The Downside to Turning Off OneDrive Sharing
In the modern workplace, moving between tools and platforms should be fairly seamless. End users expect to be able to not only work from anywhere, but to also have access to their content whenever and wherever needed. One of the ubiquitous experiences that end users expect is the sharing of content — to save a Word document or PowerPoint presentation locally, or easily publish to a SharePoint library, or move it with any related material to a personal OneDrive account. It is no longer acceptable to force users to log into a separate application or open a website to upload, and then share, their content. The expectation is that sharing content should be native to every collaboration and productivity tool and service, period.
The Benefits of OneDrive Sharing
Within the Office 365 ecosystem, OneDrive has become synonymous with sharing. In fact, OneDrive is an integral part of the entire Office 365 files experience, supporting the modern attachment experience in Exchange, Yammer, and Microsoft Teams, and helping to power the personalized and intelligent experiences enabled by Microsoft Graph and Delve. Within SharePoint and Teams, OneDrive is the file explorer for everything within Office 365, providing one-click access to your content, and the ability to sync SharePoint files with those in Microsoft Teams.
As an integrated service within Office 365, OneDrive provides an Office client backstage experience for opening, saving, and sharing your content, and allows users to explore their lists of ‘Most Recently Used’ and ‘ Shared With Me’ items. OneDrive is also serves as a launch-point for co-authoring content within Office clients, as well as through their corresponding web applications.
Turning Off OneDrive Sharing
Even with this important role within the Office 365 platform, some customers want to limit – or remove – the sharing capability of OneDrive. They may have concerns about the governance implications of OneDrive, and prefer the security and administrative controls of OneDrive for Business for this type of sharing. Other organizations are concerned that file sharing could result in an unauthorized, external user gaining full control of the company’s intellectual property – such as through the Share a Link option, where anonymous guest links can be created and shared, limiting the visibility and control over who can view, edit, or copy the content without being able to track these activities.
The change to OneDrive sharing is implemented at an Office 365 Tenant level, and as such, it is an all-or-nothing change. Because OneDrive acts as an Office client backstage for open, save, share, even with the sharing capability turned off, you will still see all the OneDrive share points and may even be prompted to use OneDrive. These prompts cannot be disabled, nor can the options in the menu be modified. From a security and compliance standpoint, you will not be able to run cross-workload policies for scenarios like data loss prevention (DLP), auditing, retention, eDiscovery, as these are applied suite-wide.
When OneDrive sharing is disabled, what stops working includes:
- SharePoint Home is disabled, because settings are stored in the OneDrive cache.
- Followed Sites are disabled due to settings stored in OneDrive cache.
- Shared With Me list is also disabled due to settings stored in OneDrive cache.
- Modern Attachments are entirely disabled.
- Team Site and Microsoft Teams sync to OneDrive are disabled.
- OneNote sync, because the cache is also stored in OneDrive.
- Additionally, any external users who were invited to view or edit content will be blocked. They’ll receive an error message, and if, at some point in the future, sharing is re-enabled, they will need a new sharing link.
Some additional experiences will be degraded:
- Modern attachments will become unavailable. Users will see options for OneDrive for Business attachments, and may be prompted to use ODB for file attachments.
- Microsoft Graph and Delve will be seriously crippled, as they rely on what is being shared and viewed to provide their rich experiences.
- Most Recently Used list will still work, but loses much of its usefulness without insights from Microsoft Graph and Delve.
Recommendations
Rather than disable all sharing within OneDrive, there are a number of other options that allow an organization to maintain governance and control over their intellectual property. Rather than disable sharing for everyone apart from a few specific users, diminishing the features of Office 365 and thereby impacting end user adoption of the platform, establish policies for the handling of sensitive content and material, and leverage the many security and governance features available within the platform.
Examples include:
- Enabling information rights management policies
- Create Allow/Deny lists to better manage user permissions by role
- Set a mandatory expiration limit on guest links
- Establish clear sharing guidelines for employees, and monitor content movement
- Regularly audit external sharing invitations and user claims, leveraging the latest features in the Compliance (Protection) center in Office 365
OneDrive sharing is a powerful and essential capability within Office 365. When organizations elect to turn off this important feature, they seriously diminish the cross-workload value of the platform, and can inhibit adoption and engagement. While Microsoft recognizes the unique security, governance, and compliance requirements of customers and provides the ability to turn OneDrive sharing off, because of the benefit — the overall recommendation is to mitigate these risks through other methods.
However….if you’re still convinced that turning off sharing within OneDrive is the right thing to do, you can read more about the process on the Office support site here and here, and Microsoft Tech Community discussions around some of the nuances here.