![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 96%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
Microsoft 365 and Office | OneDrive | For business | Windows
A Microsoft file hosting and synchronization service.
The behavior is consistent with OneDrive treating the new file-based profile as a fresh device/profile and synchronizing deletions back to SharePoint/OneDrive when users remove files from their synced folders. In a multi-user VDI environment, this can easily lead to accidental deletion of entire libraries if users think they are only cleaning up “local” data.
To reduce the risk of this happening again, consider the following controls and mitigations from the OneDrive policy set:
- Require confirmation before deleting shared content
- Enable the OneDrive policy that prompts users to confirm when they delete shared content. This forces a warning dialog whenever a user deletes locally synced content that other users can access.
- Policy/registry setting:
-
HKLM\SOFTWARE\Policies\Microsoft\OneDrive"SharedContentDeleteConfirmation"=dword:1
-
- With this enabled, each delete of shared content requires explicit confirmation before the deletion is synced to SharePoint/OneDrive.
- Control external/B2B sync if applicable
- If users are syncing libraries or folders shared from other organizations (B2B), consider blocking this in the VDI environment so that only internal content is synced and exposed to accidental deletion.
- Policy/registry settings:
- Prevent B2B Sync:
-
HKLM\SOFTWARE\Policies\Microsoft\OneDrive"BlockExternalSync"=dword:1
-
- Restore B2B Sync:
-
HKLM\SOFTWARE\Policies\Microsoft\OneDrive"BlockExternalSync"=dword:0
-
- Prevent B2B Sync:
- Use OneDrive policies to standardize sync behavior on VDI
- Apply OneDrive Group Policy/Intune settings specifically for the Citrix/Azure VMs so that:
- Only required libraries are synced.
- Known Folder Move and Files On-Demand are configured in a way that minimizes large-scale deletions from the VDI session.
- See the OneDrive policy guidance for controlling sync behavior and Files On-Demand: Use OneDrive policies to control sync settings and Use OneDrive Files On-Demand.
- Apply OneDrive Group Policy/Intune settings specifically for the Citrix/Azure VMs so that:
- Educate users about synced folders vs. local folders
- Make clear that deleting files from a OneDrive/SharePoint-synced folder in the VDI session deletes them in the cloud as well, and that this is not just “local cleanup.”
- Combine this with the delete-confirmation policy so that users see and understand the impact.
- Recovery and monitoring
- If a library is deleted again, use SharePoint/OneDrive recycle bin and versioning to restore content. The recycle bin tracks who deleted the content via the Deleted By field, which helps identify the user/session responsible.
- When files are deleted locally in a synced folder, the delete operation is synchronized to SharePoint/OneDrive and the items move to the recycle bin, where they can be restored if caught in time.
These measures do not change the fundamental sync behavior (local deletes propagate to SharePoint/OneDrive), but they significantly reduce the chance of silent, large-scale deletions from a shared VDI environment and give administrators better control and auditability.
References: