#FAQFriday: 8 Tips for Mastering OneDrive Security Basics

Unfortunately, seasoned IT Admins know from many long nights that planning for escalated outages is important. With new security threats emerging every single day, it’s more important than ever to make sure that your environment is locked down, including for shared OneDrive files and options by end users.

Microsoft first rolled out OneDrive in 2007 (Remember when it was called SkyDrive?), and it has become a very popular platform to share files of all sorts with others, whether onsite, at a partner’s site, customer site, or working from the train. It is also commonly used for sharing company data overseas with international employees or key vendors. The downside to all this sharing is that sometimes employees forget to be mindful of confidential company data.

We get requests every month for advice or engineering for locking down OneDrive, especially the newer OneDrive features. OneDrive makes it easier and faster than ever for users to collaborate, but, it also creates potential for sensitive or confidential information to fall into the wrong hands.

Luckily – by design, there’s a lot you can do as an IT Support Engineer or OneDrive Admin to make sure that your users’ OneDrive data is locked down and secure, other than beg your users to “pay attention” to what they’re doing.

In this blog, we’ll show you some tips to help lock down your OneDrive files and data.

Please note: In order to make changes to OneDrive sharing settings as an administrator, your account will need to have Office 365 Global Admin permissions, SharePoint Admin permissions or similar.

TIP #1 – Lock down who the OneDrive links should be shared with.

To manage or lock down OneDrive links and sharing, follow the steps below.

Go to the Admin Centers | OneDrive admin center.


Once the OneDrive Admin console opens, click on sharing.
1. Determine the sharing settings that you’d like to set including whether you’d like your users to share links with external people or not, how long the links should be available for, and whether you’d like for the recipient of the links to be able to view, edit and/or upload the files and folders.

2. Click on the Advanced settings for external sharing to configure settings like blocking specific domains from receiving shared links, control whether the external receivers of the links can forward the links to the shared OneDrive files and folders to other users, and allow the original owner of the shared files to view names of who accessed the shared files.
Understanding the different OneDrive Link Types

Shareable: This means by default that anyone, whether they’re inside or outside of your organization, will be able to view any OneDrive link they receive. This is the default setting for OneDrive links.  While this is helpful for companies and organizations that frequently collaborate with partners, customers, and other individuals outside of their company, it can make for some serious security risks when it comes to confidential data, like HR data, financial records, patented info, etc.

Setting the default link type to “shareable” means there is always potential for information to get into the wrong hands, such as competitors, private individuals, hackers, and other unknown, shadowy figures that can’t be trusted with confidential information.

Internal: If you decide to set the link default to “internal”, only users within your organization will be able to view OneDrive links.

Direct: This setting means that only users who already have permission to view the file will be able to access the OneDrive link to the item.

Advanced settings for shareable links:

TIP #2 - Limit how many days the links can be shared.

“Link expires within this number of days” - If you select this option, you can create a default period in which any shared OneDrive link is available for. So, for example, if you set the default to 3 days, anyone who has a OneDrive link shared with them will only be able to access the file. content for 3 days. After that period expires, they will no longer have access. This is especially useful for reports that get updated regularly, or if there is data that you don’t want external people to share long-term.

TIP #3 - Decide the type of permissions that the recipients of the links to the files and folders should have.

File and Folder options: You can also determine how much access you want to give to users who receive OneDrive links. You can decide if you want them to be able to view, edit, and/or upload files and folders.

TIP #4 - Block or specifically allow domains that the OneDrive data can be shared with.

Advanced Settings for External Sharing:
If you decide you want your users to be able to share OneDrive links with users outside of your organization, there are many options for customizing the options external users have when viewing these links.
Block Sharing with people on specific domains: This incredibly helpful feature allows IT admins to determine which domains will be barred from viewing OneDrive links. For example, let’s say that your business has a competitor that consistently poaches employees and tries to get ahold of your sales leads. By blocking specific domains, you can make sure that valuable information doesn’t get into the wrong hands and block the domain from accessing data if an employee mistakenly sends a link with crucial info to the competitor.

TIP #5 - Limit if OneDrive links can be forwarded.

External Users must accept sharing invitations using the same account that the invitations were sent to: This feature is just another way to make sure that information that belongs to your organization is not passed around to the wrong hands. By enabling this setting, only users you directly share a OneDrive link will be able to view the shared content, meaning they are unable to pass it around or forward the links to additional non-secure accounts, like Gmail, Hotmail, or AOL accounts.

TIP #6 - Control whether external users can share links.

Let External users share items they don’t own: This feature keeps right in line with the preview features, in that it determines whether or not you want to allow external users the option to share files owned by users in your organization.

TIP #7 - Allow owners of files, folders and links to see which users have accessed the shared data.

Display to owners the names of people who viewed their files: This feature allows for users who originally created the data or links to keep track of who exactly has viewed their shared OneDrive data.

TIP #8 - Lock down the types of files and location of user workstations that can access the data.

Blocking file types from OneDrive: Certain file types are more prone to be malicious content. If you want to limit your users from downloading potentially harmful file types onto their work stations, you can list them in the block syncing of specific file types.

1. Go to “sync”.
2. Select “Block synching of specific file types”.
3. Begin typing in different file extensions you want to prohibit your users from uploading to OneDrive. For example, many of our customers have blocked .exe files, due to their often-malicious nature.

In summary, here is a list of tips to lock down your OneDrive environment:
  1. Lock down who the OneDrive links should be shared with.
  2. Limit how many days the links can be shared.
  3. Decide the type of permissions that the recipients of the links to the files and folders should have.
  4. Block or specifically allow domains that the OneDrive data can be shared with.
  5. Limit if OneDrive links can be forwarded.
  6. Control whether external users can share links.
  7. Allow owners of files, folders and links to see which users have accessed the shared data.
  8. Lock down the types of files and location of user workstations that can access the data.

As you can see, there are many options when it comes to securing your OneDrive environment. The aforementioned tips, however, are only just a few of the most pertinent OneDrive security settings to move toward a more secure OneDrive experience.

We hope you find this helpful!

Need more information? We offer a 1.5 hour virtual instructor-led OneDrive admin training course!
Posted in

Related Posts

Recent

Archive

Categories

Tags