Restrict OneDrive access by security group
Some features in this article require Microsoft Syntex - SharePoint Advanced Management
You can use the restricted access control policy for OneDrive to allow only users in specified security groups to access OneDrive. Even if other users outside of these security groups are licensed for OneDrive, they won’t have access to their own OneDrive or any shared OneDrive content.
You can use this to prevent oversharing of OneDrive content. For example, you can restrict OneDrive access to your users, preventing guests from accessing any OneDrive content even if it's shared with them.
Requirements
To access and use this feature, your organization must have one of the following subscriptions:
- Microsoft Syntex - SharePoint Advanced Management
- Office 365 E5/A5
- Microsoft 365 E5/A5
Enablement
To enable this feature:
Go to Access control in the SharePoint admin center, and sign in with an account that has admin permissions for your organization.
Select Restrict OneDrive access.
Select Restrict OneDrive access to only users in specified security groups.
Add the security groups (maximum of 10) you want to be able to use OneDrive.
Select Save.
Note
Users who aren't included in the security groups you added will lose access to their own OneDrive and any shared OneDrive content.
Audit events
Audit events are available in Microsoft Purview compliance portal to help you monitor restricted access control activities. Audit events are logged for the following activities:
- Enabled Restricted OneDrive access and sharing
- Disabled Restricted OneDrive access and sharing
Related topics
Feedback
Submit and view feedback for