Spo Onedrive Security and Backup Best Practices

To keep your OneDrive files safe and secure, follow these best practices. Always use a strong password and enable two-factor authentication to protect your account.

OneDrive offers automatic backups of your files, but it's essential to regularly review and update your backup settings. This ensures that your most important files are safely stored in the cloud.

You can also set up OneDrive to automatically back up specific folders, such as your desktop or documents folder. This way, you can rest assured that your essential files are always up-to-date and secure.

OneDrive's encryption technology, such as BitLocker and Azure Active Directory, provides an additional layer of security for your files.

To set up OneDrive with rclone, start by running rclone config, which will guide you through an interactive setup process. This will involve getting a token from Microsoft, which you'll need to do in your browser.

The process of getting a token can be a bit tricky, especially if you're not used to working with remote setups. Fortunately, rclone runs a webserver on your local machine to collect the token, which only runs from the moment it opens your browser to the moment you get back the verification code.

The webserver is accessible at http://127.0.0.1:53682/, so be sure to unblock it temporarily if you're running a host firewall. Once you've obtained the token, you can continue with the setup process.

After configuring OneDrive, you can use rclone to access your files. By default, rclone uses a shared Client ID when talking to OneDrive, but you can specify a custom client_id in the config if you need to.

If you're using OneDrive Business, be aware that the steps for OneDrive Personal may not work due to security settings. You may need to verify your account or limit the App to your organization only.

Here are some ways to specify the root folder ID for OneDrive:

OneDrive gets deleted after you leave the organization, which can be a major issue if you have important documents stored there. This is because OneDrive is tied to your user ID, and once you're no longer with the company, your account is deleted in 30 days.

SharePoint sites, on the other hand, do not belong to any individual and are owned by the company as a whole. This makes them a much safer bet for storing important documents.

OneDrive allows modification times to be set on objects accurate to 1 second, which helps detect whether objects need syncing or not.

For OneDrive syncing, modification times are a crucial factor in determining what needs to be updated.

OneDrive Personal, OneDrive for Business, and SharePoint Server support QuickXorHash, a type of hash that's used for syncing.

SHA1 was the default hash for OneDrive Personal before rclone 1.62, but it's being phased out in favor of QuickXorHash starting from July 2023.

To select SHA1 during the transition period, you can use the --onedrive-hash-type flag or the hash_type config option if it's essential for your workflow.

For all types of OneDrive, you can use the --checksum flag to ensure accurate syncing.

Delta is a game-changer for data management, especially when using rclone with OneDrive.

Setting the "--onedrive-delta" flag in rclone can greatly speed up recursive listings, making it a big performance win if nearly all your data is under rclone's root directory.

Using delta listing API only works at the root of the drive, so if your data is mostly not under the root, using this flag will be a big performance loss.

If you're mounting your OneDrive at the root (or near the root when using crypt) and using rclone rc vfs/refresh, it's recommended to use the delta flag.

The delta flag is not set as the default, and it's not suitable for all cases.

Here are the details about the delta flag:

In OneDrive, you can customize your file and folder settings to suit your needs.

You can choose to sync your files to your computer or mobile device, or even set up a shared folder to collaborate with others.

OneDrive allows you to create a folder hierarchy by creating subfolders within folders, making it easy to organize your files.

You can specify the root folder ID to access a particular folder in OneDrive, especially when you can't get there through a path traversal. This isn't normally needed, but it's an option in special circumstances.

The root folder ID is a string that you can configure in the settings. You can also set it as an environment variable, RCLONE_ONEDRIVE_ROOT_FOLDER_ID.

Here are the ways to set the root folder ID:

This setting is optional, so you only need to use it if you have a specific reason to do so.

File sizes are an important consideration when working with OneDrive. The largest allowed file size is 250 GiB for both OneDrive Personal and OneDrive for Business.

This means you have plenty of space to store large files. However, it's worth noting that this limit is the same for both personal and business accounts, so you don't have to worry about different limits depending on your account type.

Path Length is an important consideration when working with cloud storage. The entire path, including the file name, must contain fewer than 400 characters for OneDrive, OneDrive for Business, and SharePoint Online.

If you're encrypting file and folder names with rclone, you'll want to pay attention to this limitation, as encrypted names are typically longer than the originals.

When working with large file collections, it's essential to consider the number of files that can be stored in a single folder. OneDrive seems to be okay with at least 50,000 files in a folder.

Rclone, however, may experience issues listing the directory when it reaches 100,000 files, resulting in an UnknownError.

You'll want to be mindful of this limit to avoid errors and ensure smooth performance with Rclone.

Live Photos uploaded from iOS are stored in .heic files.

The iOS OneDrive app introduced upload and storage of Live Photos in 2020, but unfortunately, the usage and download of these uploaded Live Photos is still work-in-progress.

This introduces several issues when copying, synchronising and mounting – both in rclone and in the native OneDrive client on Windows.

The root cause can easily be seen if you locate one of your Live Photos in the OneDrive web interface, where you'll notice the size of the downloaded .heic file is smaller than the size displayed in the web interface.

The downloaded file is smaller because it only contains a single frame (still photo) extracted from the Live Photo (movie) stored in OneDrive.

These recopies can be worked around by adding --ignore-size.

The different sizes will also cause rclone check to report size errors and rclone mount to fail downloading with an error.

Disabling versioning can be a bit tricky, but it's a great way to streamline your workflow. Starting October 2018, users can no longer disable versioning by default due to a Microsoft update.

If you're an admin, you can change the default setting by running PowerShell commands. This involves installing a module, importing it, connecting to your SharePoint service, and setting the tenant to false.

Here are the steps to disable versioning for normal users:

If you're using OneDrive, you can also disable versioning by following these steps. Just remember to restore the versioning settings after using rclone to upload or modify files.

You can't share files in OneDrive without permission, as everything is private by default. This means you need to share specific files or folders if you want others to access them.

The options for sharing are the same whether you use the Copy Link command or the Share option, and they're divided into four types of links.

Here are the four types of links you can generate:

People with existing access is a more secure option, as it doesn't grant any extra privileges to the content. This is useful when you need to share a link with someone, but want to maintain control over who can access it.

The Anyone with the link option is convenient, but it's also a bit of a security risk, as you won't know who's accessing the content or modifying it. This is why it's grayed out in SharePoint by default.

OneDrive is a great option for backing up important documents on your PC, allowing you to replicate what you have in SharePoint in your Windows Explorer.

I've blogged about OneDrive sync in the past, and it's a game-changer for keeping your files safe.

Backing up important documents is crucial, especially when you're leaving an organization. OneDrive accounts are tied to your user ID and can be deleted after 30 days if you leave the organization, so it's essential to move or copy those documents to SharePoint before you go.

You can use OneDrive for Business to replicate your SharePoint files in your Windows Explorer, making it easier to manage and back up your documents. This feature is particularly useful if you have a lot of files to keep track of.

To ensure you don't lose important documents, consider setting the "hard_delete" flag on your OneDrive account. This will permanently delete files instead of sending them to the recycle bin, but be cautious as this feature is only available for OneDrive for Business and SharePoint document libraries.

Here are the ways to configure the "hard_delete" flag:

By taking these steps, you can rest assured that your important documents are safely backed up and easily accessible, even after you leave an organization.

File size and hash mismatches can be a real headache, especially when trying to back up and secure your files.

This issue is known to affect Sharepoint, not OneDrive or OneDrive for Business, and causes file size and hash checks to fail.

Silently modified files, mainly Office files, are the culprit behind this problem.

These files are silently modified by Sharepoint, leading to inconsistencies in file sizes.

Disabling file size and hash checks can be a solution, but it's not always the best option.

To disable these checks, use the command line arguments provided.

Alternatively, if you have write access to the affected files, you can try fixing the issue by opening the files in the OneDrive web interface.

This will convert the files to a format that no longer triggers the size discrepancy.

Once all problematic files are converted, you'll no longer need to use the ignore options.

Storing content in OneDrive for Business can be a privacy risk, especially if you're working on sensitive information that you don't want to share with others.

If you only need to share a document with 1-2 colleagues, storing it in OneDrive can be a convenient option to avoid setting up separate permissions or folders.

However, storing content in OneDrive for Business can also lead to data loss if the document is deleted or corrupted, which can happen if you're working on a draft proposal and accidentally delete it.

OneDrive for Business may not be the best choice if you need to store content that requires unique folder permissions, as it can be a hassle to set up and manage.

OneDrive is accessible in both Microsoft 365 Home and Business plans, making it a convenient option for users. Business plans typically offer more storage space than Home plans.

There are differences in features between Home and Business plans. Business plans generally include additional features such as advanced sharing controls, file recovery, and compliance options. These features can be beneficial for businesses that require more control over their data.

If you're using a Business plan, you'll likely have more integration options with other business tools. This can help streamline your workflow and make it easier to manage your files.

Here's a summary of the main differences between Home and Business plans:

When choosing between OneDrive Home and Business plans, you'll need to consider a few key differences. Business plans typically offer more storage space than Home plans.

Storage is a major consideration, and OneDrive Business plans usually provide a significant boost in storage capacity. This is especially important if you have a large collection of files or need to store a lot of data.

OneDrive Business plans also include additional features that can be a big plus for businesses. These features include advanced sharing controls, file recovery, and compliance options.

While both Home and Business plans integrate with Microsoft 365 apps, the depth of integration might vary. Business plans typically support more integrations with other business tools.

Here's a quick comparison of the key differences between OneDrive Home and Business plans:

An account can enter an unlicensed state when an administrator deletes it or removes a license like Office 365 E3 or E5 from the account.

This usually happens when an account is no longer needed or when a user leaves the organization.

The account will then move to Microsoft 365 Archive after 90 days, unless the tenant decides to manage it.

This means the tenant has to link Microsoft 365 Archive to an Azure subscription to pay for ongoing storage and restore operations.

Storage costs $0.05 per month per gigabyte while retrieval costs $0.60 per gigabyte.

Both OneDrive and SharePoint have tight integration with Teams, allowing for seamless collaboration and file sharing. Documents stored in Teams are automatically stored on an associated SharePoint site, making it easy to access and share files with your team.

OneDrive offers personal and business accounts for all your file storage needs, providing ample storage space to meet your requirements. It seamlessly integrates with Microsoft 365 applications, enhancing user productivity and allowing easy access and editing of files within Word, Excel, and PowerPoint.

SharePoint features include team sites and communication sites, enabling businesses to create organized spaces for project collaboration, intranet portals, and company-wide communication. It provides powerful document libraries and lists for organized data storage and management, with features like version control, metadata management, and customizable views.

Here's a comparison of OneDrive and SharePoint features:

If you're trying to decide between SharePoint and OneDrive, it's essential to understand their key differences in features.

SharePoint is designed for team and project collaboration, intranet, and advanced document libraries with metadata and customizable views for efficient organization.

OneDrive, on the other hand, is better suited for personal and business file storage, with simple file storage and basic folder structures.

Here's a feature comparison table to help you understand which platform may better suit your specific business needs:

This table highlights the key differences between SharePoint and OneDrive, helping you make an informed decision about which platform to use for your specific business needs.

Integration with Teams is seamless, thanks to the tight integration with OneDrive and SharePoint.

OneDrive and SharePoint have a strong connection with Teams, allowing for smooth document sharing and storage.

Documents stored in Teams are actually stored on an associated SharePoint site, making it easy to access and collaborate on files.

Storing documents during personal chats in Teams sends them straight to OneDrive for Business, making it simple to keep work and personal files separate.

SharePoint offers team sites and communication sites, enabling businesses to create organized spaces for project collaboration and company-wide communication. It integrates seamlessly with other Microsoft 365 services to enhance productivity and collaboration.

SharePoint provides powerful document libraries and lists for organized data storage and management, with features like version control, metadata management, and customizable views. This allows businesses to efficiently organize and manage files.

OneDrive is primarily a personal file storage and sharing service, but it also offers business accounts with additional features. Key functionalities include personal and business accounts, file storage and sharing, file synchronization and offline access, and integration with Microsoft 365 applications.

Here are the key features of SharePoint:

SharePoint excels in team collaboration, with features like team sites, document libraries, and co-authoring capabilities. OneDrive, on the other hand, is better suited for individual file sharing and basic collaboration.

Here's a comparison of the key differences between SharePoint and OneDrive:

SharePoint offers advanced version control and history, while OneDrive has basic version control. SharePoint also provides enterprise-level security features, including access controls, data loss prevention, and compliance options.