![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 35%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZ%3C/text%3E%3C/svg%3E)
OneDrive
A Microsoft file hosting and synchronization service.
1,322 questions
On a domain device (or any other managed device), you can use GPO or registry keys to control which tenants the user can login to. In your scenarios, it's likely easier to configure the AllowTenantList setting as detailed here: https://learn.microsoft.com/en-us/sharepoint/use-group-policy#allow-syncing-onedrive-accounts-for-only-specific-organizations
Alternatively, you can go the other route and configure BlockTenantList instead (also covered in the article above). In addition, you can also block access to Personal OneDrive accounts via the DisablePersonalSync setting.