Block non-compliant devices from syncing corporate data using OneDrive

Block non-compliant devices from syncing corporate data using OneDrive

For some organizations there is a concern when deploying OneDrive for Business that users will access corporate data from their personal device. I completely understand you!

To address those concerns, it is possible to restrict OneDrive so that it only synchronizes files to domain-joined computers. Normally in this case a policy named “Allow syncing only on PCs joined to specific domains” would be activated in the OneDrive admin module. Jobs DONE!


HOWEVER, you will limit your policy to only include Domain joined or hybrid joined devices.

If you somehow are changing from old school management to the new and more modern management and would like to sync your OneDrive data and use features like known folder backup of desktop, documents and pictures. This is prohibited if this policy has been applied. This is what you get:


Not really what you wanted?

How do we prohibit OneDrive sync from happening outside your organization on devices not managed?

Conditional Access comes to the rescue.

Go to your endpoint manager console

Devices –> Condition Access –> Add

Name: Block non-compliant device from OneDrive Sync


Always, when configuring CA, start small and when working as intended, add more users.



As OneDrive uses same engine as SharePoint, we will choose “Office 365 SharePoint Online” as selected app




As we do not want to block if users are traveling or at home, we will block defined on “Device state”. To access OneDrive your device will need to be either Hybrid domain joined or Compliant. This also means that we need to have Intune in place.






Save your CA and test that it works as intended. Now I have 2 virtual machines, one compliant and one non-compliant.


From a non-compliant windows device:



From a non-compliant mobile device (iOS) (text in Danish clip_image001)


However, you have the possibility here to gain access if you let Intune manage your device.

From a compliant Windows Device





Happy testing! Winking smile

Table of Contents

Share this post
Search blog posts
Modern Workplace consultant and a Microsoft MVP in Enterprise Mobility.
Modern Workplace consultant and a Microsoft MVP in Windows and Devices for IT.

Infrastructure architect with focus on Modern Workplace and Microsoft 365 security.

Passionate IT professional with 20+ experience in IT architecture, consulting, and design. 

Cloud & security specialist with focus on Microsoft backend products and cloud technologies.

Cloud & Security Specialist, with a passion for all things Cybersecurity

Cloud and infrastructure security specialist with background in networking.

Infrastructure architect with focus on design, implementation, migration and consolidation.

Infrastructure consultant with focus on cloud solutions in Office365 and Azure.

follow us in feedly

Follow on SoMe