To operate OneDrive safely, local clients can be configured. Likewise, administrators can use group policies for control. In the Group Policy Management Console, you can find the Windows # OneDrive Configuration # Administrative Administration # Components settings. Following are the various setting options for controlling OneDrive available.
With the CMDlet Set-SPOTenantSyncClientRestriction, administrators can control the restrictions on file synchronization centrally with OneDrive for Business. For example, to block synchronization of certain Office files, the following commands are available: "Set-SPOTenantSyncClientRestriction -ExcludedFileExtensions" pptx; docx; xlsx ". More about controls available on TechNet, but if you want to encrypt files in To transfer cloud, additional tools are needed.
Save the encrypted data
To save encrypted data, two CryptSync and BoxCryptor tools make sense. More about these two tools are explained in the contribution "Open source encryption for the cloud with CryptSync" and "Dropbox Encryption with Boxcryptor Classic".
This instruction also allows encryption with OneDrive. Another possibility is further local file and copy encryption. We also explain this in detail in the article "Encrypt and tear files with AxCrypt".
Encryption with Open Source: Cryptomator
With the Cryptomator open source tool, files can be encrypted in cloud storage from Windows and Mac machines. The developer also provides versions for iOS and Android. After installation on clients, such as PCs, the tool must first be allowed to access the Internet.
After starting the tool, Vault was first created to store encrypted data. This is a file provided by this tool as a container for data storage. Warehouse is included as a network drive in Windows Explorer. Whatever file is copied will encrypt the tool. Closing Cryptomator also removes drives from Windows Explorer. Only users who have access to an account can access it.
If a directory includes Cryptomator as a vault created in a directory that in turn is synchronized with OneDrive or OneDrive for Business, data can be synchronized in the cloud. In turn, this can only be accessed through a computer with the cryptomator installed. Here vault is integrated and can be opened with a saved password.
By combining Cryptomator with OneDrive, data can be stored safely in the cloud. If vault is synchronized to another computer, it can be opened using the Add New Vault wizard. In Cryptomator settings you can specify which drive letters and WebDAV ports are used by tools to connect network drives.
Encrypt containers with tools
Even tools like 7-Zip or VeraCrypt can store encrypted files. This can also be stored in the OneDrive synchronization directory and hence encrypted in the available cloud. Of course, these files cannot be opened online, but only after downloading to a computer with the appropriate tool.
OneDrive and SharePoint 2019
For some time, users have been able to synchronize SharePoint libraries online with OneDrive clients locally on their PC with Windows. With SharePoint 2019, this feature is now also possible in your own data center. With the OneDrive client, users can synchronize team and library pages. For cellular users or at headquarters, this makes it possible to work offline with files from SharePoint. Here, the same tools can be used locally like when using OneDrive for Business in Office 365 or OneDrive in a Microsoft account.
As in Office 365, OneDrive for Business can be used in SharePoint 2019 through web portals, as clients on PC and Mac, but also from smartphones. The OneDrive interface in SharePoint 2019 is the same as Office 365. Smartphones, tablets and PCs allow users to synchronize individual directories or all SharePoint libraries quickly and easily. In addition, the new SharePoint Mobile Application will be released with SharePoint 2019.
Access control of the watched folder
Starting with Windows 10 version 1709, directories on computers can be protected from ransomware. This also applies to directories that synchronize to OneDrive or OneDrive for Business. For this "monitored folder access" is activated. After that, only approved applications can make changes to the files in the stored folder, including the encryption tools discussed here.
Settings can be made locally in Windows 10 settings, through the new Windows Defender Security Center, at PowerShell, or through Group Policy. To do this, a new ADMX file must be imported.
New options for Viewing Folder Access are available from Computer Configuration #Policy #Administrative Templates # Windows Components # Windows Defender Antivirus # Guard Exploit Windows Defender # Access the Watched Folder. Here you can configure which folders to protect, which applications are allowed to make changes, and whether monitored folder modes only monitor or block changes. In general, "Windows Defender Exploit Guard" also provides additional settings that better protect Windows 10 computers from attackers.