GPO settings for Office 2019 Internet Access

Question

Hello Everyone,
I have an issue with my GPO settings for Office2019. We set new security settings a couple months ago and everything works fine. Now, we have a case when one user due to a projects, needs to connect his office apps with Microsoft account. OK. I've enabled some policies and everything works. The problem is that currently, not only Connect to Microsoft Account is enabled but as well OneDrive Sign-In and Office Store. In the same policy is as well Disable One Drive Sign in and Office Store. Somehow, this doesn't work. Both additional components are still available.
Is there anyway to block everything except Microsoft Account or it is everything or nothing setting?
Thanks in advance

Answer 1

this article should be helpful
https://learn.microsoft.com/en-us/office365/troubleshoot/group-policy/block-onedrive-use-from-office

also refer to this article for additional settings available
https://learn.microsoft.com/en-us/onedrive/use-group-policy

Answer 2

Hi @DonPick

thank you for your answer. Here is how my GPO looks like:

But still One Drive and Office Store are visible in the Connected Services.

The only difference I see is that you have additional Administrative Policies for One Drive. Maybe I have to download it again although I thought, that the current settings should be sufficient.

Thanks

Answer 3

Now let’s walk through the steps to restrict internet access using group policy. I’m going to assume you already created the Organization Unit that you want to apply the policy to so we can skip that part.

If you would rather watch how this is configured, there is a video demo at the bottom of this article.

Open up Group Policy Management Console (GPMC).
Create a New Group Policy Object and name it Restrict Internet Access.
Edit and navigate to: User Configuration -> Preferences -> Windows Settings -> Registry and create a New Registry Item.
There are 4 registry items we need to create/update: ProxyEnable, ProxyServer, ProxyOverride, AutoDetect
The EnableProxy key will check the box to force the browser to use the proxy settings.

Under the General Tab for the New Registry Properties:
Action: Update. This will also create the reg key if it doesn’t exist.
Hive: HKEY_CURRENT_USER
Key Path: SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Value Name: ProxyEnable
Value Type: REG_DWORD
Value Data: 1
Base: Hexadecimal
Repeat the same steps to create an additional registry item. The ProxyServer will point to the localhost, 127.0.0.1.

Action: Update.
Hive: HKEY_CURRENT_USER
Key Path: SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Value Name: ProxyServer
Value Type: REG_SZ
Value Data: 127.0.0.1:80
The next reg key will allow you to bypass the proxy server and let you view sites. Typically, you should allow your own domain name so the users can gain access to internal links and any sub-domains if applicable.

Action: Update.
Hive: HKEY_CURRENT_USER
Key Path: SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Value Name: ProxyOverride
Value Type: REG_SZ
Value Data: *theSysadminChannel.com; <local>theSysadminChannel.com; <local>
The last registry item will disable/uncheck the “Automatically Detect Settings” part.

Action: Update. This will also create the reg key if it doesn’t exist.
Hive: HKEY_CURRENT_USER
Key Path: SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Value Name: AutoDetect
Value Type: REG_DWORD
Value Data: 0
Base: Hexadecimal

Answer 4

Hi @Vicky Wang

I think you've posted in the wrong question.

Answer 5

Hi,@Borislav Vitanov

I'm very sorry, I may have misunderstood what you mean. This article is for your reference, and I hope I can help you.
reference:https://thesysadminchannel.com/how-to-restrict-internet-access-using-group-policy-gpo/
Hope this information can help you
Best wishes
Vicky