βοΈπͺπ§βπΌπCP - OneDrive - Allow personal OneDrive
What this page is about πβ
This policy is not the default. It is also not meant for broad deployment.
Instead, this is the countermeasure to override the βοΈπͺπ§βπΌCP - OneDrive - Block personal OneDrive policy β but only for those users you explicitly allow.
Why? Because Intune applies the most restrictive setting, and if youβve applied a block policy to all users, simply removing someone from that group wonβt remove the block.
Youβll need to apply a policy that deliberately unblocks it.
Why this is necessary π€β
Letβs say:
- You block personal OneDrive sync for everyone (good!)
- The CEO wants access anyway (okay, fine π)
- You exclude the CEO from the block policy group
Still blocked.
Why? Because Intune remembers the original setting.
β‘οΈ Enter this policy:
You assign it directly to the exclusion group (π‘οΈπ§βπΌππGroup - Personal OneDrive Allowed users), and it actively says:
"Hey Intune, itβs okay β this one can use personal OneDrive."
π οΈ OneDrive Personal Account Allow Configurationβ
| Setting | State | Details |
|---|---|---|
| Block syncing of personal OneDrive accounts | Disabled | Required to override any previously assigned βEnabledβ setting |
π₯ Group Assignmentsβ
β Included groups:β
β Excluded groups:β
- (none) β only assign to those who need the exception
π‘ SuperVision Tipβ
SuperVision handles identity and group management across tenants.
This policy uses group membership β not tags β so SuperVision helps by:
- Maintaining consistent group naming across tenants
- Assigning users dynamically to:
π‘οΈπ§βπΌππGroup - Personal OneDrive Allowed users
β οΈ Be sure to:
- Document who belongs in this group
- Have written approval from the customer
- Avoid βaccidental exceptionsβ at all costs
Final Thoughts πβ
This is not a "green light for everyone" config. Itβs a targeted override used only when someone absolutely needs access to their personal OneDrive account β and you're willing to take that risk.
Use this only:
- In combination with the block policy
- With strict governance
- With the audit trail to back it up
Want control? Start here with the block policy
Want exceptions? Use this β carefully. π