Restricting OneDrive To Multiple Tenants

You can use GPO or Intune/MDM settings to restrict a number of settings with OneDrive. One of the documented settings is called “Allow syncing OneDrive accounts for only specific organizations”. Notice how it is a title in the plural – more than one organization.

But if you look at all the documentation and examples others post online for this setting, they all given a single organization example. I do a considerable amount of work for tenant to tenant mergers and multi-tenant organizations and so I wanted to ensure there was a reference online to the multi-tenant nature of this setting.

This setting takes more than one Tenant ID as shown:

The OneDrive ADMX Settings
The “Allow syncing … organizations” dialog
Add more than one tenant, add one per line

Once you set multiple Tenant IDs (obtainable from https://entra.microsoft.com > Azure Active Directory) and save the settings they apply to your devices in scope.

Then when the settings take effect, they appear in the registry as a child of the OneDrive settings node:

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\OneDrive\AllowTenantList
The OneDrive Restricted Sync List – Multiple Tenants

On the next restart of OneDrive, these settings take effect. In my example allowing sync from two tenants and those two tenants only.

Leave a comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.