OneDrive for Business Gets Security, Data Loss Prevention

Microsoft is rolling out several improvements to its enterprise-grade OneDrive product.

OneDrive for Business is Microsoft's business-grade file storage and sharing service that's based on SharePoint Online and Microsoft's acquired Groove collaboration service. However, the new updates announced Wednesday for OneDrive for Business -- which include a new sync client, new user experience improvements in browsers and in mobile apps, and enhanced IT management controls -- were largely inspired by the consumer OneDrive product, Microsoft noted in its announcement.

IT Controls
On the IT management side, Microsoft is adding controls that can limit access to files that OneDrive for Business users attempt to share with others. Reubin Krippner, director of OneDrive for Business, explained in a Microsoft video that external file sharing can be turned on or off for specific users. The sharing of files can be blocked for certain Internet domains, if wanted. Alternatively, IT pros can specify the domains where document sharing is permitted. He showed off a graphical user interface for making those kinds of policy changes.

These sharing and blocking controls also can be set by using PowerShell scripting, according to a video presentation by Jeremy Mazner, principal group program manager for OneDrive. He said that the OneDrive for Business controls he demonstrated using PowerShell will "all be available by the end of the year."

Microsoft's announcement indicated that IT pros currently have the ability to audit external sharing invitations and they can restrict what users can share with OneDrive for Business. Microsoft also plans to add a future IT capability that will permit "limiting the external domains your users can share with," but that capability will be available in "coming weeks," according to the announcement.

New Sync Client Preview
Microsoft is launching a preview of its next-generation OneDrive for Business sync client for both PCs and Macs. It's supported on Mac OS 10.9 and later versions, as well as Windows 7, 8, and 10 versions. Support for Windows 8.1 devices will be added in Q1 2016, according to a blog post by Jason Moore, group program manager for OneDrive.

However, there's a catch with getting the new sync client preview. Organizations wanting to try out its new features and IT controls will have to get on this waiting list. When an organization on the waiting list becomes eligible, Microsoft sends out an e-mail with a link to download the sync client.

The new sync client will be a smaller download at about 10MB. IT pros can deploy it across their organization. They can set up the default sync folder storage locations, including to local storage or to removable media, and they can block syncing if wanted. End users don't need to have administrative privileges for installing updates with the new sync client.

Microsoft mentioned some good news about the new OneDrive for Business sync client. When broadly released, it will no longer have current limits, such as the 20,000-file sync limit. In addition, file sizes will be expanded from the present 2GB limit to 10GB. However, during the preview period, the original limits will be in effect.

Organizations that have already synced their OneDrive for Business files don't have to perform a resyncing operation. The new sync client "will simply take over the syncing functions on the device maintaining your settings and use the existing sync folder," Moore explained.

The new OneDrive for Business sync client will now "talk" with the consumer OneDrive client, according to Moore.

"We've taught it to speak both OneDrive for Business and OneDrive consumer protocols," Moore explained. "It's now smart about using Azure Active Directory credentials to connect to OneDrive for Business in addition to the Microsoft account it supports today for the OneDrive consumer service."

Browser and Mobile Client
In addition to using the sync client, OneDrive for Business is accessible via a browser or a mobile app.

In a browser, it's now easier for end users to toggle between a list view and a tile view of OneDrive for Business-stored files. Microsoft placed common actions, such as "preview, edit, share and delete," on the toolbar, but those commands also can be accessed in a browser by right-clicking on a folder or file.

The new OneDrive for Business Web experience was described by Douglas Pearce, principal group program manager for OneDrive, in this video. The browser-based OneDrive for Business now supports file drag-and-drop operations. Users can select all files now. They can get file history information, including a list of users that shared access to a file. It's possible to create a link to a document and then share that link. End users can set expiration times on those links, if wanted.

Pearce added that the classic OneDrive for Business browser experience will still be available via a link in the browser. However, Microsoft plans to remove that link in "early 2016."

On the mobile client side, Microsoft added the ability to make files stored using One Drive for Business accessible offline. However, this new offline capability is just available for Android mobile apps right now. A parachute icon designates that the files can be accessed offline.

The iOS mobile client for OneDrive for Business is getting a new "flower" touch interface, per a video presentation by Omar Shahine, partner group program manager for OneDrive Mobile. Users press and hold their finger on a file or folder and they will see available commands pop up in a petal-like fashion. In addition, the iOS mobile client now supports marking annotations on top of PDF files, which get synced up to OneDrive cloud storage automatically.

Data Loss Prevention
Microsoft on Wednesday began rolling out DLP capabilities for its OneDrive for Business and SharePoint Online services. DLP is Microsoft's scheme for protecting files and messages that may contain sensitive information, such as credit card numbers and Social Security numbers. The service uses metadata to flag potential violations in content. It scans files both at rest and in transit.

The DLP service is already available for Exchange, the Outlook e-mail client and the Web-based Outlook client, plus Office 2016, as well as individual Office apps, but now it has been expanded.

It's not clear exactly when DLP will be available for OneDrive for Business and SharePoint Online. Microsoft's announcement indicated that the DLP service will show up in "your Office 365 Compliance Center in the coming weeks." It's just available for the "premier enterprise SKUs."

With DLP, organizations get full audit logs, according Asaf Kashi, principal group program manager for information protection, in a video. Every sharing incident will generate a report, he added. DLP comes with templated rules out of the box that IT pros can use to help ward off potential sharing violations. End users get a notification if they're doing something wrong, and IT pros can customize that notice.

Microsoft is creating APIs for its software partners to use in their reporting systems for use with the DLP service. In addition, Microsoft has enabled a new incident management reporting process via a DLP connector to Dynamics CRM, Kashi said.

Microsoft's announcement described what's coming next for DLP for OneDrive for Business and SharePoint Online. Organizations will be able to create exceptions based on locations or conditions. They'll be able set up an action that will encrypt content. A "document fingerprinting" capability will be added, among other details. It's not clear when those improvements will arrive.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

comments powered by Disqus
Most   Popular