Prevent users from creating OneDrive sites

Something I run into quite frequently on projects is the need (or desire) to control the rollout of OneDrive – I’ve had to come up with creative ways to block OneDrive access multiple times over the years. However, this time around, we don’t want to block access to OneDrive completely – we just want to ensure that a OneDrive library doesn’t get created for new users through the regular Office 365 workflow. Instead, we want to make sure that OneDrive is being provisioned only when we specifically want it to. Here’s how you do it:

Step 1: Remove OneDrive Creation Permissions

In the SharePoint Admin portal, click on user profiles, then manage user permissions:

Next, uncheck the box to create Personal site:

Once this configuration setting has been updated, any new user created will not have a OneDrive library automatically provisioned. This won’t affect any users who already have a OneDrive library, it’ll only prevent Office 365 from creating OneDrive libraries. I don’t know of a way to de-provision a site, so if you already have some OneDrive users out in the wild before you’re ready for deployment, you’ll have to block access to their OneDrive sites instead.

Note that this setting only controls user actions – administrators are still able to provision OneDrive libraries using PowerShell. I’ll show how that’s done a little later.

User Experience

Any new users who log in to Office 365 once this change has been made, will simply not see any OneDrive features – the OneDrive icon will still need to be hidden from them, though. You can achieve this back in the SharePoint Admin portal, from the settings page:

However, even if a user clicks on the OneDrive icon, it takes them to their Delve page, and they will not have an icon that takes them into their own OneDrive library.

Also, if the OneDrive icon is visible in the app launcher, users will see the Office Web Apps – however, attempting to create a new document will give them an error.

In webmail, the option to save a file to OneDrive disappears:

And attaching files to email does not include OneDrive as an option:

Going into Mail Settings, Attachment Options, Storage Accounts shows a OneDrive icon, but it can’t be clicked and has no configuration options.

Provisioning OneDrive sites:

Creating these OneDrive libraries is super easy now – it used to require a custom script, but has since been added to the SharePoint Online PowerShell module using the Request-SPOPersonalSite command.

Start off by creating a simple CSV/TXT file with the User Principal Names of the users you want to create OneDrive libraries for – this cmdlet will handle up to 200 at a time, so be sure to split them out if you need to create bigger batches than that:

Import those user emails into a PowerShell variable, and then target those users with the Request-SPOPersonalSite command:

[powershell]
$users = Get-Content "C:UsersjdahlDesktopOneDriveUsers.txt"
Request-SPOPersonalSite -UserEmails $users
[/powershell]

As soon as the site is provisioned, it shows up for the user in Office 365 exactly as expected, with all functionality enabled.

Users can create new documents with the web apps, save and open OneDrive files from webmail, and also create new documents directly from the new email window:

Quick and easy… just one more tool in our toolbelt for controlling how and when services are deployed to our users. Enjoy!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.