18.10.51.2 (L1) Ensure 'Prevent the usage of OneDrive for file storage on Windows 8.1' is set to 'Enabled'

Information

This policy setting lets you prevent apps and features from working with files on OneDrive using the legacy OneDrive/SkyDrive client.

The recommended state for this setting is: Enabled

Note: Despite the name of this setting, it is applicable to the legacy OneDrive client on any Windows OS.

Enabling this setting prevents users from accidentally (or intentionally) uploading confidential or sensitive corporate information to the OneDrive cloud service using the legacy OneDrive/SkyDrive client.

Note: This security concern applies to

any

cloud-based file storage application installed on a server, not just the one supplied with Windows Server.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled :

Computer Configuration\Policies\Administrative Templates\Windows Components\OneDrive\Prevent the usage of OneDrive for file storage on Windows 8.1

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template SkyDrive.admx/adml that is included with the Microsoft Windows 10 Release 1607 & Server 2016 Administrative Templates (or newer). We strongly recommend you only use either that version of the template or a newer one. Older versions of the templates had conflicting settings in different template files for both OneDrive & SkyDrive, until it was cleaned up properly in the above version.

Impact:

Users can't access OneDrive from the OneDrive app and file picker. Windows Store apps can't access OneDrive using the WinRT API. OneDrive doesn't appear in the navigation pane in File Explorer. OneDrive files aren't kept in sync with the cloud. Users can't automatically upload photos and videos from the camera roll folder.

Note: If your organization uses Office 365, be aware that this setting will prevent users from saving files to OneDrive/SkyDrive.

See Also

https://workbench.cisecurity.org/benchmarks/15290

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-20, CSCv7|13.4

Plugin: Windows

Control ID: 3c85e40d02bbcaf7e7cd62478058a67fbfc3b6d9dd88286512b157bb88d5a99d