OneDrive: Admins can configure a group policy to block specific folders from OneDrive Sync

🚨 The Signal: Admins can now block specific folders from syncing with OneDrive via Group Policy. This enhances data exfiltration prevention and allows for better control over sensitive information stored locally.

The Impact

Security teams and data owners are affected by improved data loss prevention capabilities, reducing the risk of sensitive data exposure.

• Security Teams: Reduced risk of sensitive data exfiltration.
• Data Owners: Enhanced control over where data can be stored.
• Compliance Teams: Easier attestation to data handling policies.
• IT Admins: New policy configuration required for implementation.

The Action

1. Identify sensitive folders that should not be synced to OneDrive.
2. Create or modify a Group Policy Object (GPO) for OneDrive sync settings.
3. Configure the 'Exclude specific folders from syncing with OneDrive' policy.
4. Specify the paths of folders to be blocked from syncing.
5. Deploy the GPO to relevant user or computer groups.

Impact: medium · Workload: OneDrive