question

JohannRabe avatar image
0 Votes"
JohannRabe asked JohannRabe answered

Wiping OneDrive Files on BYOD

Wiping OneDrive Files on BYOD

Scenario:
An employee leaves the company and the Admin proceeds with the offboarding procedures.
All users permanently work remotely with BYOD and keeps their devices if they were to leave the company.
ODFB is essential for all users.
All users are on Business Premium subscription and native AAD and Win10/11Prof.

Issue:
(https://docs.microsoft.com/en-us/microsoft-365/admin/add-users/delete-a-user?view=o365-worldwide)
Important! If the deleted user used a personal computer to download files from SharePoint and OneDrive, there's no way for you to wipe those files they stored on their computer. They will continue to have access to any files that were synced from OneDrive.

Questions:
Besides signing of I.P. acknowledgement forms, what's the Admin's options to make sure business ODFB data is removed from the device, either manually(remotely), or automatically?
The Admin currently completes the offboarding process, one of the tasks is obviously deleting the User Account. But shouldn't there be trigger somehow which wipes synchronized files (from SharePoint Online libraries) to be automatically removed from the device ? I understand that the current File Explorer function of right-clicking on a synced file and then choosing "Free up space" and then Signing out of OneDrive are technically a method of removing the files directly on the local machine but remotely in a sustainable way ?

What are the Admin's options?

Please refer to the Microsoft Representative response pertaining to this issue here:
https://answers.microsoft.com/en-us/msoffice/forum/all/wiping-onedrive-files-on-byod/ee744064-7a39-447f-bf01-6113bb17b2c3

Please refer to the Microsoft Feedback Portal here for the upvote here:
https://feedbackportal.microsoft.com/feedback/idea/b257adc0-3c9a-ec11-a81c-000d3a0f04fc


Thank you.

windows-11office-onedrive-client-itpro
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi, @JohannRabe
I'm working on it and will reply when there is progress.

1 Vote 1 ·
JohannRabe avatar image JohannRabe CeasarChenMSFT-3458 ·
0 Votes 0 ·

Hi, @JohannRabe
After testing, when a user account is deleted in Admin Center, the user's local OneDrive folder is not deleted. The following error message appears when connecting to the OneDrive website.
197223-image.png
If you want to delete a user's local OneDrive folder remotely, you can remotely control his computer to delete it. If you still want to automate the executions the "Free Up space" command. It is suggested you Vote-up that feedback forum thread to inform the OneDrive development team of their needs or go to OneDrive developer community


0 Votes 0 ·
image.png (58.3 KiB)
Reza-Ameri avatar image
0 Votes"
Reza-Ameri answered

In case you are using MEM, you have option to remotely wipe the device and it is like fresh install Windows and it will remove all data and reinstall Windows. Take a look at the following website:
https://docs.microsoft.com/en-us/mem/intune/remote-actions/devices-wipe
Normally it is recommended to apply DLP or Information Protection policies so they won't access to data when you revoke their permission. When they are connected with OneDrive, they could copy and paste it somewhere else.
In case you have remote access to the PowerShell in the device, you may perform a PowerShell command to manually delete the folder too.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JohannRabe avatar image
0 Votes"
JohannRabe answered

@CeasarChenMSFT-3458
Thank you for your test and suggestions. Remote triggering of execution of "Free up space" would've help I guess.

@Reza-Ameri
And in conjuntion with configured DLP to prevent access, to ODFB files on the local machine, would bring this full circle I think.

Yes, one thing also to consider is the ability to prevent copying files outside of ODFB.

Thank you all.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.