Governance for OneDrive for business
This page has been automatically translated with machine translation.
OneDrive for Business is a cloud solution from Microsoft for storing all your files. In this article, we've already given you 10 reasons why you should start using OneDrive for Business.
After you have properly understood the value for your organization but also for the users, we like to give a few more features, technically. At the bottom of the article you can read how to optimally set up OneDrive.
What is Governance?
Governance brings together 4 facets. As you well know, it is not so easy to start with Governance. If you can describe this matter well, you can start working concretely per pillar.
|technologies||rules / Policy|
How to get started with OneDrive Governance?
Start small / start small
- Avoid regulating everything. Govern everything is not possible.
- Don't think the plan will come naturally. Put time and energy into clear understandable documentation.
- Don't make policies of things you can't enforce. Don't mix the human aspect with the policy/policy. Otherwise, you will stand still.
- Grow systematically toward a better version of the governance model.
- Policies carry the current culture of the organization. if there is now a lot of chaos and no rules. Then it's strange that you will institute a lot of rules in your SharePoint/OneDrive organization. Your organization is not ready to handle this maturity. (Culture, people,....)
- Create a governance board. To add rules in subsequent versions. Don't put everything on the board.
- Help people offer basic solutions/training so they become pro-SharePoint .
What not to do - dont's
- Don't just involve IT. Bring your entire organizational representatives to the table. HR, IT, Management, department heads.
- Allign governance plans with your organization's major groups. Not with everyone.
- A governance board creates a frame. But does not resolve the content. Don't think if the point is on the board that it will happen.
- Don't abort shadow-it, third-party or file server use if there is no alternative. People need tools. If OneDrive cannot help them, the problem is not in this technology.
Below is a list of all features that you could also find summarized with examples on this blog. Important to cover all features in the technical setup, governance.
- Known Folder Move
- OneDrive Files On-Demand
- Modern attachments
- Real-time team collaboration: Coauthoring in full versions of Microsoft Word, Excel, and PowerPoint
- Seamlessly connecting files to conversations
- Intelligent discover with OneDrive Discover view
- OneDrive Files Restore
- Recycle bin
- Data loss prevention (DLP)
- Auditing and reporting
- Encryption of data in transit and at rest
- Customer-controlled encryption keys
- Office 365 Customer Lockbox
- Hybrid integration with SharePoint Server
- OneDrive Multi-Geo storage locations
- Government cloud
- Users can share with Anyone in the default settings. Inside but also outside the organization.
- We believe in using the defaults but using Information Protection to label and classify the effective information. Why?
Because you don't want users to have to distinguish between sensitive data or not.
- Allow or block sharing with individuals in specific domains. This gives you room to block domains or partners you want to collaborate with, or don't want to collaborate with.
- External users must accept sharing invitations with the account on which the invite was received. If you really want to be 100% sure that the recipient is the account on which the invite was received. Check this box!
- Allowing remote users to further share your files or folders is on by default. It might be better to just turn this off.
- Through the easy-to-use OneDrive control panel, you have the ability to configure links.
- In times of active collaboration, it seems better that as an organization you allow files to be shared from OneDrive. If you don't allow that, you quickly run into the risk where users will seek alternatives themselves. (shadow-IT)
- It's a choice whether to let the left expire. There is no real hard best practice. Some organizations choose 90 days. Some 365. But never has no values either. Then choose 90 days.
These are the 3 parameters you can configure in the OneDrive administrator panel.
- Display sync button on the OneDrive website. If you choose the optimal use then it is best to leave this option enabled.
- Allow synchronization only on PCs associated with specific domains. If you want to allow only PCs that are in one domain, you can. You can't make exceptions for individuals or devices. Anyway.
- Block syncing of certain file types. Here you can choose to block files that have no value for posting to OneDrive, for example. ISOs are a perfect example to block because this only impacts in bandwidth. No one needs to upload 4.7GB Windows images to their OneDrive.
- Allow synchronization only on domain-joined devices
- How much default storage in GB do you want to give your users? If you are starting to roll out OneDrive in your organization, and you have a relatively low upload you could choose to set this to 5GB or 10GB.
- Number of days files should be retained in OneDrive after a user account is marked for deletion. 365 days is a suggestion. This is a free choice. The default is 30 days.
- Allow access only from certain IP address locations.
- Mobile Application management.
You can start with the MAM (Mobile Application Management) approach by configuring your OneDrive specifically. However, we recommend bringing this into a broader framework and for all Microsoft 365 Apps.
Also: Outlook, Word, Excel, PowerPoint, Teams,...
- Compliance settings is a link to the Security & Compliance center that works across the breadth of data protection. These details get processed in a subsequent blog.
- Here you can configure the notifications that owners get by mail when any of these 3 notifications occur. In itself super convenient to keep control and understand what happens to the data.
Browse to: modernonboarding/onedrivequickstartguide
Select how you want to handle OneDrive sharing.
Successful design involves minimal change process
- Users in your organization are not aware of the quata you impose. Whether they get 50GB or 1000GB. Communicating is important!
- If you would choose not to share with outsiders communicate the new standard within the organization. And check to see how many links are currently open to the outside via Cloud App Security.
- Also consider the "Known-Folder-Move" of step 5 of the article "start modern management.