You can use GPO or Intune/MDM settings to restrict a number of settings with OneDrive. One of the documented settings is called “Allow syncing OneDrive accounts for only specific organizations”. Notice how it is a title in the plural – more than one organization.
But if you look at all the documentation and examples others post online for this setting, they all given a single organization example. I do a considerable amount of work for tenant to tenant mergers and multi-tenant organizations and so I wanted to ensure there was a reference online to the multi-tenant nature of this setting.
This setting takes more than one Tenant ID as shown:
Once you set multiple Tenant IDs (obtainable from https://entra.microsoft.com > Azure Active Directory) and save the settings they apply to your devices in scope.
Then when the settings take effect, they appear in the registry as a child of the OneDrive settings node:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\OneDrive\AllowTenantList
On the next restart of OneDrive, these settings take effect. In my example allowing sync from two tenants and those two tenants only.
Photo by Edward Jenner from Pexels: https://www.pexels.com/photo/multiple-overlay-patterns-of-a-colorful-design-4252897/
Leave a Reply