Restrict OneDrive for Business to Domain-joined Computers

Conditional Access for OneDrive can be configured multiple ways, but it’s not a part of the new Azure AD Conditional Access experience, there’s also lacking an option to restrict devices that can synchronize files in the new OneDrive Admin Center (, but there are several other options worth looking into.

If you would like to restrict OneDrive to only synchronize files on Domain Joined computers you will either need Microsoft Intune with the classic portal, this feature does not exist in the new Azure Experience – or it can be configured with SharePoint Online Management Powershell module. In order to configure OneDrive for Business “Conditional Access” with PowerShell do the following:

Step 1:

Find your Domains ObjectGuid, if you have multiple domains make sure to include all ObjectGuids and separate by commas.

To find your Domains ObjectGuid run the following command in Powershell, specify your on-premise domain:

Get-ADDomain -Identity | Select-Object ObjectGuid


Step 2:

Install the SharePoint Online Management Shell

Run in PowerShell: Connect-SPOService -Url (make sure to replace Office365Tenant with your tenants name). You will then be prompted to specify Credentials. The least privileges required is Service Administrator for SharePoint Online.

Run: Set-SPOTenantSyncClientRestriction -Enable -DomainGuids <ObjectGuid>


Leave a Reply

Your email address will not be published. Required fields are marked *