Table of contents

OneDrive allows multiple organizations to sync and share files. It also gives you the ability to regulate how these activities happen. If you no longer want to grant access to a specific organization, you can block it. You can also grant it access again whenever you like.

In this article, we’ll be showing you how to allow or block syncing OneDrive accounts for only specific organizations using the Registry Editor or the Group Policy Editor.

When you allow syncing for an organization, users can only sync files with the organization, and if they try to add any other organization, they’ll get an error. If they’ve added a different organization before now, its files will automatically stop syncing. You can allow that organization separately to grant it access.

If you block syncing for a specific organization, an error will show up if any user tries to add that organization. If the organization has already been added before you enable the policy, its files will automatically stop syncing.

To implement any of these policies, you need the Office 365 tenant ID of the organization you wish to block. The ID is a GUID (Global Unique Identifier), and it isn’t the same as your tenant domain or name.

Here’s how to find the tenant ID of an organization:

  1. Head to the Azure AD portal.
  2. Enter your Microsoft Azure login credentials to sign in as an administrator. Note that you must be an administrator to pull this off.
  3. Click on Azure Active Directory once you get into the Microsoft Azure portal.
  4. Go under Manage and click on Properties. You’ll find the tenant ID in the Directory ID box.

You can also use Windows PowerShell to fetch the tenant ID of an organization as long as you have the Microsoft Azure PowerShell module. Follow these steps:

  1. Launch the Microsoft Azure PowerShell command interface.
  2. Once the command window opens, run this script:

Login-AzureRmAccount

  1. Enter your Office 365 login credentials, and your tenant ID will show up in the output.

Acquiring the tenant ID is the first step. Since you’ll be making changes to the system registry or applying a group policy – depending on which method you choose to follow – it’s important that you back up the entire system registry and create a system restore point to be on the safe side in case anything goes wrong. We recommend taking these safety precautions because making changes to the system registry without a fallback plan could potentially cause permanent damage.

If you don’t know how to back up the registry and create a restore point, we’ll guide you.

Follow these steps to back up the entire system registry:

  1. Right-click on the Start button and click on Run or tap the Windows and R keyboard buttons together to summon the Run dialog window.
  2. After Run opens, type “regedit” into the text box and click on OK.
  3. After that, click on Yes in the User Account Control pop-up.
  4. Once the Registry Editor opens, click on File.
  5. Under File, click on Export.
  6. In the Export Registry File dialog, browse to the folder where you wish to save the file and enter a name for it in the File Name box. Make sure “registration files (*.reg)” is selected in the “Save as type” drop-down menu.
  7. Select All under “Export range”, and then hit the Enter button or click on Save.
  8. To restore the registry with the file you just exported, click on File in the Registry Editor window, select Import, and then navigate to the folder where you exported the backup file and load it.

Follow these steps to create a system restore point:

  1. Go to the search box in your taskbar. If the search box isn’t already open, press the Windows and S keyboard buttons simultaneously or click on the magnifying glass in the taskbar.
  2. Type “create a restore point”, and then click on the first search result.
  3. Once you see the System Properties dialog window, go to Protection Settings and click on Create.

Note: If the Create button is greyed out, click on Configure and select the radio button for “Turn on system protection” once a new dialog window pops up. Click on OK.

  1. Under “Create a restore point”, type a description for the restore point you want to create into the provided box and click on Create.
  2. Windows will now create a restore point and will let you know if it has been created successfully.

Now that you’re done with the preliminaries, it’s time to get on with the main business. We’ll first show you how to use the Registry Editor to allow or block syncing OneDrive accounts for only specific organizations and then show you how to use the Group Policy Editor to do that.

How to allow syncing OneDrive accounts for only specific organizations using the Registry Editor

  1. Right-click on the Start button and click on Run or tap the Windows and R keyboard buttons together to summon the Run dialog window.
  2. After Run opens, type “regedit” into the text box and click on OK.
  3. After that, click on Yes in the User Account Control pop-up.
  4. Once the Registry Editor opens, go to the left pane and open the HKEY_LOCAL_MACHINE folder.
  5. Next, expand SOFTWARE.
  6. Open Policies under SOFTWARE.
  7. After that, expand Microsoft, then click on the OneDrive key.

Note: If you don’t see OneDrive under Microsoft, then right-click Microsoft and select New >> Key. Rename the new key OneDrive.

  1. Right-click on OneDrive and select New >> Key.
  2. Since you’re allowing syncing for a specific organization, rename the new key “AllowTenantList”.
  3. Next, right-click on AllowTenantList and select New >> New String Value. Use the tenant ID of the organization as the name for the new string value.
  4. Now right-click on the new string value to edit it.
  5. Once the Edit String Value dialog window opens, enter the tenant ID of the organization in the Value Data box, and then click on OK.

How to block syncing OneDrive accounts for only specific organizations using the Registry Editor

  1. Right-click on the Start button and click on Run or tap the Windows and R keyboard buttons together to summon the Run dialog window.
  2. After Run opens, type “regedit” into the text box and click on OK.
  3. After that, click on Yes in the User Account Control pop-up.
  4. Once the Registry Editor opens, go to the left pane and open the HKEY_LOCAL_MACHINE folder.
  5. Next, expand SOFTWARE.
  6. Open Policies under SOFTWARE.
  7. After that, expand Microsoft, then click on the OneDrive key.

Note: If you don’t see OneDrive under Microsoft, then right-click Microsoft and select New >> Key. Rename the new key OneDrive.

  1. Right-click on OneDrive and select New >> Key.
  2. Since you’re blocking syncing for a specific organization, rename the new key “BlockTenantList”.
  3. Next, right-click on BlockTenantList and select New >> New String Value. Use the tenant ID of the organization as the name for the new string value.
  4. Now right-click on the new string value to edit it.
  5. Once the Edit String Value dialog window opens, enter the tenant ID of the organization in the Value Data box, and then click on OK.

How to allow syncing OneDrive accounts for only specific organizations using the Group Policy Editor

  1. Right-click on the Start button and click on Run or tap the Windows and R keyboard buttons together to summon the Run dialog window.
  2. After Run opens, type “gpedit.msc” into the text box and click on OK.
  3. Once the Group Policy Editor opens, go to the left pane of the window and expand Administrative Templates under Computer Configuration.
  4. Under Administrative Templates, click on OneDrive.
  5. Now go to the middle pane and double-click on “Allow syncing OneDrive accounts for only specific organizations”.
  6. In the dialog window that shows up, select Enabled.
  7. After that, go to the Options section and click on the Show button next to Tenant ID.
  8. Now enter the tenant ID of the organization in the Value box and click on OK.

How to block syncing OneDrive accounts for only specific organizations using the Group Policy Editor

  1. Right-click on the Start button and click on Run or tap the Windows and R keyboard buttons together to summon the Run dialog window.
  2. After Run opens, type “gpedit.msc” into the text box and click on OK.
  3. Once the Group Policy Editor opens, go to the left pane of the window and expand Administrative Templates under Computer Configuration.
  4. Under Administrative Templates, click on OneDrive.
  5. Now go to the middle pane and double-click on “Block syncing OneDrive accounts for only specific organizations”.
  6. In the dialog window that shows up, select Enabled.
  7. After that, go to the Options section and click on the Show button next to Tenant ID.
  8. Now enter the tenant ID of the organization in the Value box and click on OK.

Conclusion

It’s important to note that you can’t apply both policies to a specific organization at the same time. If you enable the “Block syncing OneDrive accounts for only specific organizations” policy, you have to disable “Allow syncing OneDrive accounts for only specific organizations”, and vice versa.

Remember that policies alone will not keep your system safe. Malicious programs downloaded from the Internet can infiltrate your system and cause significant damage to it and its components, including OneDrive. Hackers can use these programs to steal sensitive data, which can be used later to practice extortion.

To prevent any of that from happening, make sure you’re protected by a competent malware removal tool such as Auslogics Anti-Malware. The program will beef up your security, as it can work alongside other major antivirus programs.