The use of personal accounts for OneDrive synchronization must be disabled.
An XCCDF Rule
Description
<VulnDiscussion>OneDrive provides access to external services for data storage, which must be restricted to authorized instances. Enabling this setting will prevent the use of personal OneDrive accounts for synchronization.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-230564r918123_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Configure the policy value for User Configuration >> Administrative Templates >> OneDrive >> "Prevent users from syncing personal OneDrive accounts" to "Enabled".
Group policy files for OneDrive are located on a system with OneDrive in "%localappdata%\Microsoft\OneDrive\BuildNumber\adm\".
Copy the OneDrive.admx and .adml files to the \Windows\PolicyDefinitions and \Windows\PolicyDefinitions\en-US directories respectively.