Allow syncing only on computers joined to specific domains

To make sure that users sync OneDrive files only on managed computers, you can configure OneDrive to sync only on PCs that are joined to specific domains.

To allow syncing only on PCs joined to specific domains

Note

These settings apply to SharePoint sites as well as OneDrive. In a multi-geo environment, this setting can be configured separately for each geo location to apply to users with that preferred data location.

  1. Go to the Settings page of the new SharePoint admin center, and sign in with an account that has admin permissions for your organization.

    Note

    If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center and open the Sharing page.

    If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center and open the Sharing page.

  2. Select Sync.

    Sync settings in the SharePoint admin center

  3. Select the Allow syncing only on computers joined to specific domains check box.

  4. Add the GUID of each domain for the member computers that you want to be able to sync.

    Note

    Make sure to add the domain GUID of the computer domain membership. If users are in a separate domain, only the domain GUID that the computer account is joined to is required.

    Important

    This setting is only applicable to Active Directory domains. It does not apply to Azure AD domains. If you have devices which are only Azure AD joined, consider using a Conditional Access Policy instead.

  5. Select Save.

For info about setting this sync app restriction by using PowerShell, see Set-SPOTenantSyncClientRestriction.