How to Manage Permissions in OneDrive for Business
Managing permissions in OneDrive for Business is crucial for protecting sensitive business data while promoting collaboration. Proper permissions management is especially important for businesses that have recently migrated to Microsoft 365.
This guide will take you through the essential steps and best practices for configuring and managing permissions within OneDrive for Business. From controlling access to specific files and folders to understanding your options for sharing, we’ll help you achieve just the right balance between security and usability.
Understanding Permissions in OneDrive for Business
With Microsoft 365, users have OneDrive for Business for all file storage, sharing, and team collaboration purposes in a highly secure cloud environment. It is specifically used for individual file storing and sharing purposes, whereas SharePoint, on the other hand, targets larger-scale teams or corporate-level collaborations. Users can control each file or folder access control at whatever level they can, thereby giving users flexibility in personal as well as shared content.
The main permission levels in OneDrive for Business include the following:
View Only: Recipients can view a file without downloading or editing.
Can View: This permission level grants read-only access but allows file downloads.
Can Edit: Users can view, edit, and collaborate on files directly.
Setting Up and Managing Permissions in OneDrive for Business
To manage permissions effectively in OneDrive for Business, follow these steps:
Open OneDrive for Business: Access OneDrive from the Microsoft 365 dashboard or by signing in directly to OneDrive for Business.
Locate the File or Folder: Navigate to the file or folder you want to share permissions on.
Click the Share Option: Right-click on the file or folder and select Share. This will open the share options where you can determine who can access the item and at what level.
Select Link Settings:
Choose Anyone with the link, People in [Organization] with the link, People with existing access, or Specific people to control who can access the link.
Anyone with the link: Let people outside your organization share the link; use this option with caution due to security purposes.
People in [Organization] with the link: Only the people within your organization will have access.
Specific people: You will be able to invite particular people and control their access one by one.
Grant Link Permissions:
After you choose a sharing option, you can further define the permission level:
View Only: Recipients are granted permission to view but cannot download, edit or share further.
Can View: Recipients can view and download files.
Can Edit: Recipients are permitted to view, download, and edit files directly.
Click Apply when you are satisfied with all of those settings.
Send the link or Manage Access:
Enter the email addresses of people you want to share with and add a message if you want. Click Send to share the link.
After sharing, you can change the access to a file or folder you have shared. Visit the Manage Access option for that particular file or folder, where you can change permissions or stop sharing it totally.
Managing Folder-Level Permissions in OneDrive for Business
Folder-level permissions in OneDrive will allow users to control access over a group of files. It is much easier to share multiple documents with the same settings. To manage folder-level permissions:
Select the Folder to Share:
Right-click on the folder and choose Share.
Set Link Permissions:
Configure the link as outlined in the steps above. When sharing a folder, all files contained in it will inherit the same permission levels by default.
Grant Access at the Folder Level:
Share the folder with users by their names and specify their permission levels. When users are shared with a folder and have edit permissions, all the files in that folder become editable for them.
Best Practices for Folder-Level Permissions
Use Folders to Share in an Organized Way: Instead of sharing dozens of files, add files to folders and then share the folder to avoid duplicate entries.
Review Folder Access: Periodically review whether folder permissions are sufficient, such as before completing a project or after switching roles.
Setting Expiration Dates and Passwords:
Make the access temporary by setting an expiration date on the shared link or add a password so that only the intended recipients can open the link.
Block Download for View-Only Links:
Share files you want others to view but NOT download. Even for view-only links, you may not want them to be able to download. To do that, go to the sharing settings and select Block Download.
OneDrive for Business allows sharing with external users (those outside your organization) by default, although the feature can be controlled by administrators at the organizational level to limit access outside.
Best Practices for Advanced Permissions
Limit Expiration Dates on External Links: Limit any external shares by using an expiration date, thus curtailing long-term exposure of sensitive files.
Password-protect highly sensitive files: If you have very sensitive files, add a password to the link so that there is an extra layer of security.
Limit external sharing to trusted contacts: Only share externally when necessary, and always verify recipients before sending links.
Regular auditing of permissions prevents unauthorized access, thus maintaining a secure OneDrive environment and ensuring the right people are accessing specific files. Some important ways to audit permissions include the following:
Review Manage Access Settings:
Review the Manage Access tab on every file and folder every so often to see who currently has access and at what level.
Use the Microsoft 365 Compliance Center:
Using the Compliance Center, you will be able to allow your admins to view and control across an organization, set alarms over high-activity events, and monitor sharing trends.
Use built-in reports: Use the native reporting tools and monitor the sharing activities that may be going on, including external sharing, so as to spot unusual access behaviors.
Best Practice in Auditing Permissions
Review access on a regular basis. You need to ensure that access levels are in place, which should occur every quarter.
Revoke access: As users’ access needs are reassessed, revoke all of their permissions if you determine they no longer require any form of access; this reduces security risks.
Configure External Sharing Alerts: Keep a watchful eye over such events with alerts about the external sharing of groups within the Compliance Center.
Summary of Best Practices for Managing OneDrive for Business Permissions
Default to Least Privilege: Always grant users the minimum rights needed by recipients.
Use Specific People for Targeted Access: Share documents with only targeted users or groups in order to have more control.
Use Advanced Security Options: Use time-sensitive expiration, passwords, and download restriction capabilities as add-ons.
Audit access permissions on a regular basis, which should keep levels up with users’ changing needs.
Educate the user in proper sharing through the usage of security best practices while accessing OneDrive Business.
Conclusion
Through these best practices and the regular auditing of permissions, businesses can ensure that the system remains as secure as it is productive for file sharing and collaboration. The right people with the right information at the right time are protected in that sensitive information will never land in the wrong hands.
Preserve Permissions When Migrating to OneDrive with CloudFuze
Avoid the hassle of reconfiguring sharing permissions when migrating to OneDrive for Business from other cloud storages like Box, Dropbox, Google Drive, ShareFile, and more. CloudFuze’s migration tool preserves permissions with internal teams as well as external collaborators when migrating user accounts and their files and folders.
Learn more about CloudFuze and their industry-leading cloud migration solutions.
