If you want to allow external file sharing on any sites, you need to turn it on globally (at the organization
level). You can then turn it off for all other sites. To learn how to turn external sharing on or off for a site, see
Change external sharing for a site.
If you turn off external sharing, any links shared externally will stop working. If you later turn it back on, the
links will resume working.
To configure external sharing for OneDrive
2. Under External sharing, move the sliders to the settings you want for SharePoint and OneDrive, as
described in the table below.
IF YOU WANT TO: SELECT THIS OPTION: FOR THIS RESULT:
Let users create links that don't Anyone Users can create links that can be
require sign-in (previously referred to freely shared. They can also select to
as "anonymous access links") require sign-in when they share
items.
Require external users to prove who New and existing external users Users can send invitations to anyone
they are by entering a verification (unless you choose to restrict
code or by signing in with a domains). Invitations to access files
Microsoft account or a work or can be redeemed only once. After
school account before they can they've been redeemed, they can't be
access shared files. used by others to gain access. New
external users will be added to Azure
Active Directory when they sign in to
view the shared item.
Allow sharing only for external users Existing external users Users can send sharing invitations to
who are already in Azure Active any external user who has been
Directory. added to Azure Active Directory.
Invitations to access files can be
redeemed only once. After they've
been redeemed, they can't be used
by others to gain access.
Turn off external sharing. Only people in your organization External sharing is not allowed.
NOTE
If you turn off external sharing for SharePoint, you can still change the advanced settings for external sharing in the
next step. Your changes won't take effect until you turn on external sharing.
3. Specify any advanced settings for external sharing.
IMPORTANT
These settings apply to both SharePoint and OneDrive. The settings you change in the OneDrive admin center sync
with your settings in the SharePoint admin center.
Allow or block sharing with people on specific domains. You specify a list of allowed or blocked
domains. Note that if you allow shareable links (which don't require sign-in), users who share items with
these links can share with anyone, including people who have accounts on restricted domains. This setting is
the same as the setting on the sharing page in the SharePoint admin center. For more info, see Restricted
domains sharing in SharePoint Online and OneDrive for Business
External users must accept sharing invitations using the same account that the invitations were
sent to. This lets you control the accounts external users use to access shared items.
Let external users share items they don't own. This setting is selected by default.
4. Click Save.
Other settings
2. Under Other settings, select or clear Display to owners the names of people who viewed their files.
This setting lets you control whether the owner of a shared file can see the people who only view (and don't
edit) the file in OneDrive file access statistics. File access statistics appear on a card when users hover over a
file name or thumbnail in OneDrive. The statistics include the number of views on the file, the number of
people who viewed it, and the list of people who viewed it.
NOTE
This setting is selected by default. If you clear it, file viewer info is still recorded and available to you to audit as an
admin. OneDrive owners will also still be able to see people who viewed their shared Office files by opening the files
from Office.com or from the Office desktop apps.
3. Click Save.
Change the external sharing setting for a user's
OneDrive
After you set the organization-wide sharing settings for SharePoint and OneDrive, you can further restrict the
external sharing for a specific OneDrive user.
NOTE
Instead of changing the external sharing setting for an individual user's OneDrive, you might want to block external sharing
of sensitive information for all users. To learn how, see Overview of data loss prevention policies.
organization.)
NOTE
2. In the left pane, select Users > Active users.

3. Select the user.
4. Select the OneDrive tab, and under Sharing, select Manage sharing.
5. Select a new external sharing level, and then select Save.
NOTE
You can also change the external sharing setting for a specific OneDrive user by using Microsoft PowerShell and running the
cmdlet Set-SPOSite with the parameter -SharingCapability. For more info, see Set-SPOSite.
Turn on external sharing notifications for OneDrive
To help your OneDrive users monitor and control which external users have access to their files, make sure
external sharing notifications are turned on. File and folder owners will be emailed when:
Another user invites external users to shared files
An external user accepts an invitation to access their files
If external sharing is enabled in your organization, these notifications are enabled by default.
NOTE
Office 365 admins can use Search the audit log in the Office 365 Security & Compliance Center to monitor content that is
shared externally.
Turn on external sharing notifications

1. Open the OneDrive admin center and select Notifications in the left pane.
2. Under Email OneDrive owners when, make sure the following check boxes are selected:
Other users invite additional users to shared files
External users accept invitations to access files
NOTE
This setting no longer works for the new sharing experience that appears in most places. This setting will be
removed.
Allow syncing only on computers joined to specific
domains
To make sure that users sync OneDrive files only on managed computers, you can configure OneDrive to sync
only on PCs that are joined to specific domains.
To allow syncing only on PCs joined to specific domains
1. Open the OneDrive admin center and select Sync in the left pane.
2. Select the Allow syncing only on PCs joined to specific domains check box.
3. Click Add domains.
4. Add the GUID of each domain for the member computers that you want to be able to sync.
NOTE
Make sure to add the domain GUID of the computer domain membership. If users are in a separate domain, only the
domain GUID that the computer account is joined to is required.
IMPORTANT
This setting is only applicable to Active Directory domains. It does not apply to Azure AD domains. If you have devices which
are only Azure AD joined, consider using a Conditional Access Policy instead.
5. If you want to prevent Mac OS users from syncing entirely, select the Block sync on Mac OS check box.
6. Click Save on the Sync page.
For info about setting this sync client restriction by using PowerShell, see Set-SPOTenantSyncClientRestriction
To prevent users from accessing OneDrive and SharePoint content on devices outside of specific domains, and to
prevent them from accessing files in apps that don't check for device status, use the Device access page of the
OneDrive admin center. Note that the first two settings on this page are also on the "Access control" page in the
new SharePoint admin center.
Control access based on network location

You can choose a specific IP addresses or IP address ranges from which you want to allow users to access their
OneDrive files. For example, you might want your users to only access OneDrive files using network addresses
that your organization owns.
To allow access only from defined network locations
1. Under Control access based on network location, select the Allow access only from specific IP
address locations check box.
2. Click Edit.
3. Enter the IP address ranges that you want to allow using CIDR notation. For example: 172.16.0.0,
192.168.1.0/27, 2001:4898:80e8::0/48. Enter one IP address range per line, and make sure there are no
overlapping IP addresses.
IMPORTANT
Make sure you include your own IP address so you don't lock yourself out. This setting not only restricts access to
OneDrive and SharePoint sites, but also to the OneDrive and SharePoint admin centers, and to running PowerShell
cmdlets. If you lock yourself out and can't connect from an IP address within a range you specified, you will need to
contact Support for help.
4. Click Save on the Device access page.
Control access from apps that don't use modern authentication

Some third-party apps and versions of Office prior to Office 2013 don't use modern authentication and can't
enforce device-based restrictions. This means they allow users to bypass conditional access policies that you
configure in Azure.
To block access from apps that don't use modern authentication
1. Under Control access from apps that can't enforce device-based restrictions, clear the Allow access
from apps that don't use modern authentication check box.
2. Click Save.
See also
Manage OneDrive for Business mobile access
Control access to features in the OneDrive and
SharePoint mobile apps
If your organization has Microsoft Intune or Enterprise Mobility + Security, you can use the OneDrive admin
center to create a global policy that manages the OneDrive and SharePoint mobile apps for Android and iOS. This
policy only applies to users in your organization who are licensed for Microsoft Intune or Enterprise Mobility +
Security.
NOTE
Your admin account needs to have an Intune license assigned to it for you to change the mobile application management
settings in the OneDrive admin center.
Go to the Device access page of the OneDrive admin center to:

Block downloading files in the apps
Block taking screenshots in the Android apps
Block copying files and content within files
Block printing files in the apps
Block backing up app data
Require an app passcode
Block opening OneDrive and SharePoint files in other apps
Encrypt app data when the device is locked
Require Office 365 sign-in each time the app is opened
Choose values for how often to verify user access and when to wipe app data when a device is offline.
To manage features in the OneDrive and SharePoint mobile apps
1. In the Mobile application management section, turn on the Deploy this policy setting.
2. Select the check boxes for the features you want to enable.
3. Choose values for how often to verify user access and when to wipe app data when a device is offline.
4. Click Save.
See also
Intune Documentation
Configure and deploy mobile application management policies in the Microsoft Intune console
Enable conditional access support in the OneDrive
sync client for Windows
Conditional access control capabilities in Azure Active Directory offer simple ways for you to secure resources in
the cloud. The new OneDrive sync client works with the conditional access control policies to ensure syncing is only
done with compliant devices. For example, you might require sync to be available only on domain-joined devices or
devices that meet compliance as defined by the Mobile Device Management system (like Intune).
For information about how conditional access works, see:
Azure Active Directory conditional access
Require managed devices for cloud app access with conditional access
Configure hybrid Azure Active Directory join for managed domains
Getting started
Use the following steps on each computer.
To enable conditional access support on the OneDrive sync client
1. Download and install the OneDrive sync client.
2. Download and open EnableCAPreview.reg to enable the conditional access feature.
3. Restart the sync client.
If you want to disable this feature, you can delete the registry key by running DisableCAPreview.reg. You need to
restart the sync client for the change to take effect.
Known issues
The following are known issues with this release:
If you create a new access policy after the device has authenticated, it may take up to twenty-four hours for
the policy to take effect.
In some cases, the user may be prompted for credentials twice. We are working on a fix for this issue.
Certain ADFS configurations may require additional setup to work with this release. Please run the
following command on your ADFS server to ensure FormsAuthentication is added to the list of
PrimaryIntranetAuthenticationProvider:
Set-AdfsGlobalAuthenticationPolicy -PrimaryIntranetAuthenticationProvider @('WindowsAuthentication',
'FormsAuthentication')
If you enable location-based conditional access, users will get a prompt about every 90 to 120 minutes by
default when they leave the set of approved IP address ranges. The exact timing depends on the access
token expiry duration (60 minutes by default), when their computer last obtained a new access token, and
any specific conditional access timeouts put in place.
Reporting problems
Please let us know if you run into any problems while using this release.
To report a problem
1. Right-click the blue OneDrive cloud icon in the Windows taskbar notification area.
2. Click Get help.
3. Type a brief description of your issue, and then click Submit.
See also
Deploy the new OneDrive sync client
Sync files with the new OneDrive sync client in Windows
Required URLs and ports for OneDrive
This reference article lists every endpoints used by the consumer version of OneDrive. If your organization restricts
computers on your network from connecting to the Internet, this article lists the Fully Qualified Domain Names
(FQDNs) and ports that you should include in your outbound allow lists to ensure your computers can successfully
use the consumer version of OneDrive.
IMPORTANT
Filtering internet traffic requires advanced networking knowledge and isn't suitable for all customers.
If you are looking for a listing of endpoints used by OneDrive for Business in Office 365, see Office 365
URLs and IP address ranges.
Supported hosts and ports for OneDrive

To use OneDrive, the following endpoints need to be accessible to client computers.
ROW DESTINATION HOST DESTINATION PORT
1 onedrive.com TCP 80, TCP 443

*.onedrive.com
onedrive.live.com
login.live.com
spoprod-a.akamaihd.net
*.mesh.com
p.sfx.ms
*.microsoft.com
fabric.io
*.crashlytics.com
vortex.data.microsoft.com
https://posarprodcssservice.accesscontr
ol.windows.net
redemptionservices.accesscontrol.windo
ws.net
token.cp.microsoft.com/
tokensit.cp.microsoft-tst.com/
*.office.com
*.officeapps.live.com
*.aria.microsoft.com
*.mobileengagement.windows.net
*.branch.io
*.adjust.com
*.servicebus.windows.net
vas.samsungapps.com
odc.officeapps.live.com
login.windows.net
login.microsoftonline.com
ROW DESTINATION HOST DESTINATION PORT
2 *.files.1drv.com TCP 80, TCP 443

*.onedrive.live.com
*.*.onedrive.live.com
storage.live.com
*.storage.live.com
*.*.storage.live.com
*.groups.office.live.com
*.groups.photos.live.com
*.groups.skydrive.live.com
favorites.live.com
oauth.live.com
photos.live.com
skydrive.live.com
api.live.net
apis.live.net
docs.live.net
*.docs.live.net
policies.live.net
*.policies.live.net
settings.live.net
*.settings.live.net
skyapi.live.net
snapi.live.net
*.livefilestore.com
*.*.livefilestore.com
storage.msn.com
*.storage.msn.com
*.*.storage.msn.com
Pre-provision OneDrive for users in your organization
By default, the first time that a user browses to their OneDrive it's automatically provisioned for them. In some
cases, such as the following, you might want your users' OneDrive locations to be ready beforehand, or pre-
provisioned:
Your organization has a custom process for adding new employees, and you want to create a OneDrive
when you add a new employee.
Your organization plans to migrate from SharePoint Server on-premises to Office 365.
Your organization plans to migrate from another online storage service.
This article describes how to pre-provision OneDrive for your users by using PowerShell.
Pre-provision OneDrive for users

1. If you're pre-provisioning OneDrive for many users, create a list of these users and save it as a file. For example,
create a text file named Users.txt that contains:
user1@contoso.com
user2@contoso.com
user3@contoso.com
NOTE
If you installed a previous version of the SharePoint Online Management Shell, go to Add or remove programs and
uninstall “SharePoint Online Management Shell.”
On the Download Center page, select your language and then click the Download button. You’ll be asked to choose
between downloading a x64 and x86 .msi file. Download the x64 file if you’re running the 64-bit version of Windows
or the x86 file if you’re running the 32-bit version. If you don’t know, see
https://support.microsoft.com/help/13443/windows-which-operating-system. After the file downloads, run it and
follow the steps in the Setup Wizard.
4. Run the PowerShell command Request-SPOPersonalSite, consuming the text file you previously created in
Step 1.
$users = Get-Content -path "C:\Users.txt"

Request-SPOPersonalSite -UserEmails $users
To verify that OneDrive has been created for your users, see Get a list of all user OneDrive URLs in your
organization.
NOTE
If you are pre-provisioning OneDrive for many users, it might take up to 24 hours for the OneDrive locations to be created. If
a user's OneDrive isn't ready after 24 hours, please contact Support.
See also
Plan hybrid OneDrive for Business
Set the default storage space for OneDrive users
For most subscription plans, the default storage space for each user's OneDrive is 1 TB. Depending on your plan
and the number of licensed users (see the OneDrive for Business service description for info), you can increase the
storage up to 5 TB.
NOTE
For help finding out which subscription you have, see What Office 365 for business subscription do I have?
If your organization has a qualifying Office 365 plan and 5 or more users, you can change the storage space to more than 5
TB. Contact Microsoft support to discuss your needs. You must assign at least one license to a user before you can increase
the default OneDrive storage space.
The new storage limit is applied the next time a user accesses their OneDrive.
Set the default OneDrive storage space in the OneDrive admin center
This storage space setting applies to all new and existing users who are licensed for a qualifying plan and for
whom you haven't set specific storage limits. (To check if a user has a specific storage limit, see the next section.) To
change the storage space for specific users, you need to use Microsoft PowerShell. For info on how to do this, see
Change your users' OneDrive storage space using PowerShell.
WARNING
If you decrease the storage limit and a user is over the new limit, their OneDrive will become read-only.
1. Open the OneDrive admin center and click Storage in the left pane.
2. Enter the default storage amount (in GB ) in the Default storage box, and then click Save.
NOTE
The minimum storage is 1 GB.
Check if a user has the default storage limit or a specific limit
organization.)
NOTE
2. In the left pane, select Users > Active users.

3. Select the user.
4. Select the OneDrive tab.
5. Next to "Storage used," look at the max value. (For example, 3 GB of 1024 GB )
Set the default OneDrive storage space using PowerShell

Set-SPOTenant -OneDriveStorageQuota <quota>
Where <quota> is the value in megabytes for the storage space. For example, 1048576 for 1 TB or
5242880 for 5 TB. You can specify any value that you want, however, if you specify a value greater than that
allowed by a given user's license, that user's storage space will be rounded down to the maximum value
allowed by their license.
To reset an existing user's OneDrive to the new default storage space, run the following command:
Set-SPOSite -Identity <user's OneDrive URL> -StorageQuotaReset
NOTE
When you set site storage limits in PowerShell, you enter them in MB. The values are converted and rounded down
to the nearest integer to appear in the admin centers in GB, so a value of 5000 MB becomes 4 GB. If you set a value
of less than 1024 MB using PowerShell, it will be rounded up to 1 GB.
See also
More info about using Set-SPOTenant
Change a specific user's OneDrive storage space
As a global or SharePoint admin in Office 365, you can set the OneDrive storage space for a specific user by using
Microsoft PowerShell.
NOTE
For info about setting the default storage space, see Set the default storage space for OneDrive users. For info about the
storage available for your Office 365 plan, see the OneDrive for Business service description.
Change the storage space for a specific user's OneDrive

NOTE
Set-SPOSite -Identity <user's OneDrive URL> -StorageQuota <quota>
(Where <user's OneDrive URL> is the URL of the user's OneDrive and <quota> is the value in megabytes
for the storage space.
A user’s OneDrive URL is based on their username. For example,
https://microsoft-my.sharepoint.com/personal/user1_contoso_com. You can find their username on the
Active users (or Deleted users) page in the Microsoft 365 admin center.
For storage space, you would enter 1048576 for 1 TB or 5242880 for 5 TB. 1024 MB (1 GB ) is the
minimum. If you enter a lower value, it will be rounded up. If you specify a value greater than that allowed
by a user's license, the value will be rounded down to the maximum value allowed by their license.
NOTE
If you want to change the storage space for multiple users, you can use PowerShell to Display a list of OneDrive
accounts by using PowerShell. To disable OneDrive creation for specific users, see Manage user profiles in the
SharePoint admin center.
Set the OneDrive retention for deleted users
If a user's Office 365 account is deleted, their OneDrive for Business files are preserved for a period of time that
you can specify.
To set the retention time for OneDrive accounts
1. Open the OneDrive admin center, and select Storage in the left pane.
2. Enter the number of days you want to retain OneDrive files in the Days to retain files in OneDrive after
a user account is marked for deletion box.
The setting takes effect for the next user that is deleted. The count begins as soon as the user account is
deleted in the Microsoft 365 admin center, even though the deletion process takes time. The minimum
value is 30 days and the maximum value is 3650 days (ten years).
3. Click Save.
See also
Delete a user from your organization
Set up OneDrive to alert managers and delegate access automatically when users leave your organization
Overview of retention policies
Restore a deleted OneDrive
When you delete a user in the Microsoft 365 admin center (or when a user is removed through Active Directory
synchronization), the user's OneDrive will be retained for the number of days you specify in the OneDrive admin
center. (For info, see Set the default file retention for deleted OneDrive users.) The default is 30 days. During this
time, shared content can still be accessed by other users. At the end of the time, the OneDrive will be in a deleted
state for 93 days and can only be restored by a global or SharePoint admin.
Restore a deleted OneDrive when the deleted user no longer appears

in the Microsoft 365 admin center
If the user was deleted within 30 days, you can restore the user and all their data from the Microsoft 365 admin
center. To learn how, see Restore a user in Office 365. If you deleted the user more than 30 days ago, the user will
no longer appear in the Microsoft 365 admin center, and you'll need to use PowerShell to restore the OneDrive.
NOTE
3. Determine if the OneDrive is available for restore
If you know the URL of the OneDrive, run the following command:
Get-SPODeletedSite -Identity <URL>
A user’s OneDrive URL is based on their username. For example,

https://microsoft-my.sharepoint.com/personal/user1_contoso_com. You can find their username on the Active users
(or Deleted users) page in the Microsoft 365 admin center.
If you don't know the URL of the deleted OneDrive, run the following command:
Get-SPODeletedSite -IncludeOnlyPersonalSite | FT url
If the OneDrive appears in the results, it can be restored.

4. Restore the OneDrive to an active state:
Restore-SPODeletedSite -Identity <URL>
5. Assign an administrator to the OneDrive to access the needed data:
Set-SPOUser -Site <URL> -LoginName <UPNofDesiredAdmin> -IsSiteCollectionAdmin $True
For more info about these cmdlets, see Get-SPODeletedSite and Restore-SPODeletedSite.
Permanently delete a OneDrive

After you recover the data you need from the OneDrive, we recommend that you permanently delete the
OneDrive by running the following command:
Remove-SPOSite -Identity <URL>
Cau t i on
When you permanently delete a OneDrive, you will not be able to restore it.
See also
OneDrive retention and deletion
OneDrive retention and deletion
This article describes what happens to a user's OneDrive when you delete the user's Office 365 account for your
organization.
Give another user access to a deleted user's OneDrive

When you delete a user in the Microsoft 365 admin center, you can choose what you want to do with the user's
product licenses, email, and OneDrive. For more info, see Delete a user from your organization. If you give another
user access to the OneDrive, that user will have 30 days by default to access and download the files they want to
keep. (To change the retention time, see Set the OneDrive retention for deleted users.) They'll receive an email with
a link to these instructions for accessing the deleted user's OneDrive: Copy files from another user's OneDrive.
Configure automatic access delegation

By default, when you delete a user, ownership of the OneDrive is transferred to the user's manager. Follow these
steps to check if access delegation is turned on and set a secondary admin in case a user doesn't have a specified
manager:
organization.)
NOTE
2. In the left pane, under Admin centers, select SharePoint. (You might need to select Show all to see the
list of admin centers.) If this opens the new SharePoint admin center, select Classic SharePoint admin
center in the left pane.
3. Select user profiles in the left pane.
4. Under My Site Settings, select Setup My Sites.
5. Next to My Site Cleanup, make sure Enable access delegation is selected.
6. We recommend that you also specify a secondary owner account in the My Site Cleanup section. This
account will be the appointed owner of the OneDrive if the user's manager isn't set in Azure AD. Email
notifications will also be sent to the secondary owner account when the value is populated.
7. Select OK.
If a manager or secondary owner isn't set for the user, or if access delegation is disabled, OneDrive will follow the
deletion process described in the next section. However, email messages won't be sent automatically.
The OneDrive deletion process

1. A user is deleted from the Microsoft 365 admin center or is removed through Active Directory
synchronization.
2. The account deletion is synchronized to SharePoint Online.
3. The OneDrive Clean Up Job runs, and the OneDrive is marked for deletion. The deleted user will appear in
the Microsoft 365 admin center for 30 days. The default retention period for OneDrive is also 30 days, but
you can change this in the OneDrive admin center (see Set the OneDrive retention for deleted users) or by
using the -OrphanedPersonalSitesRetentionPeriod parameter for the Set-SPOTenant cmdlet in the
SharePoint Online Management Shell. For more information about using this cmdlet, see Set-SPOTenant.
4. If a manager is specified for the deleted account, the manager will receive an email telling them they have
access to the OneDrive, and that the OneDrive will be deleted at the end of the retention period.
5. If a manager isn't specified for the user account, but a secondary owner was entered in the SharePoint
admin center, the secondary owner will receive an email telling them they have access to the OneDrive, and
that the OneDrive will be deleted at the end of the retention period.
6. Seven days before the retention period expires, a second email will be sent to the manager or secondary
owner as a reminder that the OneDrive will be deleted in seven days.
7. After seven days, the OneDrive for the deleted user is sent to the site collection recycle bin, where it is kept
for 93 days. During this time, users will no longer be able to access any shared content in the OneDrive. To
restore the OneDrive, you need to use PowerShell. For info, see Restore a deleted OneDrive.
NOTE
The Recycle Bin is not indexed and therefore searches do not find content there. This means that an eDiscovery hold
can't locate any content in the Recycle Bin in order to hold it.
NOTE
Retention policies always take precedence to the standard OneDrive deletion process, so content included in a policy could
be deleted before 30 days or retained for longer than the OneDrive retention. For more info, see Overview of retention
policies. Likewise, if a OneDrive is put on hold as part of an eDiscovery case, managers and secondary owners will be sent
email about the pending deletion, but the OneDrive won't be deleted until the hold is removed. The retention period for
cleanup of OneDrive begins when a user account is deleted from Azure Active Directory. No other action will cause the
cleanup process to occur including disablement of a user account or removal of a user's license. For more information, see
Remove licenses from users in Office 365 for business.
Get a list of all user OneDrive URLs in your
organization
This article is for global and SharePoint admins in Office 365.
View the list of OneDrive users and URLs in your organization

organization.)
NOTE
2. In the left pane, select Reports > Usage. (You might need to select Show all to see the Reports option.)
3. Select the OneDrive files tile, or select Select a report > OneDrive usage.
NOTE
If you see GUIDs in the report instead of URLs and names, in the left pane, select Settings > Services & add-ins,
and then select Reports. Clear the box Display anonymous identifiers instead of names in all reports.
4. In the upper right of the table at the bottom, select Export.
Create a list of all the OneDrive URLs in your organization using

Microsoft PowerShell
The list you create in these steps will be saved to a text file.
NOTE
2. Save the following text to a PowerShell file. For example, you could save it to a file named
OneDriveSites.ps1.
$TenantUrl = Read-Host "Enter the SharePoint Online Tenant Admin Url"
$LogFile = [Environment]::GetFolderPath("Desktop") + "\OneDriveSites.log"
Connect-SPOService -Url $TenantUrl
Get-SPOSite -IncludePersonalSite $true -Limit all -Filter "Url -like '-my.sharepoint.com/personal/"
|select Url | Out-File $LogFile -Force
Write-Host "Done! File saved as $($LogFile)."
3. Open the SharePoint Online Management Shell. Navigate to the directory where the script has been saved
and run:
PS C:\>.\OneDriveSites.ps1
NOTE
If you get an error message about being unable to run scripts, you might need to change your execution policies. For
info, see About Execution Policies.
4. The script will prompt you for the SharePoint Online tenant admin Url. For example, "https://contoso-
admin.sharepoint.com" is the Contoso SharePoint Online tenant admin Url.
5. You will then be prompted to log into the tenant. Use a SharePoint Online Administrator or Global
Administrator account.
After the script successfully completes, a text file is created in the location specified by the $LogFile variable in the
script. This file contains a list of all OneDrive Urls in your organization. The following text provides an example of
how the list of Urls in this file should be formatted.
Url
---
https://contoso-my.sharepoint.com/personal/annb_contoso_onmicrosoft_com/
https://contoso-my.sharepoint.com/personal/carolt_contoso_onmicrosoft_com/
https://contoso-my.sharepoint.com/personal/esterv_contoso_onmicrosoft_com/
https://contoso-my.sharepoint.com/personal/hollyh_contoso_onmicrosoft_com/
More information
Once you have the URL for a user's OneDrive, you can get more info about it by using the Get-SPOSite cmdlet,
and change settings by using the Set-SPOSite cmdlet.
Help users use the Discover view in OneDrive
This article is for IT administrators. If you're not an IT admin, see Are my documents safe in the Discover view in
OneDrive for Business? for info about using the Discover view.
The more your users use OneDrive for Business in Office 365 to work together, by viewing, editing and sharing
each other's documents, the more useful the Discover view in OneDrive for Business will be for everyone. Learn
more about how you as an admin can help users get the most out of the Discover view.
The Discover view is powered by Office Delve, and both have a dependency on the Office Graph. It shows users
the most relevant content based on who they work with and what they're working on. The information in the
Discover view is tailored to each user. The Discover view doesn't change permissions and users will only see what
they already have access to.
As an admin, you can make sure that you allow your organization to access the Office Graph, and that you have set
up other Office 365 services that the Discover view uses, for instance SharePoint Online and Delve. You can also
help people get started with the Discover view, and address questions that users might have.
What you need to get the Discover view

Discover view functionality is available to Office 365 users in OneDrive for Business, which is available in the
following subscription plans of Office 365:
Office 365 Enterprise (E1, E3, and E4)
Office 365 Education
Office 365 Government (E1, E3 and E4)
Office 365 Business Essentials
Office 365 Business Premium
Regardless of which of these Office 365 plans you have, you need to activate the SharePoint Online service and
assign users a SharePoint Online license before they can start using the Discover view.
OneDrive for Business in Office 365 is designed to work with the current or immediately previous version of
Internet Explorer or Firefox, or the latest version of Chrome or Safari. For more information, see Office 365 system
requirements.
Introducing the Discover view in your organization

Here are some resources that you can use to get your organization started with the Discover view.
Before you announce the Discover view
SharePoint Online and OneDrive for Business are the primary sources of content in the Discover view. How you
and users manage permissions on documents and sites affects what users see in the Discover view. Check out
Overview: best practices for managing how people use your team site and Plan your permissions strategy for more
information.
Using the Discover view on a day-to -day basis
You can point users to the Discover view help article: Are my documents safe in the Discover view in OneDrive for
Business?
Help users troubleshoot the Discover view

Use the information in this section to help troubleshoot issues in the Discover view.
Users don't see user pictures in the Discover view
Users see very little or no content in their Discover view
Users are concerned that private or sensitive documents are available in the Discover view
Users don't see user pictures in the Discover view
The user pictures in the Discover view are from the SharePoint Online user profiles. If there's no picture for a user
in his or her SharePoint Online user profile, the Discover view has no picture to show.
Solution(s)
Make sure that users upload their user profile picture to SharePoint Online. For more information, point users to
View and update your profile in Office Delve (the Discover view is powered by Delve).
Users see very little or no content in their Discover view
The content in the Discover view comes from different content sources across Office 365 such as SharePoint
Online and OneDrive for Business.
If users don't have any recently modified or viewed content in these content sources, and they don't have access to
other users' content, the Discover view may have very little or no content to show. Users also need to have licenses
to Office 365 services and access to the Office Graph to see content in the Discover view.
Solution(s)
Encourage your users to store and share documents in SharePoint Online and OneDrive for Business. For
more information, see Store your documents where Office Delve can get to them (the Discover view is
powered by Delve) .
Check the permission settings on the SharePoint sites to make sure that the user has access to the correct
sites and their content.
Check that the user is in the Active Directory and that he or she is a member of the correct Active Directory
groups. To verify, go to Microsoft 365 admin center > Users > Active Users.
As an admin, you can allow your organization to access the Office Graph. This makes sure the Discover view
shows the most relevant content to users. See Control access to the Office Graph for more information.
Make sure that you've assigned users a license to access to the Office 365 services that you've activated.
Users are concerned that private or sensitive documents are available in the Discover view
Any document that a user can view or edit in Office 365, can also appear in the Discover view. The Discover view
doesn't change any permissions and users will only see documents they already have access to. Sometimes,
though, you may want to prevent a document from appearing in the Discover view.
Solution(s)
Check the permission settings for the documents, sites and libraries and make sure that only the intended
users have access to the content.
If you want to prevent specific documents from appearing in the Discover view, follow the steps in Manage
the search schema in SharePoint Online. You can keep storing the documents in Office 365, and people can
still find them through search - they just won't show up in the Discover view or Delve.
About the Office Graph
The Discover view is powered by the Office Graph. The Office Graph stores data representations about all Office
365 items as nodes in a graph index. The Office Graph data is stored in the customer's partition of the SharePoint
Online and Exchange Online environments, and has the same data protection and security as other customer data
stored in the same cloud services.
The Office Graph uses rich relationships to describe connections between items of different types. In addition, the
Office Graph uses advanced analytics and machine learning techniques to create inferred rich relationships - what
we call insights.
To present the most relevant content in different contexts, in the Discover view or in Delve for example, the Office
Graph uses a two-step analysis. First, it calculates which users in the Office Graph are most relevant to the current
context. Second, it retrieves the most relevant content associated with these users. The content is tailored to each
user, and users only see what they already have access to.
For developers, the Office Graph insights and rich relationships are exposed through the Microsoft Graph, a single
REST API endpoint (https://graph.microsoft.com) that exposes multiple APIs from Microsoft cloud services. For
more information, see Office Graph.
What is the effect of allowing or not allowing access to the Office Graph?
If you don't allow access to the Office Graph, you affect the relevance of the content displayed in the Discover view
and in experiences elsewhere in Office 365, for example on the SharePoint start page. Allowing and not allowing
access to the Office Graph will also affect Delve functionality.
NOTE
For more information, see Office Delve for Office 365 admins.
Additional resources
End users
Are my documents safe in the Discover view in OneDrive for Business?
What is Office Delve?
How does Office Delve know what's relevant to me?
What is OneDrive for Business?
Should I save my documents to OneDrive for Business or a team site?
Upload a folder or files to a document library
Admins
Office Delve for Office 365 admins

One Drive

Uploaded by

Copyright:

Available Formats

One Drive

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

One Drive

Uploaded by

Copyright:

Available Formats

Contents

Download the latest sync client or mobile apps

Use FastTrack onboarding and adoption services

Read the OneDrive blog

See the OneDrive roadmap

Find apps that work with OneDrive

Why deploy OneDrive?

Key OneDrive features

Deployment and management options

SIZE OF ORGANIZATION DEPLOYMENT TOOLS USED MANAGEMENT

Small business Local installation OneDrive admin center

Enterprise System Center Configuration Manager System Center Configuration Manger,

Feature releases and requests

Keys to successful user adoption

Preparing your environment

Files in on-premises OneDrive or MySites libraries

Install OneDrive apps and sync clients manually

Manually install and configure OneDrive on a mobile device

Install OneDrive on Windows devices by using scripting methods

Deploy and configure OneDrive through Windows AutoPilot

Deploy OneDrive by using Intune

Deploy OneDrive by using System Center Configuration Manager

CATEGORY TASKS TECHNOLOGY OR METHOD

Manage OneDrive by using the OneDrive admin center

Manage OneDrive settings by using Intune

New-ItemProperty -Path 'HKCU:\\SOFTWARE\\Microsoft\\OneDrive' -Name 'EnableEnterpriseUpdate' -Value '1' -

Manage OneDrive by using System Center Configuration Manager

> Execute \<pathToExecutable\>\\OneDriveSetup.exe /update /restart

Getting started with OneDrive

OneDrive Files On-Demand

Install and set up OneDrive apps

Install and configure the sync client on a Windows device

Install and configure OneDrive on a mobile device

Get help with OneDrive

Deploy the OneDrive sync client for Windows

Check if users already have the OneDrive sync client

Deploy any administrative settings

4. Copy the installer to a folder in the SCCM source content share.

6. Select the sample package.

Execute <pathToExecutable>\OneDriveSetup.exe /silent

(where pathToExecutable is a location on the local computer or an accessible network share).

msiexec /qn c:\downloads\setup.msi

Help users sign in

Deploy the OneDrive app on mobile devices running iOS or Android

4. Target the app to users.

4. Target the app to users.

Always available Pinned attrib +p <path> /Applications/OneDrive.App/

Locally available Clearpin attrib -p <path> /Applications/OneDrive.App/

Online-only Unpinned attrib +u <path> /Applications/OneDrive.App/

$HKLMregistryPath = 'HKLM:\SOFTWARE\Policies\Microsoft\OneDrive'##Path to HKLM keys

$DiskSizeregistryPath = 'HKLM:\SOFTWARE\Policies\Microsoft\OneDrive\DiskSpaceCheckThresholdMB'##Path to max

{New-Item -Path $HKLMregistryPath -Force}

{New-Item -Path $DiskSizeregistryPath -Force}

Office version Minimum version

Office 365 ProPlus 16.0.7167.2*

Office 2016 MSI 16.0.4432.1*

Office 2013 MSI/C2R 15.0.4859.1*

Block the previous sync client from syncing

1. Download the latest SharePoint Online Management Shell.