Many organizations want to ensure their users are only able to sync files to managed or domain-joined PC’s thereby limiting data leakage possibilities on unmanaged home and personal computers. Microsoft today announced that they’re releasing this capability for OneDrive for Business administrators.
It’s really simple to set up and manage. The IT administrator defines a list of domains that they will allow sync client requests from. Any OneDrive for Business sync client requests originating from PC’s that aren’t domain-joined or aren’t members of the allowed domains will be blocked. To enable this feature and list the allowed domains administrators will run a cmdlet in the SharePoint Online Management Shell. What’s more we collect the details every time a sync client request is allowed or blocked and you can filter these results in our new compliance center auditing & reporting features which are rolling out soon.
It should be noted that this feature will work with PC’s that can be managed through Active Directory Group Policy, it will therefore automatically block all sync on Apple Macintosh machines which have no equivalent of Group Policy management. Today this feature will allow you to manage sync on the existing PC client and we’ll continue this support with the new unified sync client when we ship that later this year.