OneDrive is a very convenient and secure Microsoft solution for hosting and sharing business data. If a user has a license that includes the OneDrive service, he/she gets a minimum of 1TB OneDrive storage and the ability to access files on SharePoint. It can access files shared with it via SharePoint or other users’ OneDrive sites and make changes as permitted. It has the highest level of authority on its own OneDrive. For some institutions, the problem starts here.
Due to the company’s internal policies or general regulations, it is necessary to control the content uploaded by the user to the OneDrive site even preventing them entirely. In this case, making the user’s own OneDrive access read-only can be a definite and practical solution. Unfortunately, there is no option in the Admin Center or in a different interface to accomplish this. We can provide read-only access to the user’s own OneDrive site by running the following PowerShell commands via SharePoint Online Management Shell. We can change user access to OneDrive as read-only or blocked by changing the parameter at the end of the command.
First, you need to download and install SharePoint Online Management Shell on your computer. There are two methods to accomplish this. If you wish, you can download and install the tool from this link. Or you can complete the installation by running the following commands via Powershell.
Install-Module -Name Microsoft.Online.SharePoint.PowerShell
After completing the installation, run Powershell as administrator. Paste the following command and hit enter.
Connect-SPOService -Url https://tayfntek-admin.sharepoint.com
An authentication window will appear on the screen. Log in with your Global Admin account. You will finally be connected to the SharePoint Online Management Shell.
Note: You can obtain the URL we used in the above command by copying it from the address bar of the browser when you enter the SharePoint Admin Center.
To get the OneDrive site link of the user whose OneDrive we will make read-only, follow this path: Admin Center>>Users>>Active Users>>Example user>>OneDrive>>Get Access to files
We reach the user’s OneDrive site link as follows.
Then run the following command with this link. Thanks to the ReadOnly parameter at the end of the command, the user won’t be able to use features such as uploading files or creating new items to his/her OneDrive.
Set-SPOSite https://tayfntek-my.sharepoint.com/personal/testizmir_tayfuntech_com -LockState ReadOnly
As you can see, the upload or new item creation buttons have disappeared.
Now let’s change the parameter at the end of the command to Unlock.
Set-SPOSite https://tayfntek-my.sharepoint.com/personal/testizmir_tayfuntech_com -LockState Unlock
When we refresh the page, we see that the create new item and upload features are active again.
Finally, if we change the parameter at the end of the command to NoAccess, we see that the user is not able to access his/her own OneDrive.
Set-SPOSite https://tayfntek-my.sharepoint.com/personal/testizmir_tayfuntech_com -LockState NoAccess
In this way, you can completely avoid unsupervised uploading files in companies where users are only readers.