Users must be prevented from configuring personal OneDrive accounts.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-71331 | DTOO604 | SV-85955r3_rule | Medium |
| Description |
|---|
| This policy setting allows you to prevent users from configuring a personal OneDrive account on the machine. If users had previously added a personal OneDrive account to the machine they will be shown an error the next time that they start the client. |
| STIG | Date |
|---|---|
| Microsoft OneDrive for Business 2016 Security Technical Implementation Guide | 2020-03-23 |
Details
| Check Text ( C-71731r3_chk ) |
|---|
| Note: It is important to load the OneDrive ADMX/L templates under the DISA GPO Baseline Package under the ADMX Templates\OneDrive NextGen in order to view and set the settings appropriately. The DISA GPO Baseline Package can be downloaded from the DoD Cyber Exchange. Verify the policy value for User Configuration -> Administrative Templates -> OneDrive -> "Prevent users from configuring personal OneDrive accounts" is set to "Enabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\SOFTWARE\Microsoft\OneDrive Criteria: If the value DisablePersonalSync is REG_DWORD = 1, this is not a finding. |
| Fix Text (F-77643r2_fix) |
|---|
| Set the policy value for User Configuration -> Administrative Templates -> OneDrive -> "Prevent users from configuring personal OneDrive acccounts" to "Enabled". |