Summary
This article explains how to setup Microsoft OneDrive categories to restrict what the user is allowed to do namely downloading, and uploading.
Note: Implementing this solution will only work on the web client, it will not work with OneDrive applications.
Solutions
The following will outline the procedure of how to set up custom categories to block downloading or uploading files in OneDrive.
- Create a new custom category in Guardian > Policy objects > Categories, named for the service you are blocking, for example, OneDrive Uploads.
- Add the following to URL patterns block the service:
- To block downloads:
(files\.1drv\.com\/.*download)
- To block uploads:
(onedrive\.com.*\.createUploadSession)
Tip: If required, you can add both URLs above to a single custom category to block all OneDrive services
- Add the newly created custom category to the Decrypt and inspect policy in Guardian > HTTPS inspection > Manage policies.
- If one does not exist, create a new HTTPS inspection policy with the OneDrive custom category selected as the What, and Decrypt and inspect as the Action.
- Create a new web filter policy (Guardian > Web filter > Policy wizard) with the following attributes:
- Who Everyone*
- What Choose the custom category created in step 1
- Where Everywhere*
- When Always*
- Action Block
Make sure the Enable Policy option is selected.
*You should change these based on your organisational needs.