Boston Office 365 User Group Presentation. Includes a technical overview of the administration, security and compliance features of OneDrive for Business and Office 365. Real world examples and sample scripts included.

1. Boston Office 365 User Group – December 2016

2. Oliver Bartholdson
Senior SharePoint Consultant
Microsoft PTSP
Twitter: @obartholdson
LinkedIn: linkedin.com/in/obartholdson

4. What you will get out of this session
Secondary
Administrator
Storage
Quota
Pre-
Provision
OneDrive
OneDrive
Retention
DLP
Policies
Sync Client
Modern
Experience
External
Sharing
End User
Activity
Reports
Content
Search
eDiscovery
Prepare for launch Protect after launch
Data MigrationGovernance Plan

5. What you will NOT get out of this session
Prepare for launch Protect after launch
Data MigrationGovernance Plan
Secondary
Administrator
Storage
Quota
Pre-
Provision
OneDrive
OneDrive
Retention
DLP
Policies
Sync Client
Modern
Experience
External
Sharing
End User
Activity
Reports
Content
Search
eDiscovery

6. OneDrive for Business Overview

7. Add a Secondary Administrator
Global Admin view End user view
Secondary
Administrator
Storage
Quota
Pre-
Provision
OneDrive
OneDrive
Retention
DLP
Policies
Sync Client
Modern
Experience
External
Sharing
End User
Activity
Reports
Content
Search
eDiscovery

8. Add a Secondary Administrator
Automatically add a secondary administrator during the
creation process of the OneDrive site (MySite)
SharePoint Admin Center > User Profiles > Setup MySites
Secondary
Administrator
Storage
Quota
Pre-
Provision
OneDrive
OneDrive
Retention
DLP
Policies
Sync Client
Modern
Experience
External
Sharing
End User
Activity
Reports
Content
Search
eDiscovery

9. For existing OneDrive sites, you must:
• Sign in to Office 365 as a Global Administrator
• Connect to the tenant using Connect-SPOService
• Create a list of all OneDrive for Business sites using
GetOD4BSites.ps1
• Assign a user as a site collection administrator across all
OneDrive sites using OD4BAssignSCA.ps1
Secondary
Administrator
Storage
Quota
Pre-
Provision
OneDrive
OneDrive
Retention
DLP
Policies
Sync Client
Modern
Experience
External
Sharing
End User
Activity
Reports
Content
Search
eDiscovery
Add a Secondary Administrator

10. Tips
• Assign permissions to no more than 2,500
OneDrive for Business sites per day
• Keep a record of the OneDrive sites and
administrators
• Communicate to users that an administrative
account has been assigned as a site collection
administrator to OneDrive for Business sites in
your organization
Secondary
Administrator
Storage
Quota
Pre-
Provision
OneDrive
OneDrive
Retention
DLP
Policies
Sync Client
Modern
Experience
External
Sharing
End User
Activity
Reports
Content
Search
eDiscovery
Add a Secondary Administrator

11. OneDrive for Business Storage
0TB 1TB 2TB 3TB 4TB 5TB 6TB 7TB
Unlimited storage included in all Enterprise plans
1TB limit by default, can be increased to 5TB
Ask Microsoft for more than 5TB
Secondary
Administrator
Storage
Quota
Pre-
Provision
OneDrive
OneDrive
Retention
DLP
Policies
Sync Client
Modern
Experience
External
Sharing
End User
Activity
Reports
Content
Search
eDiscovery

12. Set Storage Quota
• Sign in to Office 365 as a Global Administrator
• Connect to the tenant using Connect-SPOService
• To set a global quota for new OneDrive sites
• Set-SPOTenant -OneDriveStorageQuota <quota>
• To reset an existing OneDrive site to new quota
• Set-SPOSite -Identity <siteURL> -StorageQuotaReset
• To set the storage quota for a specific OneDrive site
• Set-SPOSite -Identity <siteURL> -StorageQuota <quota>
Secondary
Administrator
Storage
Quota
Pre-
Provision
OneDrive
OneDrive
Retention
DLP
Policies
Sync Client
Modern
Experience
External
Sharing
End User
Activity
Reports
Content
Search
eDiscovery

13. Pre-Provision OneDrive
Why pre-provision?
• Migrate data from file server or other
repository
• Migrate data from OnPrem MySite to
OneDrive for Business
• Part of your on-boarding process
Secondary
Administrator
Storage
Quota
Pre-
Provision
OneDrive
OneDrive
Retention
DLP
Policies
Sync Client
Modern
Experience
External
Sharing
End User
Activity
Reports
Content
Search
eDiscovery

14. Pre-Provision OneDrive
• Configure Secondary Admin and Storage Quota
• Set up the SharePoint Online Management Shell
• Sign in to Office 365 as a Global Administrator
• Connect to the tenant using Connect-
SPOService
• Run the Request-SPOPersonalSite cmdlet, or
create a CSV file to provision up to 200 OneDrive
libraries at once
• Your request will be queued through a timer job
Be sure to assign a
license to the Global
Administrator
account that will be
running this
PowerShell cmdlet.
Secondary
Administrator
Storage
Quota
Pre-
Provision
OneDrive
OneDrive
Retention
DLP
Policies
Sync Client
Modern
Experience
External
Sharing
End User
Activity
Reports
Content
Search
eDiscovery

15. OneDrive Retention
• Account gets deleted in Office 365 Admin Center
or removed through Azure AD sync
• OneDrive site is marked for deletion through the
MySite Cleanup Timer Job
• The Manager in AD gets notified via email and
obtains ownership of the OneDrive site
• 30 Days later the OneDrive data is deleted
30
Days
Secondary
Administrator
Storage
Quota
Pre-
Provision
OneDrive
OneDrive
Retention
DLP
Policies
Sync Client
Modern
Experience
External
Sharing
End User
Activity
Reports
Content
Search
eDiscovery

16. MySite Cleanup Job
• Add a secondary owner in case the manager field is not
populated in AD
• Increase the retention period for the MySite Cleanup Timer Job
to up to 10 years!
• Set-SPOTenant –OrphanedPersonalSitesRetentionPeriod <number of days>
Secondary
Administrator
Storage
Quota
Pre-
Provision
OneDrive
OneDrive
Retention
DLP
Policies
Sync Client
Modern
Experience
External
Sharing
End User
Activity
Reports
Content
Search
eDiscovery

17. Data Loss Prevention Policies (DLP)
• Identify sensitive information across many locations, such as
Exchange Online, SharePoint Online, and OneDrive for Business
• Prevent the accidental sharing of sensitive information
• Get notified or view DLP reports showing content that matches
your organization’s DLP policies
Secondary
Administrator
Storage
Quota
Pre-
Provision
OneDrive
OneDrive
Retention
DLP
Policies
Sync Client
Modern
Experience
External
Sharing
End User
Activity
Reports
Content
Search
eDiscovery

18. Data Loss Prevention Policies
• Security and Compliance > Threat Management > DLP
• Protect all OneDrive sites, or just a few
• Create your conditions
Secondary
Administrator
Storage
Quota
Pre-
Provision
OneDrive
OneDrive
Retention
DLP
Policies
Sync Client
Modern
Experience
External
Sharing
End User
Activity
Reports
Content
Search
eDiscovery

19. Data Loss Prevention Policies
• Choose a sensitive information type, or
create your own
• Create an action when conditions are met
Secondary
Administrator
Storage
Quota
Pre-
Provision
OneDrive
OneDrive
Retention
DLP
Policies
Sync Client
Modern
Experience
External
Sharing
End User
Activity
Reports
Content
Search
eDiscovery

20. Data Loss Prevention Policies
Secondary
Administrator
Storage
Quota
Pre-
Provision
OneDrive
OneDrive
Retention
DLP
Policies
Sync Client
Modern
Experience
External
Sharing
End User
Activity
Reports
Content
Search
eDiscovery

21. Next Generation Sync Client
Original Sync Client (groove.exe)
• Windows 7, 8, 8.1, 10
• OneDrive for Business, SharePoint,
Groups
• 20,000 item limit
• 2GB file size limit
• No Selective Sync
• Supports co-authoring from local docs
• Included in Office ProPlus 2013
• MFA App Passwords
Next Gen Sync Client (onedrive.exe)
• Windows 7, 8, 8.1, 10, Mac OS X 10.9
• OneDrive for Business, OneDrive
Consumer, SharePoint, Groups (Preview)
• No item limit
• 10 GB file size limit
• Supports Selective Sync
• Supports real-time co-authoring in Office
2016
• Included in Office ProPlus 2016
• MFA with Modern Authentication
• Control bandwidth consumption
Secondary
Administrator
Storage
Quota
Pre-
Provision
OneDrive
OneDrive
Retention
DLP
Policies
Sync Client
Modern
Experience
External
Sharing
End User
Activity
Reports
Content
Search
eDiscovery

22. Next Generation Sync Client
Previous Sync Client New sync client
Secondary
Administrator
Storage
Quota
Pre-
Provision
OneDrive
OneDrive
Retention
DLP
Policies
Sync Client
Modern
Experience
External
Sharing
End User
Activity
Reports
Content
Search
eDiscovery

23. Next Generation Sync Client
Already have the old groove sync client installed?
• The next gen sync client with automatically take over syncing
• Groove.exe with stop syncing OneDrive sites
• OneDrive.exe starts syncing the same OneDrive site without re-
downloading the content
• Groove.exe stops running and removes itself from automatic startup,
unless it’s syncing other content like SharePoint site libraries or OnPrem
OneDrive for Business
Secondary
Administrator
Storage
Quota
Pre-
Provision
OneDrive
OneDrive
Retention
DLP
Policies
Sync Client
Modern
Experience
External
Sharing
End User
Activity
Reports
Content
Search
eDiscovery

24. Next Generation Sync Client
• System Center Configuration
Manager (SCCM) or Group Policy
can be used to deploy the sync
client
• Deploy OneDrive.exe to your users
• Launch OneDrive.exe to allow users
to setup the sync client
• Set update cadence (Optional)
Download the
sample SCCM
package. Just
update the
OneDrive.exe
path and the
application
owner.
Secondary
Administrator
Storage
Quota
Pre-
Provision
OneDrive
OneDrive
Retention
DLP
Policies
Sync Client
Modern
Experience
External
Sharing
End User
Activity
Reports
Content
Search
eDiscovery

25. Next Generation Sync Client
Key Administration Settings via Group Policy
• Set the default location for the OneDrive folder
• Prevent users from changing the location of
their OneDrive folder
• Prevent users from synchronizing their
personal OneDrive accounts
• Set maximum upload bandwidth percentage
that OneDrive.exe uses
Download the
OneDrive
Deployment
Package to get the
adml and admx
group policy files
Secondary
Administrator
Storage
Quota
Pre-
Provision
OneDrive
OneDrive
Retention
DLP
Policies
Sync Client
Modern
Experience
External
Sharing
End User
Activity
Reports
Content
Search
eDiscovery

26. Next Generation Sync Client
Set-SPOTenantSyncClientRestriction
• Block sync to non-domain joined machines
• Control the list of allowed domains
• Block Mac sync since they do not support domain join
• Block specific file extensions from synching
• Prevent users from synchronizing their personal OneDrive accounts
• Block the old sync client
Secondary
Administrator
Storage
Quota
Pre-
Provision
OneDrive
OneDrive
Retention
DLP
Policies
Sync Client
Modern
Experience
External
Sharing
End User
Activity
Reports
Content
Search
eDiscovery

27. Classic vs. Modern OneDrive
Secondary
Administrator
Storage
Quota
Pre-
Provision
OneDrive
OneDrive
Retention
DLP
Policies
Sync Client
Modern
Experience
External
Sharing
End User
Activity
Reports
Content
Search
eDiscovery

28. External Sharing
Tenant level options Site collection options
Site collection sharing cannot be less
restrictive than the tenant setting
Secondary
Administrator
Storage
Quota
Pre-
Provision
OneDrive
OneDrive
Retention
DLP
Policies
Sync Client
Modern
Experience
External
Sharing
End User
Activity
Reports
Content
Search
eDiscovery

29. External Sharing
All or nothing OneDrive sharing
Enable for all, block for some
• Set-SPOSite –Identity
https://<yourtenant>-
my.sharepoint.com –
SharingCapability Disabled
Secondary
Administrator
Storage
Quota
Pre-
Provision
OneDrive
OneDrive
Retention
DLP
Policies
Sync Client
Modern
Experience
External
Sharing
End User
Activity
Reports
Content
Search
eDiscovery

30. External Sharing
You can setup a list of approved
domains or blocked domains
but not both
These settings apply to both
SharePoint Online and OneDrive
for Business!
Secondary
Administrator
Storage
Quota
Pre-
Provision
OneDrive
OneDrive
Retention
DLP
Policies
Sync Client
Modern
Experience
External
Sharing
End User
Activity
Reports
Content
Search
eDiscovery

32. End User Activity Reports
Who has viewed that document?
Who is sharing files with external parties?
Who deleted those files?
Who created an anonymous link to this file?
Who is using the sync client to download files?
Who deleted the compliance administrator from their OneDrive?
Secondary
Administrator
Storage
Quota
Pre-
Provision
OneDrive
OneDrive
Retention
DLP
Policies
Sync Client
Modern
Experience
External
Sharing
End User
Activity
Reports
Content
Search
eDiscovery

33. End User Activity Reports
Secondary
Administrator
Storage
Quota
Pre-
Provision
OneDrive
OneDrive
Retention
DLP
Policies
Sync Client
Modern
Experience
External
Sharing
End User
Activity
Reports
Content
Search
eDiscovery

34. Advanced Alerts
Secondary
Administrator
Storage
Quota
Pre-
Provision
OneDrive
OneDrive
Retention
DLP
Policies
Sync Client
Modern
Experience
External
Sharing
End User
Activity
Reports
Content
Search
eDiscovery

35. Content Search
Secondary
Administrator
Storage
Quota
Pre-
Provision
OneDrive
OneDrive
Retention
DLP
Policies
Sync Client
Modern
Experience
External
Sharing
End User
Activity
Reports
Content
Search
eDiscovery

36. Content Search
Secondary
Administrator
Storage
Quota
Pre-
Provision
OneDrive
OneDrive
Retention
DLP
Policies
Sync Client
Modern
Experience
External
Sharing
End User
Activity
Reports
Content
Search
eDiscovery

37. Content Search
Secondary
Administrator
Storage
Quota
Pre-
Provision
OneDrive
OneDrive
Retention
DLP
Policies
Sync Client
Modern
Experience
External
Sharing
End User
Activity
Reports
Content
Search
eDiscovery

38. eDiscovery Case Management
Secondary
Administrator
Storage
Quota
Pre-
Provision
OneDrive
OneDrive
Retention
DLP
Policies
Sync Client
Modern
Experience
External
Sharing
End User
Activity
Reports
Content
Search
eDiscovery

39. Preservation Hold Library
Document Library Preservation Hold Library
Secondary
Administrator
Storage
Quota
Pre-
Provision
OneDrive
OneDrive
Retention
DLP
Policies
Sync Client
Modern
Experience
External
Sharing
End User
Activity
Reports
Content
Search
eDiscovery

40. eDiscovery Case Management
Preserve Identify Search Analyze Review
Identifying Relevant Data
Secondary
Administrator
Storage
Quota
Pre-
Provision
OneDrive
OneDrive
Retention
DLP
Policies
Sync Client
Modern
Experience
External
Sharing
End User
Activity
Reports
Content
Search
eDiscovery

41. Advanced eDiscovery
Secondary
Administrator
Storage
Quota
Pre-
Provision
OneDrive
OneDrive
Retention
DLP
Policies
Sync Client
Modern
Experience
External
Sharing
End User
Activity
Reports
Content
Search
eDiscovery

43. Resources
Downloads
OneDrive Deployment Package
sample SCCM package
GetOD4BSites.ps1
OD4BAssignSCA.ps1
References
Add a Secondary Administrator
Assign eDiscovery Permissions to OneDrive
OneDrive for Business Storage
Set OneDrive Storage Quota
Pre-Provision OneDrive Sites
Overview of OneDrive Retention and Deletion
OneDrive Retention PowerShell cmdlet
Data Loss Prevention Policies
Next Generation Sync Client Overview
Determine Version of Sync Client
Transition to the Next Gen Sync Client
Deploying the Next Gen Sync Client
Administrative Settings for the Next Gen Sync Client
Block Sync From Non-Domain Joined Machines
Overview of External Sharing
End User Activity Reports
Advanced Alerts in Office 365
Run a Compliance Search
eDiscovery Case Management
Advanced eDiscovery
Stay Up to Date with the Sync Client Release Notes

44. Thank you!
Don’t forget to follow me:
Twitter: @obartholdson
LinkedIn: linkedin.com/in/obartholdson