New OneDrive for Business cmdlets

Author by Drew Madelung

I stumbled across a new topic on Technet that I have not seen being discussed yet and I wanted to share my thoughts. The topic is about 3 new PowerShell cmdlets that are available for Office 365 through the SharePoint Online Management Shell. These cmdlets are described to:
“Enable OneDrive sync for domains that are on the safe recipients list"
So this now gives administrators the ability to decide what domains sync clients originating from are allowed. This is a great step for Micosoft and OneDrive for Business (OD4B) in regards to security. I have worked with multiple clients recently and usually the longest conversations revolve around security. I hope that these new cmdlets are just the beginning of exciting new features that will be launched this year. Here is the primary technet article: And here are the 3 new cmdlets:
  1. Set-SPOTenantSyncClientRestriction  ->  Enables the feature for the tenancy and lets you to set the domain GUIDs in the safe recipients list.
  2. Get-SPOTenantSyncClientRestriction  ->  Returns the current configuration status.
  3. Remove-SPOTenantSyncClientRestriction  ->  Disables the feature for the tenancy.
The articles on technet still appear to be drafts or works in progress but I wanted to see if these cmdlets were available yet so I connected to our Concurrency tenant and tested it out. 2015-03-09 10_19_05-Administrator_ SharePoint Online Management Shell Success!  Our tenant was of course set up for this to be False (for now). 2015-03-09 10_21_34-Administrator_ SharePoint Online Management Shell Not much there for the help yet but it is coming. The most detailed description available so far is for the Set-SPOTenantSyncClientRestriction cmdlet. Here are the highlights pulled directly from technet:
  • You must be a SharePoint Online global administrator to run
  • The feature can take up to 24 hours to take effect but any changes to the safe recipients list are reflected within 5 minutes
When activating the feature the following will occur:
  • All OneDrive for Business Sync client requests originating from a domain that is not on the safe recipients list will be blocked.
  • All OneDrive for Business Mac Sync client requests will be blocked.
  • Any files that have been previously been synced down to the your computer will not be deleted.
  • OneDrive for Business sync client prior to version 15.0.4693.1000 will stop syncing existing libraries.
To determine the version of your Sync client, see How to determine the version of OneDrive for Business Sync client. As a precaution, I did not enable this feature in any of my production environments as I will be waiting for a more formal announcement from Microsoft or some more detailed information from technet.
Author

Drew Madelung

Technical Architect