Wiping OneDrive Files on BYOD

Cyberflake 101 Reputation points
2022-04-26T15:23:28.95+00:00

Wiping OneDrive Files on BYOD

Scenario:
An employee leaves the company and the Admin proceeds with the offboarding procedures.
All users permanently work remotely with BYOD and keeps their devices if they were to leave the company.
ODFB is essential for all users.
All users are on Business Premium subscription and native AAD and Win10/11Prof.

Issue:
(https://learn.microsoft.com/en-us/microsoft-365/admin/add-users/delete-a-user?view=o365-worldwide)
Important! If the deleted user used a personal computer to download files from SharePoint and OneDrive, there's no way for you to wipe those files they stored on their computer. They will continue to have access to any files that were synced from OneDrive.

Questions:
Besides signing of I.P. acknowledgement forms, what's the Admin's options to make sure business ODFB data is removed from the device, either manually(remotely), or automatically?
The Admin currently completes the offboarding process, one of the tasks is obviously deleting the User Account. But shouldn't there be trigger somehow which wipes synchronized files (from SharePoint Online libraries) to be automatically removed from the device ? I understand that the current File Explorer function of right-clicking on a synced file and then choosing "Free up space" and then Signing out of OneDrive are technically a method of removing the files directly on the local machine but remotely in a sustainable way ?

What are the Admin's options?

Please refer to the Microsoft Representative response pertaining to this issue here:
https://answers.microsoft.com/en-us/msoffice/forum/all/wiping-onedrive-files-on-byod/ee744064-7a39-447f-bf01-6113bb17b2c3

Please refer to the Microsoft Feedback Portal here for the upvote here:
https://feedbackportal.microsoft.com/feedback/idea/b257adc0-3c9a-ec11-a81c-000d3a0f04fc

Thank you.

OneDrive Management
OneDrive Management
OneDrive: A Microsoft file hosting and synchronization service.Management: The act or process of organizing, handling, directing or controlling something.
1,136 questions
Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
8,222 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Reza-Ameri 16,836 Reputation points
    2022-04-27T14:26:50.687+00:00

    In case you are using MEM, you have option to remotely wipe the device and it is like fresh install Windows and it will remove all data and reinstall Windows. Take a look at the following website:
    https://learn.microsoft.com/en-us/mem/intune/remote-actions/devices-wipe
    Normally it is recommended to apply DLP or Information Protection policies so they won't access to data when you revoke their permission. When they are connected with OneDrive, they could copy and paste it somewhere else.
    In case you have remote access to the PowerShell in the device, you may perform a PowerShell command to manually delete the folder too.

  2. Cyberflake 101 Reputation points
    2022-04-28T20:17:04.26+00:00

    @Ceasar Chen_MSFT
    Thank you for your test and suggestions. Remote triggering of execution of "Free up space" would've help I guess.

    @Reza-Ameri
    And in conjuntion with configured DLP to prevent access, to ODFB files on the local machine, would bring this full circle I think.

    Yes, one thing also to consider is the ability to prevent copying files outside of ODFB.

    Thank you all.

    0 comments