1 / 44

OneDrive for Business: Administration, Security and Compliance

Boston Office 365 User Group – December 2016. OneDrive for Business: Administration, Security and Compliance. Oliver Bartholdson. Senior SharePoint Consultant Microsoft PTSP Twitter: @ obartholdson LinkedIn: linkedin.com/in/obartholdson. What you will get out of this session.

miverson
Download Presentation

OneDrive for Business: Administration, Security and Compliance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Boston Office 365 User Group – December 2016 OneDrive for Business: Administration, Security and Compliance

  2. Oliver Bartholdson Senior SharePoint Consultant Microsoft PTSP Twitter: @obartholdson LinkedIn: linkedin.com/in/obartholdson

  3. What you will get out of this session Prepare for launch Protect after launch Governance Plan Data Migration

  4. What you will NOT get out of this session Prepare for launch Protect after launch Governance Plan Data Migration

  5. OneDrive for Business Overview All my files inone place Unlimited Storage Anywhere Access Sync client Get work done. Together. Office client integration Co-authoring Easy sharing Search & Discovery A trusted enterprise-grade service Security Management Admin Control

  6. Add a Secondary Administrator Global Admin view End user view

  7. Add a Secondary Administrator Automatically add a secondary administrator during the creation process of the OneDrive site (MySite) SharePoint Admin Center > User Profiles > Setup MySites

  8. Add a Secondary Administrator For existing OneDrive sites, you must: • Sign in to Office 365 as a Global Administrator • Connect to the tenant using Connect-SPOService • Create a list of all OneDrive for Business sites using GetOD4BSites.ps1 • Assign a user as a site collection administrator across all OneDrive sites using OD4BAssignSCA.ps1

  9. Add a Secondary Administrator Tips • Assign permissions to no more than 2,500 OneDrive for Business sites per day • Keep a record of the OneDrive sites and administrators • Communicate to users that an administrative account has been assigned as a site collection administrator to OneDrive for Business sites in your organization

  10. OneDrive for Business Storage 0TB 1TB 2TB 3TB 4TB 5TB 6TB 7TB Unlimited storage included in all Enterprise plans 1TB limit by default, can be increased to 5TB Ask Microsoft for more than 5TB

  11. Set Storage Quota • Sign in to Office 365 as a Global Administrator • Connect to the tenant using Connect-SPOService • To set a global quota for new OneDrive sites • Set-SPOTenant -OneDriveStorageQuota <quota> • To reset an existing OneDrive site to new quota • Set-SPOSite -Identity <siteURL> -StorageQuotaReset • To set the storage quota for a specific OneDrive site • Set-SPOSite -Identity <siteURL> -StorageQuota <quota>

  12. Pre-Provision OneDrive Why pre-provision? • Migrate data from file server or other repository • Migrate data from OnPrem MySite to OneDrive for Business • Part of your on-boarding process

  13. Pre-Provision OneDrive • Configure Secondary Admin and Storage Quota • Set up the SharePoint Online Management Shell • Sign in to Office 365 as a Global Administrator • Connect to the tenant using Connect-SPOService • Run the Request-SPOPersonalSite cmdlet, or create a CSV file to provision up to 200 OneDrive libraries at once • Your request will be queued through a timer job Be sure to assign a license to the Global Administrator account that will be running this PowerShell cmdlet.

  14. OneDrive Retention • Account gets deleted in Office 365 Admin Center or removed through Azure AD sync • OneDrive site is marked for deletion through the MySite Cleanup Timer Job • The Manager in AD gets notified via email and obtains ownership of the OneDrive site • 30 Days later the OneDrive data is deleted 30 Days

  15. MySite Cleanup Job • Add a secondary owner in case the manager field is not populated in AD • Increase the retention period for the MySite Cleanup Timer Job to up to 10 years! • Set-SPOTenant –OrphanedPersonalSitesRetentionPeriod <number of days>

  16. Data Loss Prevention Policies (DLP) • Identify sensitive information across many locations, such as Exchange Online, SharePoint Online, and OneDrive for Business • Prevent the accidental sharing of sensitive information • Get notified or view DLP reports showing content that matches your organization’s DLP policies

  17. Data Loss Prevention Policies • Security and Compliance > Threat Management > DLP • Protect all OneDrive sites, or just a few • Create your conditions

  18. Data Loss Prevention Policies • Choose a sensitive information type, or create your own • Create an action when conditions are met

  19. Data Loss Prevention Policies

  20. Next Generation Sync Client Next Gen Sync Client (onedrive.exe) • Windows 7, 8, 8.1, 10, Mac OS X 10.9 • OneDrive for Business, OneDrive Consumer, SharePoint, Groups (Preview) • No item limit • 10 GB file size limit • Supports Selective Sync • Supports real-time co-authoring in Office 2016 • Included in Office ProPlus 2016 • MFA with Modern Authentication • Control bandwidth consumption Original Sync Client (groove.exe) • Windows 7, 8, 8.1, 10 • OneDrive for Business, SharePoint, Groups • 20,000 item limit • 2GB file size limit • No Selective Sync • Supports co-authoring from local docs • Included in Office ProPlus 2013 • MFA App Passwords

  21. Next Generation Sync Client Previous Sync Client New sync client

  22. Next Generation Sync Client Already have the old groove sync client installed? • The next gen sync client with automatically take over syncing • Groove.exe with stop syncing OneDrive sites • OneDrive.exe starts syncing the same OneDrive site without re-downloading the content • Groove.exe stops running and removes itself from automatic startup, unless it’s syncing other content like SharePoint site libraries or OnPrem OneDrive for Business

  23. Next Generation Sync Client Download the sample SCCM package. Just update the OneDrive.exe path and the application owner. • System Center Configuration Manager (SCCM) or Group Policy can be used to deploy the sync client • Deploy OneDrive.exe to your users • Launch OneDrive.exe to allow users to setup the sync client • Set update cadence (Optional)

  24. Next Generation Sync Client Key Administration Settings via Group Policy • Set the default location for the OneDrive folder • Prevent users from changing the location of their OneDrive folder • Prevent users from synchronizing their personal OneDrive accounts • Set maximum upload bandwidth percentage that OneDrive.exe uses Download the OneDrive Deployment Package to get the adml and admx group policy files

  25. Next Generation Sync Client Set-SPOTenantSyncClientRestriction • Block sync to non-domain joined machines • Control the list of allowed domains • Block Mac sync since they do not support domain join • Block specific file extensions from synching • Prevent users from synchronizing their personal OneDrive accounts • Block the old sync client

  26. Classic vs. Modern OneDrive

  27. External Sharing Tenant level options Site collection options Site collection sharing cannot be less restrictive than the tenant setting

  28. External Sharing All or nothing OneDrive sharing Enable for all, block for some • Set-SPOSite –Identity https://<yourtenant>-my.sharepoint.com –SharingCapability Disabled

  29. External Sharing You can setup a list of approved domains or blocked domains but not both These settings apply to both SharePoint Online and OneDrive for Business!

  30. Protect after launch

  31. End User Activity Reports Who has viewed that document? Who is sharing files with external parties? Who deleted those files? Who created an anonymous link to this file? Who is using the sync client to download files? Who deleted the compliance administrator from their OneDrive?

  32. End User Activity Reports

  33. Advanced Alerts

  34. Content Search

  35. Content Search

  36. Content Search

  37. eDiscovery Case Management

  38. Preservation Hold Library Preservation Hold Library Document Library

  39. eDiscovery Case Management Preserve Identify Search Analyze Review Identifying Relevant Data

  40. Advanced eDiscovery

  41. Questions

  42. Resources Data Loss Prevention Policies Next Generation Sync Client Overview Determine Version of Sync Client Transition to the Next Gen Sync Client Deploying the Next Gen Sync Client Administrative Settings for the Next Gen Sync Client Block Sync From Non-Domain Joined Machines Overview of External Sharing End User Activity Reports Advanced Alerts in Office 365 Run a Compliance Search eDiscovery Case Management Advanced eDiscovery Stay Up to Date with the Sync Client Release Notes Downloads OneDrive Deployment Package sample SCCM package GetOD4BSites.ps1 OD4BAssignSCA.ps1 References Add a Secondary Administrator Assign eDiscovery Permissions to OneDrive OneDrive for Business Storage Set OneDrive Storage Quota Pre-Provision OneDrive Sites Overview of OneDrive Retention and Deletion OneDrive Retention PowerShell cmdlet

  43. Thank you! Don’t forget to follow me: Twitter: @obartholdson LinkedIn: linkedin.com/in/obartholdson

More Related