Disabling OneDrive for Business

Disabling OneDrive for Business

  •  
  •  
  • 1
  •  
  • 1
  •  
    2
    Shares

Today, a colleague asked how to disable OneDrive for Business for a customer.

The answer, of course, is like many tech answers.

It depends on the context

In this case, it depends on whether you mean “prevent OneDrive from provisioning” or “prevent users from accessing OneDrive sites that have already been provisioned.”  We’ll dive into both scenarios.

Preventing OneDrive for Business from Provisioning

Some organizations may choose to roll out OneDrive for Business to users in phases.  Frequently, they have needs to use tools like Teams and SharePoint, but haven’t fully developed a governance plan for SharePoint Online.

The sticky wicket is that OneDrive for Business is tied to the SharePoint Online licensing for a user.  As soon as a user is licensed for SharePoint Online and logs into OneDrive for the first time, a site provisions.

In those instances, you can disable automatic OneDrive provisioning or restrict OneDrive for Business provisioning to certain individuals or groups. This is adapted from my book Microsoft Office 365 Administration: Inside Out.

  1. Log on to Office 365 Admin Center with an account that has global admin privileges.
  2. In the navigation pane, select Admin Centers and then select SharePoint.
  3. In the SharePoint Admin Center, select More Features.
  4. Select User Profiles.
  5. Under People, select Manage User Permissions.

  6. To add users or a group of users you want to be able to provision OneDrive sites, type the user or group name and click Add. NOTE: You can only add groups if they are mail-enabled security groups.
  7. After you have added any users or groups you want to have permissions to provision their OneDrive sites to the list, select Everyone Except External Users in the user list and then clear the Create Personal Site check box.  This will prevent all of the users (except the ones added in the previous step) from being able to provision new OneDrive for Business sites.

From this point on, site provisioning for new OneDrive for Business users will be blocked.  This will obviously impact OneDrive for Business, but it also will impact peer-to-peer file sharing in Microsoft Teams. The ability to upload files to a Teams channel conversation from a local PC or or directly to the Teams files tab will not be impacted.

This will also not impact existing OneDrive for Business sites.  For that, we need to look at …

Managing Access to Existing OneDrive Sites

You can manage a user’s access by configuring the LockState property of the site via PowerShell.

Prerequisites

This requires the SharePoint Online Management Shell.

To install the SharePoint Online Management Shell via PowerShellGet, use the Install-Module -Name Microsoft.Online.SharePoint.PowerShell command.  If you have installed it previously, you may use the Update-Module -Name Microsoft.Online.SharePoint.PowerShell  command.

If you installed it via MSI previously, you cannot use the Update-Module method and will have to first uninstall via Add/Remove Programs.  You can also download the SharePoint Management Shell directly as an MSI package from https://www.microsoft.com/en-us/download/details.aspx?id=35588.

You can also manage access to existing OneDrive for Business sites by directly using the SharePoint Online Management Shell’s Set-SPOSite cmdlet.  That’s basically what the OneDrive for Business Admin tool does in the background.  Either way will work just fine.

Using the SharePoint Management Shell

The SharePoint Management Shell method utilizes the Set-SPOSite cmdlet to set the LockState of the site.  In order to do this, you will need to know the URL of the particular OneDrive for Business Site.  Finding the URL of a OneDrive user’s site is not too terribly hard, even with the standard SharePoint Management Shell cmdlets.  For example, if I wanted to learn the SharePoint OneDrive for Business URL of a user named ‘TMoen,’ I could simply run:

$UserSite = Get-SPOSite -IncludePersonalSite $True -Filter "Url -like '-my.sharepoint.com/personal/'" | ? { $_.Owner -like "*tmoen*"}

You could also save all of your organization’s OneDrive sites together (if you wanted to run this process against them all), or filter them any number of ways.

[array]$UserSites = (Get-SPOSite -IncludePersonalSite $True -Limit All -Filter "Url -like '-my.sharepoint.com/personal'").Url

From here, it’s just a matter of running using the Set-SPOSite cmdlet (either individually or running through a loop) to set the LockState of the site to NoAccess:

$UserSites | % { Set-SPOSite -LockState NoAccess -Identity $_ }

To revert one or more sites, simply use the Set-SPOSite cmdlet to set the LockState Unlock.

Happy SharePointing!

Published by Aaron Guilmette

Helping companies conquer inferior technology since 1997. I spend my time developing and implementing technology solutions so people can spend less time with technology. Specialties: Active Directory and Exchange consulting and deployment, Virtualization, Disaster Recovery, Office 365, datacenter migration/consolidation, cheese.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.