Restricting OneDrive To Multiple Tenants


You can use GPO or Intune/MDM settings to restrict a number of settings with OneDrive. One of the documented settings is called “Allow syncing OneDrive accounts for only specific organizations”. Notice how it is a title in the plural – more than one organization.

But if you look at all the documentation and examples others post online for this setting, they all given a single organization example. I do a considerable amount of work for tenant to tenant mergers and multi-tenant organizations and so I wanted to ensure there was a reference online to the multi-tenant nature of this setting.

This setting takes more than one Tenant ID as shown:

The OneDrive ADMX Settings
The “Allow syncing … organizations” dialog
Add more than one tenant, add one per line

Once you set multiple Tenant IDs (obtainable from https://entra.microsoft.com > Azure Active Directory) and save the settings they apply to your devices in scope.

Then when the settings take effect, they appear in the registry as a child of the OneDrive settings node:

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\OneDrive\AllowTenantList
The OneDrive Restricted Sync List – Multiple Tenants

On the next restart of OneDrive, these settings take effect. In my example allowing sync from two tenants and those two tenants only.

Photo by Edward Jenner from Pexels: https://www.pexels.com/photo/multiple-overlay-patterns-of-a-colorful-design-4252897/


by

Tags:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.