OneDrive for Business & SharePoint: Complete Guide to Files, Sync, and Sharing

OneDrive for Business vs. SharePoint: The Core Question

Every Microsoft 365 organization must answer: what goes in OneDrive and what goes in SharePoint? The answer determines collaboration patterns, governance requirements, and the user experience for millions of employees.

OneDrive for Business: Personal cloud storage for each licensed user. Files are owned by the individual, primarily for personal work files and drafts. Can be shared with colleagues, but the owner controls access.

SharePoint: Team and organizational storage for content that belongs to the team, department, or company. Files are owned by the team (via SharePoint site/document library). Governed by site permissions, not individual ownership.

Decision Matrix

| Content Type | OneDrive | SharePoint |

|-------------|---------|-----------|

| My personal drafts and work-in-progress | ✅ | ❌ |

| Team project documents | ❌ | ✅ |

| Department-wide policies and procedures | ❌ | ✅ |

| Files I'm working on alone before sharing | ✅ | Either |

| Files requiring concurrent team collaboration | ❌ | ✅ |

| My archived files I don't share | ✅ | ❌ |

| Content that survives if I leave the company | ❌ (risk) | ✅ |

| Meeting notes from my 1:1 meetings | ✅ | ❌ |

| Meeting notes from team meetings | ❌ | ✅ |

| My personal training materials | ✅ | ❌ |

OneDrive for Business Storage Allocation

Default Storage

• Microsoft 365 Business Basic/Standard/Premium: 1TB per user
• Microsoft 365 E3/E5: 1TB per user (expandable with Storage add-on)
• SharePoint Online: 1TB per tenant + 10GB per licensed user

Expanding Storage

For individuals who need more than 1TB:

```powershell

# Increase OneDrive storage quota for a specific user

Connect-SPOService -Url "https://contoso-admin.sharepoint.com"

Set-SPOSite -Identity "https://contoso-my.sharepoint.com/personal/jsmith_contoso_com" `

-StorageQuota 5120 # 5TB in MB (5 × 1024)

# Set default storage quota for all new users

Set-SPOTenant -OneDriveStorageQuota 5120

```

For large organizational needs, SharePoint Storage add-on: $0.20/GB/month.

OneDrive Sync Client Configuration

The OneDrive sync client (built into Windows 10/11 and macOS) syncs OneDrive and SharePoint files to local devices.

Group Policy Configuration for Enterprise

Configure the OneDrive sync client via Group Policy (ADMX templates available at Microsoft Download Center):

Key enterprise settings:

```

[HKCUSOFTWAREPoliciesMicrosoftOneDrive]

Silently sign in users = 1 (use Azure AD credentials automatically)

EnableGPOSync = 1

DisablePersonalSync = 1 (prevent consumer OneDrive.com usage on work accounts)

AllowTenantList = {your-tenant-id} (only sync your tenant, not personal accounts)

FilesOnDemandEnabled = 1 (cloud-only files, downloaded on access)

KFMOptInWithWizard = {tenant-id} (prompt users to move Desktop/Documents/Pictures to OneDrive)

KFMSilentOptIn = {tenant-id} (silently move known folders without user interaction)

```

Known Folder Move (KFM)

Known Folder Move automatically redirects Desktop, Documents, and Pictures to OneDrive. This is the single biggest OneDrive adoption driver — users don't have to change behavior, their files are just automatically backed up.

```powershell

# Enable KFM silently via Group Policy or Intune

# Intune: Configuration Policy → Settings catalog → OneDrive → Silently sign in users + KFM

# Group Policy: Computer Configuration → Policies → Administrative Templates → OneDrive

$regPath = "HKLM:SOFTWAREPoliciesMicrosoftOneDrive"

New-Item -Path $regPath -Force | Out-Null

Set-ItemProperty -Path $regPath -Name "KFMSilentOptIn" -Value "{your-tenant-id}" -Type String

Set-ItemProperty -Path $regPath -Name "KFMSilentOptInWithNotification" -Value 1 -Type DWord

```

Sync Exclusions

Configure what NOT to sync (saves bandwidth and local storage):

```powershell

# Block sync for specific SharePoint document libraries

Set-SPOTenant -BlockSyncClientRestriction $true

Add-SPOHubToHubAssociation # ...

# Via Group Policy: Set-ItemProperty to configure sync exclusions

$regPath = "HKCU:SOFTWAREMicrosoftOneDriveExcludedFileTypes"

# Exclude .tmp, .log, and .cache files from sync

Set-ItemProperty -Path $regPath -Name "*.tmp" -Value 1

Set-ItemProperty -Path $regPath -Name "*.log" -Value 1

```

Sharing Configuration

Personal Sharing from OneDrive

Users can share OneDrive files in three ways:

• Specific people: Share with named users (internal or external) — recommended for sensitive files
• People in your organization: Generates link accessible to all licensed users
• Anyone with the link: Anonymous sharing — generates a link that can be forwarded

Controlling Anonymous Sharing

```powershell

# Disable anonymous (anyone) links at tenant level

Connect-SPOService -Url "https://contoso-admin.sharepoint.com"

Set-SPOTenant -SharingCapability ExistingExternalUserSharingOnly

# Options: Disabled, ExistingExternalUserSharingOnly, ExternalUserSharingOnly, ExternalUserAndGuestSharing

# Set link expiration for anonymous links (7 days)

Set-SPOTenant -RequireAnonymousLinksExpireInDays 7

# Restrict external sharing to specific domains

Set-SPOTenant -SharingDomainRestrictionMode AllowList `

-SharingAllowedDomainList "partner1.com partner2.com"

```

Sharing Best Practices for Users

Train users on the least-privilege sharing principle:

• Default to "Specific people" links — not "Anyone"
• Set expiration dates on all external sharing links
• Review your OneDrive "Shared" view quarterly — revoke links no longer needed
• Never share your entire OneDrive root with anyone — share individual folders or files

OneDrive for Mobile Access

OneDrive Mobile App Configuration

For enterprise mobile use, configure via Intune App Protection Policies (APP):

• Require PIN: Yes (6-digit PIN minimum)
• Block screenshots: Yes for iOS, where supported
• Require managed device: Optional, based on BYOD policy
• Block save to personal storage: Yes (prevent saving company files to iPhone Camera Roll)
• Allow copy/paste from managed to unmanaged apps: Block or allow based on policy

Intune App Protection Policy for OneDrive

```

Policy Name: OneDrive for Business - APP Policy

Platform: iOS, Android

Protected Apps: OneDrive, SharePoint, Teams, Outlook

Settings:

• Data transfer: Only to other managed apps
• Cut/Copy: Restricted to managed apps
• Encryption: When device is locked
• Minimum OS version: iOS 16+, Android 13+
• Require PIN after inactivity: 30 minutes

```

OneDrive Versioning and Recovery

Version History

OneDrive retains up to 500 versions of any file by default. Users can restore any prior version:

• Web: Right-click file → Version history → Restore
• Desktop client: Right-click file → Version history
• PowerShell: Get-PnPFileVersion (for SharePoint) / via Graph API for OneDrive

Recycle Bin

Deleted files go to the First-stage Recycle Bin (93 days). After 93 days, they move to the Second-stage Recycle Bin (admins only). Files permanently deleted after a total of 186 days.

```powershell

# Admin: Restore file from user's Recycle Bin

Connect-SPOService -Url "https://contoso-admin.sharepoint.com"

# List deleted items in user's OneDrive

Get-SPODeletedSite | Where-Object { $_.Url -like "*jsmith*" }

# Restore specific file (requires SPO Admin)

Restore-SPODeletedSite -Identity "https://contoso-my.sharepoint.com/personal/jsmith_contoso_com"

```

OneDrive for Business Backup

Microsoft provides native OneDrive backup via Microsoft 365 Backup (add-on service):

• Point-in-time restore up to 180 days
• Granular restore (individual files, folders, or full account)
• Protection against ransomware and accidental mass deletion

Without the backup add-on, only the 93-186 day recycle bin provides recovery protection.

Managing OneDrive When Employees Leave

When an employee is terminated or leaves, their OneDrive must be managed:

```powershell

# Grant manager access to departing employee's OneDrive

Connect-SPOService -Url "https://contoso-admin.sharepoint.com"

$userOneDriveUrl = "https://contoso-my.sharepoint.com/personal/jsmith_contoso_com"

$managerEmail = "[email protected]"

Set-SPOUser -Site $userOneDriveUrl `

-LoginName $managerEmail `

-IsSiteCollectionAdmin $true

# Grant access for 180 days (default OneDrive retention after account deletion)

```

Lifecycle process:

• IT is notified of employee separation (automated via HR system → Power Automate)
• Manager receives automated notification with link to access employee's OneDrive
• Manager has 30 days to transfer critical files to a SharePoint site
• After 30 days, OneDrive is set to read-only
• After 180 days, OneDrive is deleted (files go to admin recycle bin for 93 additional days)

OneDrive Admin Reports and Monitoring

```powershell

# Get OneDrive usage report for all users (via Graph API)

Connect-MgGraph -Scopes "Reports.Read.All"

Invoke-MgGraphRequest `

-Method GET `

-Uri "https://graph.microsoft.com/v1.0/reports/getOneDriveUsageAccountDetail(period='D30')" `

-OutputFilePath "C:ReportsOneDrive-Usage-30days.csv"

```

Key metrics to monitor monthly:

• Inactive accounts: Users who haven't accessed OneDrive in 90+ days (may indicate low adoption or departed user)
• Storage usage by user: Identify accounts approaching quota limit
• Sync issues: Users with sync errors (via OneDrive Health Dashboard in Admin Center)
• Sharing links created: Track anonymous link creation for DLP purposes

OneDrive vs. SharePoint for Teams: Practical Guidance

When Teams creates a channel, SharePoint files tab and document library are created automatically. These SharePoint files should NOT be moved to individual OneDrives.

| Scenario | Right Location | Why |

|---------|---------------|-----|

| Draft I'm writing alone, not ready to share | OneDrive | Personal work space |

| File I'm collaborating on with 2+ people | SharePoint (Teams) | Shared access, no single owner |

| File I'll share externally after completion | OneDrive OR SharePoint | SharePoint preferred for governance |

| Project deliverables | SharePoint | Survives team member changes |

| My personal reference documents | OneDrive | No team access needed |

| Company-approved templates | SharePoint | Company-owned, not personal |

Conclusion

OneDrive for Business and SharePoint serve complementary roles in the Microsoft 365 ecosystem. Clear guidance for users on what goes where — enforced by governance policies, training, and default configurations — determines whether your organization gets the full value of both platforms.

EPC Group configures OneDrive and SharePoint environments for enterprise organizations, including Known Folder Move deployment, sync governance, sharing policies, and lifecycle management. Contact us for a Microsoft 365 files governance assessment.