• Status: Solved
  • Priority: Low
  • Security: Public
  • Views: 64
  • Last Modified:

Office 365 Business premium, do not allow certain users OneDrive or email outside the building

I don't want certain users to be able to use / access OneDrive anywhere / anytime or get their work email from anywhere except their work station pc. I thought the simplest solution for this would be to just not let them know their password. After I do the initial setup of O365 on their work pc, from that point forward they would only be able to access email from there and OneDrive wouldn't work because I would have never signed on to it as them. But, I'm now thinking that's wishful thinking because at some point O365 will probably ask them to login again from their work pc for some Outlook, Word, or Excel reason.

How can I prevent certain users from ever accessing one drive at all and never being able to get work email except at their work pc?
0
pkromer
Asked:
pkromer
  • 4
  • 3
3 Solutions
 
Vasil Michev (MVP)Commented:
You can set up Conditional access policies to block access externally: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-azure-portal-get-started

Or set up client sync restrictions (although that will not prevent them from accessing it via the browser): https://docs.microsoft.com/en-us/powershell/module/sharepoint-online/set-spotenantsyncclientrestriction?view=sharepoint-ps
0
 
pkromerAuthor Commented:
The IP  based access is great but it's global, so that won't work for me. Certain users WILL be able to access, all others won't, so it needs to be user based somehow.

We are not using Azure AD, there is no AD hookup to our O365. We may do that in the future but not until after we launch and the dust clears.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
Vasil Michev (MVP)Commented:
Of course you are using Azure AD, it's the "backend" for O365. And I was referring to the "Restrict non-domain joined machines from syncing" for the cmdlet.
0
 
pkromerAuthor Commented:
I meant we do not have our local AD hooked up to O365. Any settings we change in the AD down here will not change up there... we need to do them manually in O365, like adding a user, removing a user, etc.
0
 
Vasil Michev (MVP)Commented:
Which still doesnt change the fact, that you are using Azure AD as part of Office 365.
0
 
pkromerAuthor Commented:
Ok, thanks all. I'll create a security group and allow certain people to create sites, all others won't be able to, which means no OneDrive for them because it's tied with Sharepoint. In addition, I'll disable all mail app options except desktop for the restricted users.
0
 
pkromerAuthor Commented:
Much research while waiting for an answer to my exact question.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now