Restrict creation of OneDrive for Business accounts for Users

In this guide, we’ll show you how to disable OneDrive for Business creation for users without stopping them from accessing and using SharePoint Online or the Files tab in Teams.

Many organizations who rapidly roll-out Teams before other services want to stop users from sending files using chat, and want to stop users from uploading files into their personal OneDrive. Most commonly, you will migrate a user’s data such as home drives as a project in itself.

Disable the creation of OneDrive for Business for users

To disable the creation of OneDrive for Business for users, you’ll need to follow the following steps. Note that you’ll need to do this before users start accessing OneDrive.

Learn more: How to quickly install and configure Azure AD Connect

First, navigate to the Microsoft 365 admin center at admin.microsoft.com then scroll down to Admin Centers > SharePoint.

Restrict OneDrive forBusiness accounts for users screenshot

Next, in the SharePoint Admin Center, choose More features.

SharePoint Admin Center

In the More Features section, choose User Profiles.

More features for user profiles

This will open up a new browser window. From here, choose Manage User Permissions.

Manage user permissions

A dialogue should now show in this window. In here you’ll see the settings for everyone within the organization.

Restrict for everyone

To restrict OneDrive for Business creation for everyone, you’ll need to revoke that permission on this page. Select Everyone except external users then scroll to the Permissions section and untick Create Personal Site, then choose OK:

Restrict creation of OneDrive for Business accounts for Users

Allow OneDrive for certain users or a group

If you want to allow a user or group to have OneDrive for Business, then you can add people or groups individually. If you are adding a group, this must be a Security group, not a Microsoft 365 group or Distribution Group.

In the example below, we’ll add the “Pilot Group”:

Pilot group

Next, we will select Pilot Group from the list, and then select Create Personal Site, then choose OK.

Create personal site

Within around 30 minutes these settings should take effect in Microsoft 365.

About the Author

Steve Goodman

Technology Writer and Chief Editor for AV Content at Practical 365, focused on Microsoft 365. A 12-time Microsoft MVP, author of several technology books and regular Microsoft conference speaker. Steve works at Advania in the UK as Field Chief Technology Officer, advising business and IT on the best way to get the most from Microsoft Cloud technology.

Comments

  1. Usama

    if remove Create Personal Site
    What happens to accounts that already have files that they won’t be able to access it?
    if return Do the files come back too, they have access to them?

  2. Mark R

    Hi Steve – thanks for info…however dumb question time….!

    I want to implement scenario 2 from above. Do I take any action with the existing group already there “Everyone except external users” ?

    Do I follow the guide from the 1st scenario at the same time as adding the security group ?

    Thanks!

  3. Julian Loveday

    Thanks for your guides Steve. Really helpful.

  4. Brian

    Thank you. We haven’t rolled out OneDrive yet and only a handful of people are using it, if at all. But I would like to prevent others from using it until we’re ready to deploy.

    Just curious what the expected impact would be if I created a pilot security group with these few members, and added the group at the same time I revoke for everyone else not in the group.

  5. Julie Lee

    What if vice versa. If I want a certain user to use only OneDrive, but not SharePoint Online including Teams.

  6. Suzette

    An associate of mine has been abusing there knowledge to process this type of tool to indulge in in private email my personal information has been going elsewhere and not recovering important email pertaining to my career. How can I find setting to make sure in on the correct setting to recover ractions to again full control to my personal accounts. If possible id like to seek out a meeting with you sometime to take a look into my settings to help regain possession of this.

  7. Paweł

    additionality you sould disable default sharepoint site (communication site?) for all members. i you dont do this, user can still save attachment from email and it go right away to mutual sharepoint site to new folder.

    1. Steve Goodman

      Well, no you shouldn’t necessarily do that. If you are looking to use Teams, then working and collaborating together is one core feature, and the Teams you create (or allow users to create) will naturally have a document library available for use.

      Rolling out OneDrive is of course a different prospect for many organizations.

      If you really, really, don’t want people to be able to share files, even in a governable space like a Team, then disable the SharePoint license for the user, and restrict usage of third-party file sharing.

      1. Paweł

        I agree with you that collaboration is very important but in case user save some attachment on shared space (instead of their personal onedrive) just by clicking “save on ondrive” during reading email and everyone can get access to this file is not so good.

Leave a Reply