BOOK MEETING
CONTACT US
Categories
guide File Sharing/Blocking

Disabling OneDrive Access: A Step-by-Step Guide 

be09dd2b 2733 40e5 903d 1b285194407a

The seamless integration of OneDrive into the Microsoft 365 suite offers undeniable benefits for collaboration and file storage. However, there are scenarios where organizations might need to restrict access to OneDrive, especially when dealing with sensitive data or specific compliance requirements. If you’re looking to manage OneDrive access within your organization, this guide will walk you through the process of disabling it using Conditional Access Policies. 

How to Restrict Access 

To restrict access to OneDrive, you must first block SharePoint Online access. This can be achieved using Conditional Access Policies. To set up these policies, you need one of the following licenses: 

  • Azure Active Directory Premium P1 or P2 
  • Microsoft 365 Business Premium 
  • Microsoft 365 E3 or E5 
  • Enterprise Mobility and Security E3 or E5 

To create the policy, simply follow the numbered screenshots provided for easy guidance. 

Step1  

In admin.microsoft.com, choose “Identity”  

aa91b0bb 74fa 4531 9052 2b8a4fad0429

Step 2: 

You will be directed to the Microsoft Entra Admin Center. On the left side, select “Protection,” then “Conditional Access,” and click on “Create New Policy.” 

6a6e9da1 9c76 4fab b97c 07215673178e

Step 3: 

Give the policy a name, then select “Specific users included.” You can now specify which users to include or exclude from this policy.

ae3829c9 096e 4385 91da 877db9fb33c1

Step 4: 

In the “Target Resources” section, choose the policy that applies to “Cloud Apps,” and then select “Office 365 SharePoint Online.”

e7ae506a 7b8a 446f 8d70 7433e84c2f0a

Step 5: 

In the “Network” section, set the option to “Yes” to include all networks and locations.

ed0651ce dc76 48a2 a41a 322d12dbcdb7

Step 6: 

In the “Conditions” section, set “Device Platform” to “Any Device.” For “Cloud Apps,” select “Yes” and choose all clients as shown in the screenshot below.

86b762bf 83d1 4b97 8406 b4438fe5f56b

Step 7: 

In the “Grant” section, select “Grant Access”.  

7b5f0294 4479 48b7 8dc3 7d854db09530

Step 8 

In the “Session” section, choose “Use app-enforced restrictions” and click on Select.  

63324e37 e104 4e53 adcb d96fdcc5228f

Step 9: 

Change “Enable policy” to ON and click on “Create”.  

aca2a029 f0fd 40a9 98c2 40ca4618d585

n conclusion, the seamless integration and collaborative power of OneDrive and SharePoint within Microsoft 365 are undeniable. However, maintaining control over sensitive information and ensuring compliance requires more than just default settings. AGAT Software’s SphereShield offers a robust solution to address these concerns, providing granular control and flexibility to manage file uploads, sharing, and access permissions across OneDrive and SharePoint. 

With AGAT, you can prevent unauthorized access, enforce data segregation policies, and maintain strict compliance standards. Whether you need to restrict file uploads, prevent sharing between specific groups, or control site access, AGAT empowers you to tailor your security measures to your unique requirements. 

By implementing SphereShield, you can confidently leverage the benefits of OneDrive and SharePoint while safeguarding your sensitive data and ensuring regulatory compliance. Don’t let uncontrolled file access create risks for your organization. Take control with SphereShield and experience a secure, compliant, and collaborative environment. 

Categories
blog Ethical Wall File Sharing/Blocking Microsoft Teams

Mastering Information Barriers: Advanced Sharing Limitations in SharePoint 

Mastering Information Barriers

Ensuring secure collaboration while safeguarding sensitive information is paramount. Microsoft offers Information Barriers to control document access, prevent unauthorized sharing, and maintain data integrity. While straightforward scenarios are well supported, some cases allow users to communicate via SharePoint documents even when set to be blocked. 
In this blog, we will explain one scenario that is not covered by Information Barriers  

Let’s delve into a scenario where Bob and Alice lack permission for a document, but Jim has access and shares it, highlighting the effectiveness of Information Barriers. 

Understanding Information Barriers 

Information Barriers in SharePoint allow organizations to control communication and collaboration between different groups of users. By defining policies, admins can restrict access to specific content based on user attributes such as department, role, or team membership. This ensures compliance and prevents conflicts of interest by enforcing segregation of duties. 

While Microsoft Information Barriers offer some controls for access management in SharePoint, it’s essential to acknowledge their limitations. One notable gap is the potential for accidental access granted between restricted users and sensitive documents. This is due to MS Teams Information barriers policy setting being too broad, only having limited sharing control such as sharing with anyone, sharing with the company, shared with a group but it does not provide granular control. 

The Scenario:

A user can share a file with members of separate groups that are blocked from communicating with each other 

The Players: 

Jim: A senior manager with access to sensitive financial reports. 

Bob and Alice: one is an investor, and the other is a researcher, and they are set not to be able to communicate with each other. 

The Incident: 

Jim needs input from both Bob and Alice on a project that involves data from the financial reports. He decides to collaborate with them by sharing the relevant document on SharePoint. Giving them access to a document that they otherwise should not have. 

He shares the file with Bob and then shares the same file with Alice. As a result, Bob and Alice have a file shared that enables them to communicate and share info on it. 

The Solution 

AGAT’s Ethical Wall /Information Barrier Enforcement validates all the users that have access to file on any permission changes event. This is done in real-time blocking the communication between Bob and Alice as explained above  Despite the attempt to share, the restricted user will be unable to access the document due to their restricted permissions. 

AGAT Information Barriers ensure that sensitive or restricted information remains protected, mitigating the risk of unauthorized access or data breaches. 

Conclusion 

AGAT’s Ethical Wall/ Information Barriers in SharePoint provide advanced sharing options that enable organizations to maintain data integrity and confidentiality. By effectively segregating users and controlling access to sensitive content, businesses can foster secure collaboration while mitigating the risk of unauthorized disclosure. Implement Information Barriers in your SharePoint environment to bolster your data protection strategies and safeguard critical information. 

Learn More

Categories
Microsoft Teams File Sharing/Blocking

How to disable / block file sharing in Microsoft Teams?

Capabilities and limitations of using Information Barriers for blocking file sharing in Microsoft Teams, SharePoint and OneDrive

In a previous post we discussed the capabilities and limitations of Microsoft Information Barriers for O365 with great detail. However, there is a simple question we wanted to address in this post.

Many people have been requesting in the Microsoft UserVoice Forum the ability to completely disable file sharing in Microsoft Teams. This comes because of, for example, heavily regulated companies that need to disable certain types of users from sharing files back and forth.
These users can be external employees, guests, teams with very sensitive data (financial), or even governmental institutions with strict restrictions.

What is a little more complicated, is that Microsoft Teams is deeply integrated with SharePoint (for channels) and OneDrive (for chats), meaning that if a user wants to really deny filesharing for another user/group/team, that user will need to do it on the 3 channels.

Otherwise, it won’t be completely solved since the user will be able to get to SharePoint or OneDrive directly and do it

The diagram below shows how Microsoft Teams, SharePoint and OneDrive are related one to the other when it comes to file sharing

How to block file sharing in Microsoft Teams? 

So everything points to Information Barriers, the add-on Microsoft offers for compliance on their platform. 

Information Barriers has some very important features like blocking adding members to teams, blocking chats or blocking placing calls. It also has file blocking capabilities for SharePoint and OneDrive

On one hand admins can control file sharing between groups in SharePoint and OneDrive with Information Barriers for One drive and Information barriers for SharePoint.

On the other hand this does not block sharing these files in MS Teams.

The reason is that it really comes to what is the purpose of Microsoft teams.

Since Teams was built for collaboration purposes only where file sharing is the backbone of it, blocking file sharing in SharePoint or OneDrive will be of no effect for Teams.

The solution to block file sharing in Microsoft Teams

AGAT Software has developed an easy, yet powerful way to block file sharing (and other things) on Microsoft Teams.

SphereShield Ethical wall controls both upload and share operations in Teams channels, Teams chat, SharePoint and OneDrive

SphereShield can prevent a specific group that has access to financial data from being able to upload files to the cloud through any platform- MS Teams channels/Chat or the file tab of a channel of going directly to SharePoint to OneDrive

Another user case is that companies would like to restrict sharing files from one department only to users in that department. For example, HR content would be allowed only to share with other HR members but not with anyone that is not a member of HR


It’s called the Ethical Wall. The name comes because instead of creating a rigid firewall where nothing is allowed, it allows to decide which users/groups/teams/domains are not allowed to share files / write messages / do calls / share video with whom.

The possibilities are endless and everything is set up on a simple and intuitive dashboard.

For more information and to get a free live demo, contact us today