Some notes about deploying and managing OneDrive for Business in an enterprise environment.
There’s no lack of information on configuring an Office 365 tenant for OneDrive for Business. The problem is that it’s scattered all over the place, and since OneDrive for Business is layered on top of SharePoint Online, a lot of the information is included in the SharePoint documentation.
What I have done here is collect as much information as I can from various sources on the Internet. Most of it comes from Microsoft Support & TechNet articles, and some of it comes from the Microsoft community of consultants who take the time to blog about it.
When possible, I have included links to the web pages I have referenced. Also, the information on this page assumes your organization has an Office 365 Enterprise plan E1 – E5.
[Update] On 15-Dec-2016 Microsoft announced a preview of the OneDrive Admin Center in Office 365. Most, but not all, of the configuration settings in this post have been included in the new OneDrive Admin Center.
Here’s an outline of the topics covered in this post:
- Overview
- My Site Pre-Provisioning
- Restrict My Site Provisioning
- My Site Storage Quota
- My Site Secondary Administrators
- My Site User Profile Deletion
- My Site Secondary Owner
- Manage External Sharing
- Data Retention and Versioning
- Data Loss Prevention (DLP)
- Usage Reports
- Limitations & Restrictions
- Deploying the Sync Client for Windows
- Links to Online References
Overview
There’s a lot to consider when deploying OneDrive for Business. A lot more than just assigning a SharePoint Online license to your users, and walking away. In fact, assigning licenses is one of the last things you would perform in the deployment process.
On the back end, each user’s OneDrive for Business (ODFB) site is hosted in the organization’s SharePoint Online tenant. The ODFB site is built on top of a SharePoint document library contained within the user’s My Site instance.
An Office 365 administrator will do most of the ODFB site configuration from the SharePoint Online Admin Center and PowerShell.
My Site Pre-Provisioning
TechNet: How to Pre-Provision My Sites
By default, the first time a user browses to their Newsfeed, Site, or a OneDrive link, a My Site is automatically provisioned for them, which includes the the ODFB library/site.
In some cases, you might want a My Site to be ready beforehand, or pre-provisioned. However, pre-provisioning cannot be done from the Office 365 Admin Console, or the SharePoint Online Admin Center. Instead, you have to use a PowerShell script (outlined in the above referenced TechNet article), or do it programmatically using the REST API or CSOM.
MSDN Blog: Programmatically Provision My Sites
Note: When pre-provisioning with PowerShell, there is a limit of 200 users per request. If you have more than 200 users, you must submit the requests in batches. Before you submit the next batch of users, validate that a My Site was created for the last user in the current batch.
Restrict My Site Provisioning
Office Support: Manage Personal and Social Features
When a user is licensed for SharePoint Online, by default they are given the permissions to automatically create a My Site instance when they first try to use any of the My Site features.
However, an organization may want to restrict the creation of My Site instances, which means a user can be assigned a SharePoint Online license to access other SharePoint Online content (team sites and document libraries) without the user being provisioned with a My Site instance.
To do this, you would need to create one or more Active Directory security groups that are synced to the Office 365 tenant. Members of these groups would have the permissions to create their My Site instances. Users not in one of these groups would not get a My Site instance.
To restrict My Site provisioning, perform the following steps:
- Create one or more AD security groups that will be synced to Office 365
- Login to the Office 365 Admin Portal as a global administrator
- Open the SharePoint Admin Center page
- Select User Profiles in the left column
- In the People section, click on Manage User Permissions
- A pop-up window will appear in the browser where you can add users & groups, and apply permissions. You may need to scroll the pop-up window to see all of the options.
- Add the AD security group(s) you created, and give them one or more of the permissions:
- Create Personal Site (required for personal storage, newsfeed, and followed content)
- Follow People and Edit Profile
- Use Tags and Notes
- Select: Everyone except external users, and deselect the permissions you wish to disable:
- Create Personal Site (required for personal storage, newsfeed, and followed content)
- Follow People and Edit Profile
- Use Tags and Notes
- Click OK when you are finished.
Start adding users to the group(s) so they can have the permissions to create their My Site instance, and use their OneDrive for Business site.
My Site Storage Quota
Office Support: Set the ODFB Storage Quota
Note: This setting is available in the OneDrive Admin Center.
By default, the quota for storage in each user’s OneDrive for Business document library is 1TB. If your Office 365 plan allows for more storage than 1TB per user, you may want to raise the quota for your users.
You can also reduce the amount of storage associated with the ODFB library to a level below what the license entitles the users. For example, it could be used to set the quota to 500 GB by default.
You can change the quota value for new and existing OneDrive for Business libraries by using the Set-SPOTenant command. You need to be a tenant administrator to do this.
Note: The Set-SPOTenant command requires that you define the quota in Megabytes. If the value is set to 0 (zero), the parameter will have no effect. If the value is set larger than the maximum allowed, it will have no effect.
Set-SPOTenant -OneDriveStorageQuota <QuotaInMB>
My Site Secondary Administrators
Secondary Administrators are a group of users that can manage all My Site instances, including the ODFB sites. They will have full administrative permissions for all My Site instances that are created after an Active Directory security group is added as a My Site Secondary Administrator.
At the very least, you should add an empty AD security group here so that it’s available for future use.
To configure the My Site Secondary Administrator, perform the following:
- From the SharePoint admin center, click User Profiles.
- From the My Site Settings page section, click Setup My Sites
- From the My Site Secondary Admin section, click Enable My Site Secondary Admin checkbox
- In the Secondary Admin textbox, enter a user or security group.
- Click OK at the bottom of the page.
My Site User Profile Deletion
Microsoft Support: How User Profiles Are Deleted
Office Support: Access & Back Up User Data
By default, there is a 30-day retention period for a SharePoint User Profile, My Site, and ODFB site after a user account is deleted and removed from the directory service in SharePoint Online. The retention period is not triggered when a user account is disabled, or when a user’s license is removed.
Note: The retention period setting is available in the OneDrive Admin Center.
When a SharePoint User Profile is scheduled for deletion, the default action is to transfer ownership of the My Site to the user account listed in the profile’s Manager property. The Manager property is derived from the Manager attribute of the AD user account. If the user profile Manager property isn’t set, the My Site Secondary Owner will take ownership of the My Site.
Additionally, when the 30-day retention period is triggered, an email will be sent to the Manager (if designated), or to the Secondary Owner. Seven days before the site is deleted another email is sent.
A custom retention period can be set between 0 (zero) days and 10 years by using the Set-SPOTenant command with the -OrphanedPersonalSitesRetentionPeriod parameter.
Note: You should never delete SharePoint User Profiles manually unless you are instructed to do this by Microsoft Customer Support Services.
My Site Secondary Owner
The Secondary My Site Owner is a user account that is delegated ownership of a My Site that is flagged for deletion, and it gives an organization a chance to recover data that might otherwise be lost. It is recommended to define a Secondary My Site Owner for all sites, as a backup to the manager.
Additionally, because this user account will receive email notifications, the account should have a shared mailbox that can be accessed by multiple administrators.
To configure the My Site Secondary Owner, perform the following:
- From the SharePoint admin center, click User Profiles.
- From the My Site Settings page section, click Setup My Sites
- From the My Site Cleanup section, click Enable Access Delegation checkbox
- In the Secondary Owner textbox, enter in a user account.
- Click OK at the bottom of the page
Manage External Sharing
Office Support: Manage External Sharing
Office Support: Restricted Domains Sharing
JiJi Technologies: How to Configure External Sharing
Note: Some of the external sharing settings are available in the OneDrive Admin Center.
If your organization performs work that involves sharing documents or collaborating directly with vendors, clients, or customers, then you might want to use the external sharing features of SharePoint Online to share content with people outside your organization who do not have licenses for your Microsoft Office 365 subscription.
External sharing features include:
- The ability to turn external sharing on or off globally for an entire SharePoint Online environment (or tenant). Turning external sharing off at the tenant level means no documents, sites, or site collections can be shared externally.
- The ability to turn external sharing on or off for individual site collections. This provides you with the ability to secure content on specific site collections that you do not want to be shared.
- The ability to share sites and documents with authenticated users. Authenticated users are those who are invited to sign in by using a Microsoft account, or work or school account.
- The ability to share documents with guest users. Guest users, also called anonymous users, don’t need a Microsoft account, or work or school account, to access documents. They access the document via a guest link that you or your employees give to them.
External sharing is turned on by default for the entire SharePoint Online environment (sometimes referred to as a tenant), and the site collections in it. This includes each user’s My Site, which has their OneDrive for Business site.
Note: You may want to turn external sharing off globally before people start using sites, or until you know exactly how you want to use this feature.
Manage External Sharing Globally
When you turn off external sharing globally, this affects all sites within SharePoint Online including each user’s My Site, which has their OneDrive for Business site. In other words, the global sharing settings override the sharing settings applied to individual SharePoint sites, and to OneDrive for Business sites.
- From within the Office 365 Admin Portal, open the SharePoint Admin Center
- In the left column, choose Sharing
- The options shown in the below screenshot are available, which includes a way to whitelist or blacklist external domains.
- Click OK when you’re done.
Manage External Sharing for All My Sites
External sharing for OneDrive for Business sites is enabled for all users by default. It is possible to disable external sharing for all OneDrive for Business users.
Note: The global sharing setting will override this setting.
- Open the SharePoint Admin Center
- Select: Site Collections
- Select the My Sites Collection URL: https://tenantname-my.sharepoint.com
- At the top, click on Sharing
- In the new window, choose one of three options, and click Save
- Don’t allow sharing outside your organization
- Allow external users who accept sharing invitations and sign in as authenticated users
- Allow sharing with all external users, and allow the use of anonymous access links
Manage External Sharing for Individual My Sites
When external sharing is enabled globally, in some cases, you may want to prevent certain users from sharing documents outside the company. For example, the team responsible for financial disclosures.
Currently, the only way to turn off external sharing for an individual OneDrive for Business site is to use PowerShell. Make sure the latest SharePoint Online PowerShell module is installed, and that your PowerShell session is connected to your SharePoint Online tenant.
The Set-SPOSite command works for individual OneDrive for Business sites the same way it does for Team sites. As soon as you disable sharing, the user is informed they can’t share externally.
To successfully run the command, you will need the user’s My Site URL, which usually contains the user name. However, this should be confirmed before running the Set-SPOSite command.
Example URL
https://contosoinc-my.sharepoint.com/personal/user_contoso_com
Get the Properties of the User’s My Site
Get-SPOSite https://contosoinc-my.sharepoint.com/personal/user_contoso_com | FL *
Disable External Sharing for the User’s My Site
Set-SPOSite https://contosoinc-my.sharepoint.com/personal/user_contoso_com -SharingCapability Disabled
Enable External Sharing for the User’s My Site
Set-SPOSite https://contosoinc-my.sharepoint.com/personal/user_contoso_com -SharingCapability ExternalUserSharingOnly
Enable External Sharing for Authenticated Users & Guests
Set-SPOSite https://contosoinc-my.sharepoint.com/personal/user_contoso_com -SharingCapability ExternalUserAndGuestSharing
Time Limits for External Invitations
By default, an invitation sent to external users will expire after 90 days. If an invitee does not accept the invitation within 90 days, and that person still needs access, a new invitation will need to be sent. Currently, the value of 90 days cannot be changed.
When anonymous or guest links are allowed to be created and shared, by default there is no time limit. To set a time limit for anonymous links, use the Set-SPOTenant command. The acceptable values are between 1 and 730 days.
Set-SPOTenant –RequireAnonymousLinksExpireInDays 45
Auditing External Sharing Invitations
OneDrive Blog: Extending IT Control and Developer Options with ODFB
In regulated industries, it’s often important to audit every conversation with external parties – including any text your users add to their external sharing invitations. You can configure the SharePoint Online tenant to blind copy the full text of invitation emails to a dedicated archive mailbox.
The SharePoint Online Management Shell lets you specify the addresses to receive the BCC copy using the Set-SPOTenant command. Make sure the latest SharePoint Online PowerShell module is installed, and that your PowerShell session is connected to your SharePoint Online tenant.
Once BCC is enabled, a copy of every invitation will be sent to the mailbox and remain available for later auditing or review.
Configure the List of BCC Email Addresses
Set-SPOTenant -BccExternalSharingInvitationsList user1@contoso.com,user2@contoso.com
Enable BCC External Sharing Invitations
Set-SPOTenant -BccExternalSharingInvitations $True
Disable BCC External Sharing Invitations
Set-SPOTenant -BccExternalSharingInvitations $False
Data Retention & Versioning
Office Support: Overview of Preservation Polices
Office Support: How Does Versioning Work?
Using Office 365 preservation policies, it’s possible to keep a user’s My Site content indefinitely, even if the user has deleted it. Additionally, multiple versions of the content can be preserved, which allows previous versions to be accessed and searched.
When content is subject to a preservation policy, people can continue to edit and work with the content as if nothing has changed because the content is preserved in place, in its original location. However, if someone edits or deletes content that is subject to the policy, a copy is saved to a secure location where it’s preserved while the policy is in effect.
Preservation policies are created and managed in the Security & Compliance Center of the Office 365 Admin Portal. Preservation policies are then deployed to the different content sources that the policy includes, such as sites, mailboxes, and public folders.
A preservation policy doesn’t automatically preserve all versions of a document in a site. By default, versioning is turned on for all My Site libraries, which creates major versions with a limit of 500 versions.
Note: Versioning settings can be changed, or turned off, by the user. If requirements dictate that versioning should always remain on, it is recommended to create, and schedule, a PowerShell script to check the versioning settings, and to remediate them as needed.
Data Loss Prevention (DLP)
Since this is a post about OneDrive for Business and SharePoint Online, I won’t be covering how to configure and use DLP.
However, I strongly recommend that you become very familiar with DLP, and how it can be used to protect sensitive information in Office 365. Then after you understand DLP, and how it can be used, you need to configure it and put it to use.
Even if your company is not required to comply with any industry standards or regulations, you need to put DLP to use.
You may think it’s not that big of a deal. However, consider that there may be internal processes within your organization that exposes sensitive information, including your own. Configuring and enabling DLP will uncover these processes so that they can be changed to protect everyone’s data.
Here are a couple of links to Microsoft articles that explain DLP policies, and they would be your first step for deploying DLP:
- Office Support: Overview of Data Loss Prevention Policies
- TechNet: Data Loss Prevention for Exchange Online
Usage Reports
Office Support: Interpret a OneDrive for Business Usage Report
The new Office 365 Reports dashboard shows you the activity overview across the Office 365 products in your organization. The OneDrive part of the dashboard gives you a high-level view of the value you are getting from OneDrive in terms of the total number of files and storage used across all the OneDrive accounts in your organization.
You can then drill into it to understand the trends of active OneDrive accounts, and how many files the users are interacting with as well as the storage used. It also gives you the per OneDrive account details.
Note: You must be a global administrator in Office 365 or an Exchange, SharePoint, or Skype for Business administrator to see Office 365 reports.
At the time of this writing, there are two reports that can be viewed within the Office 365 Admin Portal.
Limitations & Restrictions
The My Site document library used for ODFB has its own limitations and restrictions, and each of the sync clients have limitations too. Since this is changing as Microsoft releases new features and versions of the sync clients, here are some links to get the latest information, and I have included some highlights below.
- Microsoft Support: Restrictions and Limitations for OneDrive.exe & the Mac OS X Sync Client
- Microsoft Support: Restrictions and Limitations for Groove.exe
- Office Support: SharePoint Online Software Boundaries and Limits
Library Limitations & Restrictions
- There’s a limit of 30 million documents that can be uploaded to a OneDrive for Business library.
- There’s a 10 GB file size limit for each file that’s uploaded to a OneDrive for Business library.
- File name paths can have up to 256 characters.
- A user cannot create a folder called “Forms” in the root of the library.
- There is a list of characters, and character strings, that cannot be used in file names.
Sync Client Limitations & Restrictions
- OneDrive.exe can’t be run with elevated privileges.
- You cannot add a network or mapped drive as a OneDrive sync location.
- A file that’s currently opened by an application cannot be synced. You have to close the file before the sync client will upload the file.
- The sync client does not support differential sync. This means that each time a file is changed or saved on a local computer or device, the entire file will be uploaded.
- The sync client doesn’t support syncing libraries that require checkout, or libraries that are protected by Information Rights Management (IRM).
- The OneDrive for Business sync client isn’t supported for client sessions that are hosted on Windows 2008 Terminal Services or Windows 2012 Remote Desktop Services (RDS).
- Roaming, Mandatory, and Temporary Windows profiles are not supported. The OneDrive for Business sync client is not supported in any configuration that doesn’t let the user account write to the OneDrive for Business application directories.
Outlook PST Files
Outlook PST files should only be uploaded into the OneDrive for Business library for archive purposes. If a user uploads PST files into their library, they should not be opened within Outlook. Additionally, you can configure the SharePoint tenant to block a list of file types from being synced (see below). PST files should be considered as a blocked file type.
OneNote Notebooks
OneNote notebooks have their own sync mechanism, and they are not synced by the OneDrive for Business sync client. Therefore, a user should save their OneNote notebooks through OneNote to their OneDrive library. OneDrive will create a stub file in the sync folder, depending where the OneNote file is saved.
Deploying the Sync Client for Windows
Office Support: Sync Client Deployment Planning
Office Support: Deploying the Sync Client
Office Support: Sync Client Release Notes (OneDrive.exe)
The OneDrive for Business Next Generation Sync Client lets users connect to their OneDrive for Business library using a work or school account, and then syncs files to their computer.
This section covers the deployment of the next generation sync client (OneDrive.exe). It does not cover the deployment of the old sync client (Groove.exe), which is included with Office 2013 and early versions of Office 2016.
If you have the old sync client (Groove.exe) already deployed in your environment, the new sync client (OneDrive.exe) should automatically take over a user’s connection to a OneDrive for Business library. If the user has sync connections to SharePoint team site libraries, Groove.exe will continue to sync those libraries, and both sync clients should work side-by-side.
It is strongly recommended to test migrating from Groove.exe to OneDrive.exe with a pilot group of users before deploying to everyone.
Office Support: Transition from Groove.exe
Sync Client Deployment Steps
There are 4 major steps in deploying the OneDrive for Business sync client (OneDrive.exe):
- Configure and deploy the OneDrive Sync Client Group Policies.
- Restrict the sync client based on the organizational requirements
- Limit syncing ODFB libraries to domain joined PCs only
- Block a list of file types from being synced
- Control the use of the old sync client (Groove.exe)
- Deploy OneDrive.exe by running the installer (OneDriveSetup.exe) with the /silent command line parameter.
- Run OneDrive.exe with the desired command line parameters to launch the user setup process.
OneDrive Sync Client Group Policies
The OneDrive for Business Next Generation Sync Client Documentation and Administrative Template Files (ADMX/ADML/REG) can be downloaded from Microsoft: https://www.microsoft.com/en-us/download/details.aspx?id=50381
After installing the ADMX/ADML files, the following group policy settings will be available in the GPMC:
User Configuration > Policies > Administrative Templates > OneDrive
- Prevent users from using the remote file fetch feature to access files on the computer
- Set the default location for the OneDrive folder
- Prevent users from changing the location of their OneDrive folder
- Prevent users from synchronizing personal OneDrive accounts
- Delay updating OneDrive.exe until the second release wave
- Coauthoring and in-app sharing of Office files
- Users can choose how to handle Office files in conflict
Office Support: OneDrive Sync Client Group Policy Settings
Important Note
When you enable or disable a setting, the corresponding registry key is updated on computers in your domain. If you later set the policy back to “Not Configured,” the corresponding registry key is not modified, and the effective policy setting does not change. Therefore, after you configure a setting, use the “Enabled” and “Disabled” settings for that policy going forward. Do not switch it to “Not Configured” because the registry key will not be updated.
Limiting File Sync to Domain Joined Computers
Note: This setting is available in the OneDrive Admin Center.
The OneDrive for Business sync client enables users to synchronize their files for offline use across their PCs or Macs, and by default, that includes their personal computers.
If you wish to only allow file sync to work on domain joined PCs, and specify which domains are allowed to sync (whitelisted), you can use the PowerShell Set-SPOTenantSyncClientRestriction command to block file sync on personally owned or unmanaged PCs.
Note: Using this setting means that you will disable file sync on all Macs as they cannot be domain-joined.
Limiting file sync to domain joined PCs is a two-step process:
- Use PowerShell to discover and enumerate all of the domain GUIDs into a text file.
- Run the Set-SPOTenantSyncClientRestriction command with the domain GUIDs that will be whitelisted.
Command to Enumerate Domain GUIDs
$domains = (Get-ADForest).Domains; ForEach($d in $domains) {Get-ADDomain -Identity $d | Select DistinguishedName, ObjectGuid | export-csv "C:\domain-guids.txt"}
Command to Limit File Sync to Domain Joined PCs
Set-SPOTenantSyncClientRestriction -Enable -DomainGuids "786344ZD-877B-4760-A749-6B1EFBC1190A; 877R64FF-877B-4760-A749-6BQRE12BC1190A"
Block a List of File Types from Being Synced
Note: This setting is available in the OneDrive Admin Center.
It may be necessary to block certain file types from being synced with the OneDrive for Business sync client. To do this, you use the PowerShell Set-SPOTenantSyncClientRestriction command to configure a list of file extensions that should not be synced by the OneDrive sync client, such as .PST files.
Any file extension may be blocked using this feature, but note that it may take up to 24 hours for a change to take affect across all user devices. When this feature is enabled, users syncing any file that is in the exclusion list will see an error message informing them of the block.
Note: This feature is only supported by the new OneDrive for Business sync client (OneDrive.exe).
Create/Update the List of File Types to Block
Set-SPOTenantSyncClientRestriction -ExcludedFileExtensions "pst;exe;docx;xlsx"
Clear the List of File Types to Block
Set-SPOTenantSyncClientRestriction -ExcludedFileExtensions ""
Control the Use of the Old Sync Client (Groove.exe)
If you want to block your employees from using the old sync client (Groove.exe), you can use the PowerShell Set-SPOTenantSyncClientRestriction command to configure your tenant to allow or disallow users from using the old OneDrive for Business sync client to sync OneDrive for Business libraries.
When this feature is set to “HardOptIn”, the old OneDrive for Business sync client will stop syncing the user’s OneDrive contents. OneDrive for Business users who are still using the old OneDrive for Business sync client will see an error message and will be prompted to launch and configure the new OneDrive for Business sync client. If they do not yet have the new client installed, they will have the opportunity to download and install it.
Note: This feature only applies to syncing a user’s own OneDrive for Business sites. Team Sites and shared content from other people’s OneDrive for Business sites will continue to sync with the old OneDrive for Business sync client.
Block Users from Using Groove.exe
Set-SPOTenantSyncClientRestriction -GrooveBlockOption "HardOptIn"
Allow Users to Continue Using Groove.exe
Set-SPOTenantSyncClientRestriction -GrooveBlockOption "OptOut"
OneDrive Sync Client Installation
Office Support: Deploy/Install the Next Generation Sync Client (OneDrive.exe)
If needed, you can download the sync client from Microsoft: https://onedrive.live.com/about/en-us/download/
The first step is to run the OneDriveSetup.exe installer on each machine. The installer will install the OneDrive.exe executable file in the directory %localappdata%\Microsoft\OneDrive.
Note: OneDriveSetup.exe installs OneDrive only within the current user account. OneDriveSetup.exe will need to be run once for each user account on the machine.
There are two options for deploying the OneDriveSetup.exe installer:
- OneDriveSetup.exe (no command line parameter)
- OneDriveSetup.exe /silent
Deploying OneDriveSetup.exe with no command line parameters will install OneDrive.exe with an installation status that will be visible to the user.
Additionally, after installation, OneDriveSetup.exe will automatically execute OneDrive.exe located at %localappdata%\Microsoft\OneDrive. This will automatically start the OneDrive Setup for the user.
OneDriveSetup.exe
Deploying OneDriveSetup.exe /silent will install OneDrive.exe transparently to the user, in which the user will not be displayed an installation status screen.
Additionally, OneDriveSetup.exe will not launch OneDrive.exe automatically after installation completes. The IT administrator will need to launch OneDrive.exe through an additional command.
Deploying OneDriveSetup.exe /silent has the benefit of allowing you to control when to launch OneDrive.exe and pass any additional command line parameters to OneDrive.exe.
OneDriveSetup.exe /silent
Launch the OneDrive Sync Client
Office Support: Deploy/Install the Next Generation Sync Client (OneDrive.exe)
After OneDrive.exe has been installed through the OneDriveSetup.exe installer, the OneDrive process can be launched by running OneDrive.exe along with one of the two following configurations:
- %localappdata%\Microsoft\OneDrive\OneDrive.exe (no command line parameter)
- %localappdata%\Microsoft\OneDrive\OneDrive.exe /configure_business:<TenantID>
Note: When using System Center Configuration Manager, make sure OneDrive.exe is run with User’s Right permissions (not run as an Administrator). An error will display if it is run with elevated permissions.
Launching OneDrive.exe with no command line parameters starts up the OneDrive process. Your user’s experience will depend on whether a OneDrive account has been configured previously on the device.
- If no accounts have yet been configured for OneDrive.exe on the device, OneDrive.exe will display the OneDrive Setup, and the user will be prompted to sign in with their account.
- If one or more accounts (business or personal) have already been configured for OneDrive.exe on the device, OneDrive.exe will start up all OneDrive processes and OneDrive Setup will not display to the user.
OneDrive.exe
Launching OneDrive.exe with the command line parameter /configure_business:<TenantID> will check to see if an account associated with a specific tenant has already been configured on the machine. Only in the case where an account of that tenant has not yet been configured will OneDrive Setup display to the user.
Running OneDrive.exe /configure_business:<TenantID> is a great way to target only the users who have not yet signed in with a desired account without bothering users who have already set up OneDrive.
OneDrive.exe /configure_business:12345678-1234-1234-1234-123456789012
OneDrive for Business Online References
Get Started
- What is OneDrive for Business?
- Get started with the OneDrive for Business Next Generation Sync Client in Windows
- Get started with the OneDrive for Business Next Generation Sync Client on Mac OS X
- Set up OneDrive on an iPhone or iPad
- Use OneDrive on Windows Phone
- Set up OneDrive on an Android phone or tablet
- Which OneDrive Sync Client am I using?
- OneDrive for Business Next Generation Sync Client release notes
Manage OneDrive for Business
- View OneDrive for Business usage reports
- Allow my users to share files with external people
- Manage External Sharing for SharePoint Online
- Manage Storage Quotas
- Search audit log reports
Deploy the Sync Client
- Get the OneDrive for Business Sync Client
- Plan for deploying the OneDrive for Business Next Generation Sync Client in an enterprise environment
- Deploy the OneDrive for Business Next Generation Sync Client in an enterprise environment
- Deploy the OneDrive Next Generation Sync Client on OS X and configuring work or school accounts
- Configure OneDrive for Business settings for my enterprise users through Group Policy
- Transition to the new OneDrive for Business Sync Client
- Redirect my users’ documents folder to OneDrive for Business
- Ports and URLs required for OneDrive for Business
- Restrictions and limits when using the OneDrive for Business Sync Client (Groove.exe)
- Restriction and limits when using the OneDrive for Business Next Generation Sync Client (OneDrive.exe)
Manage Users
- Protect OneDrive for Business data when an employee leaves the organization
- What happens in user profiles when a OneDrive for Business user leaves your organization
- Training for users: Store, share, and sync files in OneDrive for Business
- Training for users: Store, sync, and share your work files
Security
- How file encryption works in OneDrive for Business
- Create a Data Loss Prevention (DLP) policy for OneDrive for Business
- Office 365 Security and Compliance Center
- Prevent users from saving work files to their personal OneDrive accounts
- Allow users to share files with external people
- Allow Microsoft support engineers access to your Office 365 data for support issues
Troubleshooting
- How to fix OneDrive for Business sync problems
- Fix OneDrive sync problems with Windows 10, Windows 7, or Windows Vista
- Fix OneDrive sync problems with Windows 8.1 or Windows RT 8.1
- Fix OneDrive sync problems on a Mac
- Get help by emailing the OneDrive support team