Allow syncing only on computers joined to specific domains

To make sure that users sync OneDrive files only on managed computers, you can configure OneDrive to sync only on PCs that are joined to specific domains.

##To allow syncing only on PCs joined to specific domains


These settings apply to SharePoint sites as well as OneDrive. In a multi-geo environment, this setting can be configured separately for each geo location to apply to users with that preferred data location.

  1. Go to Settings in the SharePoint admin center{:target="_blank"}, and sign in with an account that has admin permissions for your organization.


    If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center and open the Sharing page.

  2. Select Sync.

    Sync settings in the SharePoint admin center

  3. Select the Allow syncing only on computers joined to specific domains check box.

  4. Add the GUID of each domain for the member computers that you want to be able to sync.


    Make sure to add the domain GUID of the computer domain membership. If users are in a separate domain, only the domain GUID that the computer account is joined to is required.


    This setting is only applicable to Active Directory domains. It does not apply to Microsoft Entra domains. If you have devices that are only Microsoft Entra joined, consider using a Conditional Access Policy instead. For details, see Enable conditional access support in the OneDrive sync app.

  5. Select Save.

For info about setting this sync app restriction by using PowerShell, see Set-SPOTenantSyncClientRestriction.

For information about blocking or limiting access to SharePoint and OneDrive content from unmanaged devices, see SharePoint and OneDrive unmanaged device access controls for administrators.